for DNS you still need to have "power user" role as Orion user to do so. Currently there is no dependency for DNS and IP address limitation. We are aware of it and want to bring unified limitation settings in the future.
I have the same issue. I just installed 4.3.1 and see nothing has changed. Not being able to restrict users to just creating/deleting A and CNAME DNS records in specific subnets really, really limits the usefulness of this tool. Having to grant Orion Admin rights where they can create and modify users seems utterly inappropriate! We are trying to restrict their ability to modify things, not grant the "keys to the kingdom"!