Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS guidance update #1006

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

DNS guidance update #1006

wants to merge 7 commits into from

Conversation

galund
Copy link
Contributor

@galund galund commented Feb 25, 2025

Fairly radical rewrite including

  • removing dual hosting per GOV.UK thinking
  • adding some notes about practice for non-prod domain names (someone needs to tell me this is actually correct - it's what DI do I believe!)
  • created some instructions for how to get an internal domain as this didn't seem to be written down anywhere

@galund galund requested a review from louzoid-gds February 25, 2025 12:03
jonodrew
jonodrew reviewed Feb 25, 2025
View reviewed changes
source/standards/dns-hosting.html.md.erb

Your non-production domains should be subdomains of your production domain.

For example, if you service can be found at `myservice.service.gov.uk`, then you might also have Route 53 records for your other environments, such as:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This point's under discussion at the moment. I agree with it, but I don't think it's been properly agreed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to leave this open assuming the discussion isn't gonna take forever, LMK :)

@galund
Advice/policy for non-production domain names
f1f80ce 
- not all teams do this, but it's an option
- we might also want some advice about marking non-prod sites clearly to avoid end-user confusion
- also security considerations are missing here
@galund
Advice/policy about internal services for GDS users
64d62b3 
- first draft based on current practice
@galund
Remove recommendation to dual-host DNS
7f04b04 
- even GOV.UK do not do this, see https://github.com/alphagov/govuk-dns-tf/tree/main?tab=readme-ov-file#amazon-route53-vs-google-cloud
- cannot link this reference from the body text as it's a private repo
- the Service Manual says "Consider using multiple suppliers" so arguably if we aren't doing this we should propose an update to that
@galund
Add GDS brand guidance link
dd4fdc2
@galund
Less definitive language re dual-hosting
475b8ec 
- in practice GOV.UK do dual host a lot of their stuff
- best to avoid 'should' or 'must' language in a callout, anyway
@galund
Note to be careful about setting cookies
309edd3 
- easiest thing for most cases is to *not* set Domain per OWASP guidance
- some folks prefer to have `www.` as a belt-and-braces approach to full domain separation, and there isn't consensus right now to take a hard line either way
@galund
Remove callout alert type
a46f911 
- annoyingly the tech docs template doesn't support this (GitHub) feature
@galund galund force-pushed the dns-for-internal-services branch from 2946ec0 to a46f911 Compare February 28, 2025 12:56
@galund galund mentioned this pull request Mar 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sihugh sihugh sihugh left review comments

@jonodrew jonodrew jonodrew left review comments

@louzoid-gds louzoid-gds Awaiting requested review from louzoid-gds

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@galund @sihugh @jonodrew