Skip to main content

HSCN Domain Name System (DNS)

This document provides an overview of the domain name system on HSCN and the domain name system change request process.

What is DNS?

The Domain Name System (DNS) allows IP network users to use easy to identify names in place of numeric IP addresses.

For example, a user typing www.nhs.uk into a web browser will get to the website hosted by a server at internet IP address 217.64.234.65. DNS tells the user's computer that www.nhs.uk is actually at IP address 217.64.234.65.

DNS also lets operators move servers and services to different IP addresses invisibly, whilst keeping the DNS name the same for users.


How does DNS work?

A DNS client (typically, a user’s computer or a server) issues a query to their local DNS server. 

Domain name data is distributed and/or delegated amongst a number of name servers. Often, the local DNS server doesn't hold all the data requested, even though local DNS servers do store (cache) answers to recent DNS queries. 

If the answer isn't cached, the local DNS server forwards the query to other DNS servers to get the data. This is known as recursive operation. 

This process continues until the record is retrieved from an authoritative DNS server. 

Although previous examples have used the nhs.uk domain, the resolving process works for any domain that is registered and in use. An HSCN-user’s DNS request for the IP address of www.microsoft.com would be resolved in the same way. 

Because DNS is a critical service on HSCN and on the Internet, multiple DNS servers are implemented for resilience at every stage in the resolution path.


Protective DNS (PDNS)

The HSCN DNS Service will direct all queries destined for the internet to the NCSC’s Protective Domain Name Service (PDNS). PDNS is aimed at disrupting the use of DNS for malware distribution and operation. It has been created by the NCSC, and is implemented by Nominet UK.

PDNS is a free and reliable internet-accessible DNS resolver service for the public sector and is one of the NCSC’s widely deployed Active Cyber Defence capabilities. It has been mandated for use in the public sector by the Cabinet Office.

Further information is available on the NCSC website.


nhs.uk

nhs.uk is the registered internet domain for the UK National Health Service. This means it is for internet use, for instance when an NHS organisation wants to publish or access a public website. However, the NHS also uses nhs.uk on HSCN.

Using nhs.uk both internally and externally (on the internet) makes the user experience seamless. An HSCN user typing nww.nhs.uk into their browser will get the HSCN hosted website, but if they type www.nhs.uk they'll get the internet hosted website. This is because HSCN has a gateway to the internet (called NHS Secure Boundary), but they are different websites on different networks.

nhs.uk is the NHS's top-level domain. Individual NHS organisations normally have their own sub-domain of nhs.uk, for example: digital.nhs.uk. A fully qualified domain name (FQDN) includes the hostname prefix; the name of a server where a website is hosted. For example www.digital.nhs.uk identifies the web server called 'www' for the digital.nhs.uk sub domain.


HSCN logical DNS configuration

The below diagram shows the logical DNS configuration used across HSCN.

Diagram showing the logical DNS configuration used across HSCN/TN

The HSCN DNS service is provided to all HSCN-connected organisations on only the following 2 IP addresses.

HSCN DNS Service IP addresses
155.231.231.2
155.231.231.1

You must ensure that firewall rules are in place to allow traffic on port 53 (TCP/UDP) and that your downstream DNS servers or DNS clients can resolve DNS requests using these IP addresses.

Please note that Transmission Control Protocol (TCP) ping should be used to test connectivity to the DNS IP addresses. TCP ping is supported by the HSCN DNS service and is a recommended alternative to Internet control Message Protocol (ICMP) ping. A variety of TCP ping tools are available online and guidance on utilising TCP ping has been published by Microsoft.


Legacy DNS Services

The HSCN DNS service is provided to all HSCN-connected Organisations on only the above listed IP addresses.

The following IPs must be removed from Organisations DNS configuration.

Legacy DNS IPs
194.72.7.137
194.72.7.142
81.128.8.1
81.128.8.9
62.130.194.17
62.130.194.25
217.36.155.8
217.36.155.9

 


DNS records

Data for a domain, such as nhs.uk, is arranged in (zone) data files with a number of (resource) records. The most important and most often used are the:

  • address record (A record) - used to direct users to live servers for web browsing and file transfers for example
  • mail exchange record (MX-record) - used to direct messages to email/messaging servers for a domain

Other types of record used on the nhs.uk DNS servers are:

  • start of authority (SOA): defines the start of a zone data file, includes information on: 
    • the name server with ultimate authority for the domain
    • who to contact about the domain
  • name server (NS): defines one or more name servers with definitive DNS information
  • Canonical Name/alias (CNAME): defines additional aliases for an IP address (as alternative to multiple A records)
  • Pointer (PTR): a 'reverse lookup' record that associates an IP address to a DNS name - effectively the reverse of an A record

DNS change request process

NHS Digital own and administer nhs.uk DNS for the NHS in England.

NSS in Scotland administers the scot.nhs.uk (sub) domain.

NHS Wales Informatics Service manages the wales.nhs.uk/cymru.nhs.uk sub-domain.

HSCNI manages the n-i.nhs.uk sub-domain.

DNS change requests, to change either zone data files or individual DNS records, must be made directly to these bodies. 

Find England DNS change request forms and contact information


Further information

internal HSCN IP address management

Find all information relating to IP address management under HSCN, including the HSCN IP addressing policy, IP addressing good practice guidelines, IPAM process and change request forms.

internal Business Applications Guidance

This document provides guidance on procuring standard business applications and is aimed at health and social care organisations using HSCN.

internal HSCN Quality of Service overview

Quality of Service (QoS) is a set of techniques to manage resources within a communications network. This page provides details of QoS implementation across HSCN.

internal HSCN connectivity options

The Health and Social Care Network (HSCN) programme has provided new and significantly different network services to the legacy networks it replaced.

Last edited: 10 May 2021 8:22 am