Skip to main content

The DfE technical guidance and its content is intended for internal use by the DfE community.


Domain names are normally maintained by the Infrastructure Operations team. They own a number of AWS route53 zones, including:

Service Now

First a normal request is required to assign an engineer to the task and define the change window. Then a change request is raised to detail the implementation plan.

Normal request

Raise it in the Service Now portal portal:

  • Request something
  • Categories: Non-standard
  • Any other request
  • Short description: Describe briefly the purpose of the request and mention it’s a route53 domain change
  • Click “I confirm that the above results aren’t relevant to my request”
  • Working from: Select either Home or Office
  • Category: Non-standard
  • Description: Add the technical detail according to examples below. Explain the time schedule constraints and ask for an engineer to be assigned.
  • Business service: Shared IT core services
  • Service offering: Amazon Web Services

The call queue manager on duty then assigns it to an Engineer who has availability. The engineer will reach out to work and confirm scheduling.

Change request

Raise it in the ITIL Service Now portal, under Change > Create New.

  • Select ‘Normal change’
  • Complete:
    • Requested by: Your name
    • Environment: Production
    • Service Offering: Amazon Web Services
    • Category: Network/DNS/Firewall Maintance
    • Implementation Group: Infrastructure and Network Operation
    • Implementer: The operations engineer assigned above
    • Short description: Used as title for the change
    • Description: Describe the purpose, the implementation and the potential impact on services
    • In the multiple tabs section:
      • Planning - Complete sections using the information from the normal request above. Add the current DNS configuration in the backout plan.
      • Schedule - Provide dates
    • Under ‘Related Links’, complete the ‘Complete risk assesment’

Request templates

Example: create a CNAME record pointing to domain

Please create the following record in DNS zone IN CNAME

Example: create an A record pointing to IP address

Please create the following record in DNS zone IN A

Example: create a TXT record with value :

Please create the following record in DNS zone IN TXT

Optionally ask to set the TTL on the record. The default is 300s (5 min). Be careful with long TTL as mistakes may create longer outages.

Request zone

Please create a new DNS zone called

Once submitted, the Infrastructure Operations team will contact you for more information, including a risk assessment and a rollback plan.

Official domains

The GOV.UK proposition lays out what should get a domain. In the DfE, we interpet that as follows:

  • If a service is actively targeting the use of itself by externals (including schools and local authorities) then it should be a part of
  • Services should be assessed internally if they’ll have fewer than 100K transations, by an external GDS assessment if they’ll have more than 100K transactions
  • If a service is available publicly but targets internals (including contracted suppliers), or if it’s private (for example an intranet, or an IP restricted extranet) then it can be on or anything else we wish to use

During alpha and private beta phases, services usually run under the domain. When a service passes the public beta assessment, it should get an official domain and a start page.

As documented, we need to:

  % dig +short ns

Start page

Each service must have a start page on GOV.UK website, which briefly describes the service and let the user navigate to the service under the mandatory domain. The GOV.UK Design System has documentation on the ‘start using a service’ pattern which describes the different options.