DNS Setup

Why we do not recommend whitelisting CNAMEs and IP address

IP allocations for cloud services are, by design, ephemeral. It is not recommended that whitelisting be performed by IP address range, but rather by the domain name. This ensures that any changes to IP addresses will allow the services to remain available without opening a large range of IP addresses needed for cloud-based environments. Currently, the Mason platform is hosted out of the us-west-2 region of AWS. The entire list of possible ranges can be found by using all us-west-2 allocated ranges from this list provided by AWS: https://ip-ranges.amazonaws.com/ip-ranges.json. However, additional regions may be used in the case of a regional fail-over or future regional load balancing. Also, as we depend on third-party services to provide our service, we do not have ultimate control of the IP addresses used for all dependent services. At this time, it is not feasible to provide a list of static IP addresses that will be used."

App Name Domain Port Notes
Mason Platform & API platform.bymason.com
Points to a load balancer that services all the GUI aspects of our platform.
Points to a load balancer that services all the backend requests that happen (wipes, heartbeats, commands, etc).
Is a CNAME (redirect) for our Auth0 tenant. When you log into platform.bymason.com you need a token from auth0.
AWS S3 mason-registry-production.s3.amazonaws.com
443 Is for downloading OTA packages.

is the cloudfront distribution for mason-registry-production.s3.amazonaws.com. It allows us to distribute to clients much faster than from S3 alone.
Auth0 bymason.auth0.com 443 Is where the devices get their auth token from (hard coded in mason-core-apps).
Pushy mqtt.pushy.me
Applicable to Mason OS v2.9.0 and lower
Used for push notifications (hard coded in mason-core-apps).
Pushy ssl://mqtt-XXX.pushy.io:443
  - *.pushy.me:443
  - *.pushy.io:443
Applicable to  Mason OS v2.10.0 and higher
Reference: https://support.pushy.me/hc/en-us/articles/360043864611-What-firewall-rules-ports-IPs-are-needed-for-devices-to-connect-to-Pushy-
Used for push notifications (hard coded in mason-core-apps).
Pushy static-ip-bymason.pushy.me ( 80, 443, 8883 Applicable to Mason OS v2.10.1 (limited to Mason I3399A device)
Used for organizations with strict firewall requirements.
Firebase/Crashlytics *.crashlytics.com
  - e.crashlytics.com
  - settings.crashlytics.com
  - reports.crashlytics.com

Used for device diagnostics and crash reports (hard coded in mason-core-apps).
Android NTP Server 2.android.pool.ntp.org 123 Used for keeping time. If the time on a device drifts too much, auth tokens won’t be valid. (hard coded in mason-core-apps).

Still need help? Contact Us Contact Us