DNS Solutions - Advanced Permissions for Security Policies

As simple as it may seem on the surface, the domain name system (DNS) is quite complex. And, as shown in countless incidents over the years, it’s also a common cause for outages. Just one simple misconfiguration can cause a “storm” of epic proportions for your organization. 

For this very reason, accountability was a top priority when Constellix first went into development in 2014. Springboarding off 22 years of laser-focused DNS experience and real customer feedback, the creators of Constellix designed the platform to incorporate an advanced permissions-based solution that puts security first and fits the policy needs of enterprise-level organizations. This blog covers DNS permissions in Constellix, as well as why this feature is vital to any business with an online presence. 

And who doesn’t have an online presence these days?

Red Tape in IT: DNS Policies and Procedures You Need

Anyone who has worked on an IT team understands the frustrations that come with a lot of red tape. It can make your job about as fun and productive as watching paint dry. 

I get it!

As a writer, I have my own “red tape” to deal with. I suppose everyone does to some extent or another. While some policies are really nothing but meaningless bureaucracy, there are procedures that are worthy of following, no matter how inconvenient. 

And let’s be honest. 

Discovering a typo in a blog after it’s been published is embarrassing, but a typo in a DNS record, well, that’s another story entirely—it can literally crash your domain.

DNS Permissions: How Constellix Makes it Easy For Organizations  to Comply With Industry Standards and Avoid Costly Mistakes

Constellix understands the logistical nightmare it can be for IT teams to roll out changes to existing processes or to implement new ones, especially when it comes to DNS. That’s why our permissions feature was developed in the first place—based on thousands of use cases and an obvious “hole” in the market.

What makes Constellix permissions so special?

As a Constellix client, you can configure permissions per user and role. But the coolest part is that you can choose what type of privileges each user has:

Read Only

With this privilege, a user can view any part of your Constellix account that they have access to, but can’t make any changes.

Read/Commit

With read/commit enabled, a team member can view and commit configurations for the domain, but can’t create or edit any configurations. This is especially helpful for review processes.

Read/Write

This option lets users view, create, and modify configurations for your domain, but does not let them commit changes. 

Read/Write/Commit

Enabling read/write/commit gives full access to designated zones within your Constellix account. The administrator for your domain has this privilege by default.

Account administrators have the option of setting default permissions, which will be applied to every user added to the account. Permissions can then be modified for each member individually, according to need or role.

 But you can get even more precise.

Domain Permissions: An MSP’s Dream

Constellix designed its permission features with Managed Service Providers and those with multiple domains in mind. Permissions can also be set by domain.

This means that users signing into your Constellix account will only see the domains they specifically work with. While other providers also let you manage domains in bulk, they don’t have the ability to restrict access on a domain-by-domain basis, let alone have such user-based customization options. 

Constellix’s permission options solve this common dilemma. 

Not only does this help MSPs stay compliant with Soc 2 and ISO 27001 standards, it’s an invaluable tool for preventing errors and maintaining the integrity of unique DNS configurations. 

Tip: When setting default permissions, we recommend setting privileges that would be appropriate for most users. This will help avoid mistakes that could be made before administrators can customize each user.

Advanced DNS Permissions for IT Teams

We’ve gone over the different types of privileges, including how you can set them up for each domain—but there’s still more. You can configure permissions for advanced DNS features as well. 

1. DNS Record Pools

DNS record pools are an important part of any load balancing configuration. In Constellix, you can restrict access to pools configured in your account and can even get as specific as which type of record. For example, if one of your team members only works with AAAA (IPv6) records, you can give them privileges for only AAAA record pools. The same goes for A (IPv4) and CNAME/ANAME pools. Access can also be different for each pool in a record configuration. You also have the option to give a user the same access for all pools in each record category. 

2. Geo Proximity

Permissions can also be customized for our Geo Proximity solution, which helps optimize resolution accuracy and speed. As with pools, privileges can be set per user and further narrowed down by rule. For instance, if you have 10 Geo Proximity rules configured for one domain, but you only want “testuser2” to have access to the “test” rule, you can choose to change the privileges for “test” to the desired permission level. “None” is the default for all rules, so customizing by rule is quick and easy. You can also set the same permission for all Geo Proximity rules if you want a team member to have the same access to all of them.

3. IP Filters 

IP filtering is an advanced GeoDNS solution in Constellix that gives administrators more control over their domain traffic, including balancing and blocking web traffic based on location. Like Geo Proximity and Pool permissions, IP filter privileges can be configured by domain, user, and per individual rule. If you want to give a user the same access to all IP filter rules, you can easily set a blanket permission for all of them or customize access for each rule you’ve created for a specific domain.

For each of the above options, you can also choose whether a user can add or delete configurations.

Note: The privileges at the top right of either permissions window reflect the Default Permissions that have been set for your account. If you haven’t configured default permissions, it will automatically be set to “none.” 

The Main Policies Involving DNS

As you can see, Constellix’s permission options streamline your DNS management while ensuring IT teams remain compliant with common standards in the industry. DNS procedures vary from company to company, but there are two main policies that are especially important to enterprise-level organizations: Soc 2 and ISO 27001. Let’s take a quick look at each of these.

ISO 27001 Standards

ISO/IEC 27001:2013 or ISO 27001 for short, is an international standard that guides companies on how to control the security of their assets within a management framework. If an organization holds an ISO 27001 certification, it shows third parties that the business is dedicated to protecting the data it’s entrusted with. The need for ISO 27001 compliance is growing rapidly, especially for organizations affected by GDPR, CCPA, and HIPAA regulations. 

Soc 2 Compliance

Soc 2 demonstrates that SaaS and other technology-based companies follow certain procedures that ensure the integrity and privacy of their customers’ data. Unlike ISO 27001, which must be strictly adhered to, Soc 2 is more of a guide for organizations to implement according to their own internal operations. Soc 2 compliance covers the overall supervision of a company, its regulatory and managerial processes, and external vendor management.

DNS Permissions Recap

Constellix DNS permissions give MSPs and account administrators full control over the domains they manage. We are the only DNS provider in the industry that allows you to customize permissions based on domain, user, and individual rules/configurations (or all the above) to such a highly detailed level. With Constellix, domains are not only easier to manage, but we also help domain owners maintain Soc 2 and ISO 27001 standards. DNS configurations are often complex and even the smallest mistake can lead to massive problems—from a decrease or spike in queries to full-blown outages. DNS permissions help cut down on human error and increase accountability across IT teams.

Want to learn more? Schedule a demo today and see what Constellix can do for yourself! Our DNS experts will customize your experience based on the unique needs of your organization. 

Related Topics

What is ISO 27001?

What is Soc 2 Compliance?