HSCN/TN/nhs.uk logical DNS configuration
This diagram shows the logical DNS configuration used across HSCN/TN.

2020 technical refresh
DNS migration
During 2020 NHS Digital successfully migrated the DNS service from the legacy BT service to a replacement service. The legacy infrastructure access was then blocked and decommissioned.
All organisations should now have configured their DNS configuration to use the correct IP addresses below:
DNS Service - NHS Digital-owned RIPE IP Addresses |
155.231.231.2 (cns1.nhs.uk) |
155.231.231.1 (cns0.nhs.uk) |
For a limited timeframe, in order to support organisations that have not yet migrated their DNS services, the legacy BT-owned IP addresses 194.72.7.137 and 194.72.7.142 will be temporarily supported. Organisations should continue to plan their migration to the new NHS Digital-owned IP addresses.
Further guidance on IP configurations and the legacy DNS service can be found on the NHS Digital Website.
Please note that Transmission Control Protocol (TCP) ping should be used to test connectivity to the DNS IP addresses. TCP ping is supported by the HSCN DNS service and is a recommended alternative to Internet control Message Protocol (ICMP) ping. A variety of TCP ping tools are available online and guidance on utilising TCP ping has been published by Microsoft.
DNS change request process
NHS Digital own and administer nhs.uk DNS for the NHS in England.
NSS in Scotland administers the scot.nhs.uk (sub) domain.
NHS Wales Informatics Service manages the wales.nhs.uk/cymru.nhs.uk sub-domain.
HSCNI manages the n-i.nhs.uk sub-domain.
The TN provider will continue to manage the 'live' DNS service for the foreseeable future.
DNS change requests, to change either zone data files or individual DNS records, must be made directly to these bodies. The HSCN/TN service provider cannot accept DNS change requests from end-users.
Find England DNS change request forms and contact information.
For further details please see HSCN/Transition Network DNS.
NTP service replacement
As a number of organisations are still reliant on the central Network Time Protocol (NTP) service for HSCN, a temporary replacement service has been provisioned on the replacement DNS. This service will be available on the same IP addresses as the legacy NTP service (155.231.231.3 and 155.231.231.4).
The reliance on the central NTP is discouraged, and organisations are requested to provision their own source. NHS Digital has publicised the availability of free and open source services that can fulfil the original NTP service requirement. Guidance on how to select and implement an appropriate NTP service is published on the NHS Digital website.
Protective DNS (PDNS)
The Replacement DNS recursive service will direct all external queries through the NCSC’s Protective Domain Name Service, referred to as PDNS – a service aimed at disrupting the use of DNS for malware distribution and operation. It's been created by the NCSC, and is implemented by Nominet UK.
PDNS is a free and reliable internet-accessible DNS service for the public sector and is one of the NCSC’s widely deployed Active Cyber Defence capabilities. It's been mandated for use by central government departments by the Cabinet Office
Further information is available on the NCSC website.