DNS Setup

Why we do not recommend whitelisting CNAMEs and IP address

IP allocations for cloud services are, by design, ephemeral. It is not recommended that whitelisting be performed by IP address range, but rather by the domain name. This ensures that any changes to IP addresses will allow the services to remain available without opening a large range of IP addresses needed for cloud-based environments. Currently, the Mason platform is hosted out of the us-west-2 region of AWS. The entire list of possible ranges can be found by using all us-west-2 allocated ranges from this list provided by AWS: https://ip-ranges.amazonaws.com/ip-ranges.json. However, additional regions may be used in the case of a regional fail-over or future regional load balancing. Also, as we depend on third-party services to provide our service, we do not have ultimate control of the IP addresses used for all dependent services. At this time, it is not feasible to provide a list of static IP addresses that will be used."

App Name Domain Port Notes
Mason Platform & API platform.bymason.com
api.bymason.com
login.bymason.com
443
443
443
AWS S3 mason-registry-production.s3.amazonaws.com 443
Auth0 bymason.auth0.com 443
Pushy mqtt.pushy.me
1883
Applicable to Mason OS v2.9.0 and lower
Pushy ssl://mqtt-XXX.pushy.io:443
  - *.pushy.me:443
  - *.pushy.io:443
443
443
443
Applicable to Mason OS v2.10.0 and higher
Reference: https://support.pushy.me/hc/en-us/articles/360043864611-What-firewall-rules-ports-IPs-are-needed-for-devices-to-connect-to-Pushy-
Pushy static-ip-bymason.pushy.me (18.215.116.185) 80, 443, 8883 Applicable to Mason OS v2.10.1 (limited to Mason I3399A device)
Used for organizations with strict firewall requirements.
Firebase/Crashlytics *.crashlytics.com
  - e.crashlytics.com
  - settings.crashlytics.com
  - reports.crashlytics.com
443
443
443
443
Android NTP Server 2.android.pool.ntp.org 123

Still need help? Contact Us Contact Us