The DfE technical guidance and its content is intended for internal use by the DfE community.

DNS

Domain names are normally maintained by the Infrastructure Operations team. They own a number of AWS route53 zones, including:

• education.gov.uk and *.education.gov.uk: default zones for DfE domains

• *.service.gov.uk for public beta and live services linked from gov.uk. Example: find-postgraduate-teacher-training.service.gov.uk or apply-for-teacher-training.service.gov.uk

Service Now

First a normal request is required to assign an engineer to the task and define the change window. Then a change request is raised to detail the implementation plan.

Normal request

Raise it in the Service Now portal portal:

• Request something
• Categories: Non-standard
• Any other request
• Short description: Describe briefly the purpose of the request and mention it’s a route53 domain change
• Click “I confirm that the above results aren’t relevant to my request”
• Working from: Select either Home or Office
• Category: Non-standard
• Description: Add the technical detail according to examples below. Explain the time schedule constraints and ask for an engineer to be assigned.
• Business service: Shared IT core services
• Service offering: Amazon Web Services

The call queue manager on duty then assigns it to an Engineer who has availability. The engineer will reach out to work and confirm scheduling.

Change request

Raise it in the ITIL Service Now portal, under Change > Create New.

• Select ‘Normal change’
• Complete:
  • Requested by: Your name
  • Environment: Production
  • Service Offering: Amazon Web Services
  • Category: Network/DNS/Firewall Maintance
  • Implementation Group: Infrastructure and Network Operation
  • Implementer: The operations engineer assigned above
  • Short description: Used as title for the change
  • Description: Describe the purpose, the implementation and the potential impact on services
  • In the multiple tabs section:
    • Planning - Complete sections using the information from the normal request above. Add the current DNS configuration in the backout plan.
    • Schedule - Provide dates
  • Under ‘Related Links’, complete the ‘Complete risk assesment’

Request templates

Example: create a CNAME record service123.education.gov.uk pointing to domain service123.azurewebsites.net:

Please create the following record in DNS zone education.gov.uk:
service123.education.gov.uk IN CNAME service123.azurewebsites.net

Example: create an A record service456.education.gov.uk pointing to IP address 10.11.12.13:

Please create the following record in DNS zone education.gov.uk:
service456.education.gov.uk IN A 10.11.12.13

Example: create a TXT record _87fa63d9b0fbe.education.gov.uk with value 0e8193849.tfmgdnztqk.validate-example.net :

Please create the following record in DNS zone education.gov.uk:
_87fa63d9b0fbe.education.gov.uk IN TXT _87fa63d9b0fbe.education.gov.uk

Optionally ask to set the TTL on the record. The default is 300s (5 min). Be careful with long TTL as mistakes may create longer outages.

Request zone

Please create a new DNS zone called service123.service.gov.uk

Once submitted, the Infrastructure Operations team will contact you for more information, including a risk assessment and a rollback plan.

Official service.gov.uk domains

The GOV.UK proposition lays out what should get a service.gov.uk domain. In the DfE, we interpet that as follows:

• If a service is actively targeting the use of itself by externals (including schools and local authorities) then it should be a part of service.gov.uk
• Services should be assessed internally if they’ll have fewer than 100K transations, by an external GDS assessment if they’ll have more than 100K transactions
• If a service is available publicly but targets internals (including contracted suppliers), or if it’s private (for example an intranet, or an IP restricted extranet) then it can be on education.gov.uk or anything else we wish to use

During alpha and private beta phases, services usually run under the education.gov.uk domain. When a service passes the public beta assessment, it should get an official service.gov.uk domain and a start page.

As documented, we need to:

• Create a new DNS zone <service>.service.gov.uk. Example: apply-for-teacher-training.service.gov.uk
• Take note of the name servers. Example:

  % dig +short ns apply-for-teacher-training.service.gov.uk
  ns-1034.awsdns-01.org.
  ns-1700.awsdns-20.co.uk.
  ns-736.awsdns-28.net.
  ns-485.awsdns-60.com.

• Send the request to GDS by emailing govuk-enquiries@digital.cabinet-office.gov.uk or hostmaster@digital.cabinet-office.gov.uk. Mention the desired zone name and the name servers.
• GDS will then set up delegation from their zone service.gov.uk
• Create the required subdomains <subdomain>.<service>.service.gov.uk. Example: www.apply-for-teacher-training.service.gov.uk
• Domains for test environments may also be created as subdomains. Example: staging.apply-for-teacher-training.service.gov.uk

Start page

Each service must have a start page on GOV.UK website, which briefly describes the service and let the user navigate to the service under the mandatory service.gov.uk domain. The GOV.UK Design System has documentation on the ‘start using a service’ pattern which describes the different options.