Rewrite "Domain Name System (DNS) records" page #4485
Conversation
ChrisBAshton
commented
Feb 19, 2024
ChrisBAshton
commented
- Documents the GOV.UK proposition, which otherwise is unmentioned anywhere else in the Developer Docs.
- Documents how the domains listed in the GOV.UK proposition are linked to the domains and DNS zones we're managing today.
- Documents some of the edge-cases/quirks of domains that are in the proposition but not managed by us, or are not in the proposition but are managed by us.
- Links to some ongoing work to revisit these quirks.
- Describes each GOV.UK proposition domain in turn.
- Documents how the TLD to www redirects are implemented on GOV.UK and on data.gov.uk.
- Removes instructions on how to deploy DNS changes. This is covered in the govuk-dns-tf README.
ChrisBAshton
force-pushed
the
rewrite-dns-doc
branch
from
a54748e
to
07363ad
Compare
source/manual/dns.html.md
Outdated
|
|
||
| [govuk-dns-tf-cloud]: https://app.terraform.io/app/govuk/workspaces/govuk-dns-tf | ||
| This is managed by Cabinet Office. `gov.uk.` is an apex domain so it [cannot have a CNAME record](https://tools.ietf.org/html/rfc1912#section-2.4). Instead, it has A records that point directly to Fastly virtual IP addresses, resolving to the [Production TLD Redirect](https://manage.fastly.com/configure/services/7IaQm6UK3NiQu0v0E83YKn) service, which performs a redirect to `www.gov.uk`. |
There was a problem hiding this comment.
Hmm, is this true now? I used to be able to make changes to .gov.uk myself (by virtue of being on a list of approved people who could send emails requesting changes). I guess that's probably changing with the switch of registry to Nominet? But I'm not sure what the new process is 😬
There was a problem hiding this comment.
Yeah — and either way the statement "The gov.uk domain ... is managed by Cabinet Office" is less than entirely accurate at best.
There was a problem hiding this comment.
Which bit of it are you not sure is true? "Managed by Cabinet Office", apex domain / A records, or production redirect? AFAICT that's the current state of play. I don't remember ever seeing a gov.uk domain in Jisc, suggesting that it moved to the CO account before I became a Lead.
I removed the bit saying how to make changes (via "emailing [email protected] from someone on Jisc's approved contacts") because I imagine that process has changed - if gov.uk is managed by CO, then we're quite likely not on the list of approved contacts. It's also likely that only someone from Senior Tech would be actioning changes.
There was a problem hiding this comment.
@ChrisBAshton it seems to me you're conflating a bunch different aspects of "managing" the domain here. Probably worth a re-think of this doc in terms of: 1) who is the intended audience 2) what is the reader trying to do when they find this doc?
Then if you find it still makes sense to include this level of detail then we work together to make sure that what you're writing is accurate as well as meeting the reader's needs.
There was a problem hiding this comment.
e.g. much of this detail on operational aspects of DNS is unlikely to be relevant to GOV.UK developers and has potential to cause/amplify confusion rather than helping — more info isn't always better.
There was a problem hiding this comment.
I rephrased it to "administered by Cabinet Office", but perhaps "registered by Cabinet Office" makes more sense?
(Though I'm hoping the www.gov.uk domain will come under GOV.UK ownership and we can remove some of these surprises).
The intended audience is any engineer who wants to get an understanding of why we manage the domains we manage (the GOV.UK proposition otherwise has zero mentions in the Dev Docs so far), as well as the numerous gotchas for each of the said domains.
(The technicals around applying DNS changes are documented elsewhere - in govuk-dns-tf - and the policies are documented in the linked Google playbook).
source/manual/dns.html.md
Outdated
|
|
||
| Currently these zones are only used in environments running on AWS. | ||
| This is managed by Cabinet Office. |
There was a problem hiding this comment.
This also feels surprising - shouldn't we be the ones managing this?
There was a problem hiding this comment.
Yep, I think we should be the ones managing this. It's on my list to sort out once the Jisc org rename stuff has settled.
richardTowers
dismissed
their stale review
Approved by accident - just meant to comment
- Documents the GOV.UK proposition, which otherwise is unmentioned anywhere else in the Developer Docs. - Documents how the domains listed in the GOV.UK proposition are linked to the domains and DNS zones we're managing today. - Documents some of the edge-cases/quirks of domains that are in the proposition but not managed by us, or are not in the proposition but _are_ managed by us. - Links to some ongoing work to revisit these quirks. - Describes each GOV.UK proposition domain in turn. - Documents how the TLD to www redirects are implemented on GOV.UK and on data.gov.uk. - Removes instructions on how to deploy DNS changes. This is covered in the govuk-dns-tf README.
ChrisBAshton
force-pushed
the
rewrite-dns-doc
branch
from
9a4c92b
to
ddcff4c
Compare
|
|
||
| GOV.UK Technical 2nd Line are responsible for delegating DNS to other government services. | ||
| Note that we __do not__ manage any other DNS records: if you get a request concerning anything other than `NS` records, it should be rejected. | ||
| In theory, the GOV.UK proposition domains should all be managed by GDS (who use [Jisc](https://www.jisc.ac.uk/): a non-profit that provides networking to UK education and government). In practice, a couple of GOV.UK proposition domains are managed by Cabinet Office, and a couple of non-proposition domains are in the Government Digital Service Jisc account. [This is being looked at](https://trello.com/c/qNpyVaC5/3228-consolidate-co-vs-non-co-domains-in-govuks-jisc-account) by Platform Security & Reliability. |
There was a problem hiding this comment.
Wondering if we need some sort of 'terminology' section to describe Cabinet Office vs Government Digital Service vs GOV.UK?
The doc pretty much refers to GOV.UK and Government Digital Service interchangeably, though I've tried to use the right one in context, i.e. "Government Digital Service" is the name of our Jisc account, and "GOV.UK" is the department linked to the proposition, etc.
