DNS Solutions — Advanced Permissions for Security Policies

As simple as it may seem on the surface, the domain name system (DNS) is quite complex. And, as shown in countless incidents over the years, it’s also a common cause for outages. Just one simple misconfiguration can cause a “storm” of epic proportions for your organization.

For this very reason, accountability was a top priority when Constellix first went into development in 2014. Springboarding off 22 years of laser-focused DNS experience and real customer feedback, the creators of Constellix designed the platform to incorporate an advanced permissions-based solution that puts security first and fits the policy needs of enterprise-level organizations. This blog covers DNS permissions in Constellix, as well as why this feature is vital to any business with an online presence.

And who doesn’t have an online presence these days?

Red Tape in IT: DNS Policies and Procedures You Need

Anyone who has worked on an IT team understands the frustrations that come with a lot of red tape. It can make your job about as fun and productive as watching paint dry.

As a writer, I have my own “red tape” to deal with. I suppose everyone does to some extent or another. While some policies are really nothing but meaningless bureaucracy, there are procedures that are worthy of following, no matter how inconvenient.

And let’s be honest.

Discovering a typo in a blog after it’s been published is embarrassing, but a typo in a DNS record, well, that’s another story entirely-it can literally crash your domain.

DNS Permissions: How Constellix Makes it Easy For Organizations to Comply With Industry Standards and Avoid Costly Mistakes

What makes Constellix permissions so special?

As a Constellix client, you can configure permissions per user and role. But the coolest part is that you can choose what type of privileges each user has:

Read Only




Account administrators have the option of setting default permissions, which will be applied to every user added to the account. Permissions can then be modified for each member individually, according to need or role.

But you can get even more precise.

Domain Permissions: An MSP’s Dream

This means that users signing into your Constellix account will only see the domains they specifically work with. While other providers also let you manage domains in bulk, they don’t have the ability to restrict access on a domain-by-domain basis, let alone have such user-based customization options.

Constellix’s permission options solve this common dilemma.

Not only does this help MSPs stay compliant with Soc 2 and ISO 27001 standards, it’s an invaluable tool for preventing errors and maintaining the integrity of unique DNS configurations.

: When setting default permissions, we recommend setting privileges that would be appropriate for most users. This will help avoid mistakes that could be made before administrators can customize each user.

Advanced DNS Permissions for IT Teams

1. DNS Record Pools

DNS record pools are an important part of any load balancing configuration. In Constellix, you can restrict access to pools configured in your account and can even get as specific as which type of record. For example, if one of your team members only works with AAAA (IPv6) records, you can give them privileges for only AAAA record pools. The same goes for A (IPv4) and CNAME/ANAME pools. Access can also be different for each pool in a record configuration. You also have the option to give a user the same access for all pools in each record category.

2. Geo Proximity

Permissions can also be customized for our Geo Proximity solution, which helps optimize resolution accuracy and speed. As with pools, privileges can be set per user and further narrowed down by rule. For instance, if you have 10 Geo Proximity rules configured for one domain, but you only want “testuser2” to have access to the “test” rule, you can choose to change the privileges for “test” to the desired permission level. “None” is the default for all rules, so customizing by rule is quick and easy. You can also set the same permission for all Geo Proximity rules if you want a team member to have the same access to all of them.

3. IP Filters

IP filtering is an advanced GeoDNS solution in Constellix that gives administrators more control over their domain traffic, including balancing and blocking web traffic based on location. Like Geo Proximity and Pool permissions, IP filter privileges can be configured by domain, user, and per individual rule. If you want to give a user the same access to all IP filter rules, you can easily set a blanket permission for all of them or customize access for each rule you’ve created for a specific domain.

For each of the above options, you can also choose whether a user can add or delete configurations.

Note: The privileges at the top right of either permissions window reflect the Default Permissions that have been set for your account. If you haven’t configured default permissions, it will automatically be set to “none.”

The Main Policies Involving DNS

ISO 27001 Standards

Soc 2 Compliance

DNS Permissions Recap

Related Topics What is Soc 2 Compliance?

Want to learn more? Schedule a demo today and see what Constellix can do for yourself! Our DNS experts will customize your experience based on the unique needs of your organization.

Originally published at https://constellix.com.

Constellix is a traffic management suite offering advanced DNS hosting and network monitoring services. Start optimizing your online performance today!