DNS Setup
Why we do not recommend whitelisting CNAMEs and IP address
IP allocations for cloud services are, by design, ephemeral. It is not recommended that whitelisting be performed by IP address range, but rather by the domain name. This ensures that any changes to IP addresses will allow the services to remain available without opening a large range of IP addresses needed for cloud-based environments. Currently, the Mason platform is hosted out of the us-west-2 region of AWS. The entire list of possible ranges can be found by using all us-west-2 allocated ranges from this list provided by AWS: https://ip-ranges.amazonaws.com/ip-ranges.json. However, additional regions may be used in the case of a regional fail-over or future regional load balancing. Also, as we depend on third-party services to provide our service, we do not have ultimate control of the IP addresses used for all dependent services. At this time, it is not feasible to provide a list of static IP addresses that will be used."
| App Name | Domain | Port | Notes |
| Mason Platform & API | platform.bymason.com api.bymason.com login.bymason.com |
443 443 443 |
Points to a load balancer that services all the GUI aspects of our platform. Points to a load balancer that services all the backend requests that happen (wipes, heartbeats, commands, etc). Is a CNAME (redirect) for our Auth0 tenant. When you log into platform.bymason.com you need a token from auth0. |
| AWS S3 | mason-registry-production.s3.amazonaws.com d18atil0qfsuv.cloudfront.net |
443 | Is for downloading OTA packages. is the cloudfront distribution for mason-registry-production.s3.amazonaws.com. It allows us to distribute to clients much faster than from S3 alone. |
| Auth0 | bymason.auth0.com | 443 | Is where the devices get their auth token from (hard coded in mason-core-apps). |
| Pushy | mqtt.pushy.me |
1883 |
Applicable to Mason OS v2.9.0 and lower Used for push notifications (hard coded in mason-core-apps). |
| Pushy | ssl://mqtt-XXX.pushy.io:443 - *.pushy.me:443 - *.pushy.io:443 |
443 443 443 |
Applicable to Mason OS v2.10.0 and higher Reference: https://support.pushy.me/hc/en-us/articles/360043864611-What-firewall-rules-ports-IPs-are-needed-for-devices-to-connect-to-Pushy- Used for push notifications (hard coded in mason-core-apps). |
| Pushy | static-ip-bymason.pushy.me (18.215.116.185) | 80, 443, 8883 | Applicable to Mason OS v2.10.1 (limited to Mason I3399A device) Used for organizations with strict firewall requirements. |
| Firebase/Crashlytics | *.crashlytics.com - e.crashlytics.com - settings.crashlytics.com - reports.crashlytics.com |
443 443 443 443 |
Used for device diagnostics and crash reports (hard coded in mason-core-apps). |
| Android NTP Server | 2.android.pool.ntp.org | 123 | Used for keeping time. If the time on a device drifts too much, auth tokens won’t be valid. (hard coded in mason-core-apps). |
| |