Best Practices: NS1 Filter Chain

Put "Up" first. One of the most important things you can do is put the Up filter first. This helps you know what is working and what is not. You do not want to spend resources filtering out answers that are down.

CNAME records can only have one answer. If you have a complicated CNAME record with many different answers for traffic management or load balancing, make sure to have your last filter be Select First N. Per RFC, CNAME records can only have one answer. Hint: To test how this will affect you, create a CNAME with multiple answers and then try to resolve the record using the dig tool.

Use the "sticky" filters to ensure users are sent to the same endpoint consistently. If your traffic management needs to send users to the same endpoints consistently while still sending different users to different endpoints, use Sticky Shuffle. This filter ensures your users will always get the same DNS answer allowing them to keep local sessions.

You can only do one "Fence" or "Target" operation with one piece of metadata. Our Filter Chain only works with one piece of metadata per geographic filter, meaning you cannot use the same metadata to make decisions with two filters in the same chain. If you want to do coarse fencing or targeting, use the most coarse first, e.g. Regional then Country. You can also chain together CNAME records to enable finer filtering within the second record.

Filters require certain metadata. Make sure to put the required metadata on your answers so the filter is able to run properly. Geotarget Latlong, for example, needs latitude and longitude metadata to be present on your answers to work properly. It cannot use US State(s) or Country/countries metadata to make decisions.

ASN and Prefix Fencing is NOT a substitute for security. While these filters perform well for the vast majority of traffic (if using EDNS Client Subnet or ISP recursive resolvers), evading this block is trivial, and your business should be sure to implement more stringent checks.