/
index.html.md.erb
114 lines (83 loc) · 6.13 KB
/
index.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
---
title: DNS
---
# <%= current_page.data.title %>
<%= partial('partials/page_toc') %>
Domain names are normally maintained by the [Infrastructure Operations](/infrastructure/support/#infrastructure-operations) team. They own a number of AWS route53 zones, including:
* education.gov.uk and *.education.gov.uk: default zones for DfE domains
* *.service.gov.uk for [public beta and live services](#official-service-gov-uk-domains) linked from gov.uk. Example: [find-postgraduate-teacher-training.service.gov.uk](https://www.find-postgraduate-teacher-training.service.gov.uk/) or [apply-for-teacher-training.service.gov.uk](https://www.apply-for-teacher-training.service.gov.uk/)
## Service Now
First a normal request is required to assign an engineer to the task and define the change window. Then a change request is raised to detail the implementation plan.
### Normal request
Raise it in the [Service Now portal](https://dfe.service-now.com/serviceportal) portal:
* Request something
* Categories: Non-standard
* Any other request
* Short description: Describe briefly the purpose of the request and mention it's a route53 domain change
* Click "I confirm that the above results aren't relevant to my request"
* Working from: Select either Home or Office
* Category: Non-standard
* Description: Add the technical detail according to examples below. Explain the time schedule constraints and ask for an engineer to be assigned.
* Business service: Shared IT core services
* Service offering: Amazon Web Services
The call queue manager on duty then assigns it to an Engineer who has availability. The engineer will reach out to work and confirm scheduling.
### Change request
Raise it in the [ITIL Service Now](https://dfe.service-now.com/) portal, under Change > Create New.
* Select 'Normal change'
* Complete:
* Requested by: Your name
* Environment: Production
* Service Offering: Amazon Web Services
* Category: Network/DNS/Firewall Maintance
* Implementation Group: Infrastructure and Network Operation
* Implementer: The operations engineer assigned above
* Short description: Used as title for the change
* Description: Describe the purpose, the implementation and the potential impact on services
* In the multiple tabs section:
* Planning - Complete sections using the information from the normal request above. Add the current DNS configuration in the backout plan.
* Schedule - Provide dates
* Under 'Related Links', complete the 'Complete risk assesment'
### Request templates
Example: create a CNAME record service123.education.gov.uk pointing to domain service123.azurewebsites.net:
```
Please create the following record in DNS zone education.gov.uk:
service123.education.gov.uk IN CNAME service123.azurewebsites.net
```
Example: create an A record service456.education.gov.uk pointing to IP address 10.11.12.13:
```
Please create the following record in DNS zone education.gov.uk:
service456.education.gov.uk IN A 10.11.12.13
```
Example: create a TXT record _87fa63d9b0fbe.education.gov.uk with value 0e8193849.tfmgdnztqk.validate-example.net :
```
Please create the following record in DNS zone education.gov.uk:
_87fa63d9b0fbe.education.gov.uk IN TXT _87fa63d9b0fbe.education.gov.uk
```
Optionally ask to set the TTL on the record. The default is 300s (5 min). Be careful with long TTL as mistakes may create longer outages.
### Request zone
```
Please create a new DNS zone called service123.service.gov.uk
```
Once submitted, the [Infrastructure Operations](/infrastructure/support/#infrastructure-operations) team will contact you for more information, including a risk assessment and a rollback plan.
## Official service.gov.uk domains
The [GOV.UK proposition](https://www.gov.uk/government/publications/govuk-proposition/govuk-proposition) lays out what should get a `service.gov.uk` domain. In the DfE, we interpet that as follows:
- If a service is actively targeting the use of itself by externals (including schools and local authorities) then it should be a part of service.gov.uk
- Services should be assessed internally if they'll have fewer than 100K transations, by an external GDS assessment if they'll have more than 100K transactions
- If a service is available publicly but targets internals (including contracted suppliers), or if it's private (for example an intranet, or an IP restricted extranet) then it can be on `education.gov.uk` or anything else we wish to use
During alpha and private beta phases, services usually run under the education.gov.uk domain. When a service passes the [public beta assessment](https://www.gov.uk/service-manual/agile-delivery/how-the-live-phase-works), it should get an official service.gov.uk domain and a start page.
As [documented](https://www.gov.uk/service-manual/technology/get-a-domain-name), we need to:
* Create a new DNS zone `<service>.service.gov.uk`. Example: [apply-for-teacher-training.service.gov.uk](http://www.apply-for-teacher-training.service.gov.uk/)
* Take note of the name servers. Example:
```
% dig +short ns apply-for-teacher-training.service.gov.uk
ns-1034.awsdns-01.org.
ns-1700.awsdns-20.co.uk.
ns-736.awsdns-28.net.
ns-485.awsdns-60.com.
```
* Send the request to GDS by emailing <govuk-enquiries@digital.cabinet-office.gov.uk> or <hostmaster@digital.cabinet-office.gov.uk>. Mention the desired zone name and the name servers.
* GDS will then set up delegation from their zone `service.gov.uk`
* Create the required subdomains `<subdomain>.<service>.service.gov.uk`. Example: [www.apply-for-teacher-training.service.gov.uk](https://www.apply-for-teacher-training.service.gov.uk/)
* Domains for test environments may also be created as subdomains. Example: [staging.apply-for-teacher-training.service.gov.uk](https://staging.apply-for-teacher-training.service.gov.uk)
## Start page
Each service must have a start page on [GOV.UK](https://www.gov.uk) website, which briefly describes the service and let the user navigate to the service under the mandatory service.gov.uk domain. The GOV.UK Design System has documentation on the [‘start using a service’ pattern](https://design-system.service.gov.uk/patterns/start-pages/) which describes the different options.