What is DNS?
The Domain Name System (DNS) allows IP network users to use alphanumeric aliases in place of numeric IP addresses.
For example, a user typing www.nhs.uk into a web browser will get to the website hosted by a server at internet IP address 18.104.22.168. DNS tells the user's computer that www.nhs.uk is actually at IP address 22.214.171.124. The user's computer, the server hosting the website and the network on their own only understand IP addresses.
DNS also lets operators move servers and services to different IP addresses invisibly, whilst keeping the DNS naming the same for users.
nhs.uk is the registered internet domain for the UK National Health Service. This means it is for internet use, for instance when an NHS organisation wants to access a public website. However, the NHS also uses nhs.uk on HSCN and the Transition Network (TN).
Using nhs.uk both internally and externally (on the internet) makes the user experience seamless. An HSCN/TN user typing nww.nhs.uk into their browser will get the HSCN/TN hosted website, but if they type www.nhs.uk they'll get the internet hosted website. This is because the TN has a gateway to the internet, but they are different websites on different networks.
nhs.uk is the NHS's top level domain. Individual NHS organisations normally have their own sub-domain of nhs.uk, for example: digital.nhs.uk. Sub-domains are normally just called domains, when they're being talked about alone. A full DNS address (technically known as a URL) includes the hostname prefix; the name of a server where a website is hosted. For example www.digital.nhs.uk identifies the web server called 'www' for the digital.nhs.uk (sub!) domain.
How does DNS work?
DNS works by user (client) computers sending queries to a local DNS server to get the IP addresses they need. This is called resolving. Domain name data is distributed and/or delegated amongst a number of name servers. Often the local name server doesn't hold all the data requested, even though local servers do store (cache) some answers to recent DNS queries. If the answer isn't cached, the local server checks with other name servers to get the data. This is known as recursive operation. This process continues until the definitive DNS information (record) for a domain is found on an authoritative DNS server. Although previous examples have used the nhs.uk domain, the resolving process works for queries about any domain registered and in use. A TN/HSCN users DNS request for the IP address of www.mircosoft.com would be resolved in the same way.
Because DNS is so important there should always be at least two DNS servers for any domain for resilience. These are often called primary and secondary, although they may share DNS requests more equally than the names suggest, depending on set up.
HSCN/TN/nhs.uk logical DNS configuration
The below diagram shows the logical DNS configuration used across HSCN/TN.
2019 technical refresh
NHS Digital will migrate the DNS service from the Transition Network early next year. It is expected that the transition will be seamless to users. More information, including notice of the transition timing, will be available in due course.
Two new resolution IP addresses have been implemented alongside the legacy IP addresses. The new NHS Digital RIPE IP addresses of 126.96.36.199 and 188.8.131.52 will run concurrently alongside the legacy, BT RIPE IP addresses 184.108.40.206 and 220.127.116.11.
These IP addresses will be decommissioned when the TN DNS service is replaced.
|Current - DNS BT RIPE IP Addresses||New - NHS Digital RIPE IP Addresses|
NHS Digital recommend that you carry out local risk assessments and testing of the new IP addresses to ensure that they can resolve DNS requests against the new IP address configurations.In readiness for the migration to an alternate service provider all organisations using the existing BT TN DNS service must reconfigure their service to use the new NHS Digital RIPE IP Addresses as soon as possible and no later than 31 March 2020.
Where firewall rules are in place to allow port 53 queries to only connect to the legacy IP addresses, these rules should be updated.
As part of this migration NHS Digital will modify the DNS A records for cns0.nhs.uk and cns1.nhs.uk such that they resolve to the new 155.231.231.x addresses instead of the legacy 194.72.7.x addresses. This will not affect DNS Resolution for sites continuing to use the legacy addresses.
For further information on the technical refresh please contact us by email at firstname.lastname@example.org
NTP service replacement
The Network Time Protocol (NTP) service for the TN and HSCN will cease when the TN ceases and is not being replaced as a central service.
In readiness for your migration to a local NTP source you must reconfigure your service to use alternative source addresses no later than 31 March 2020.
The NHS Network Time Protocol guidance page provides guidance and standards that NHS organisations should use when implementing a replacement NTP service.
Data for a domain, such as nhs.uk, is arranged in zone data files with a number of (resource) records. The most important and most often used are the:
- address record (A record) - used to direct users to live servers for web browsing and file transfers for example
- mail exchange record (MX-record) - used to direct messages to email/messaging servers for a domain
Other types of record used on the nhs.uk DNS servers are:
- start of authority (SOA): defines the start of a zone data file, includes information on:
- the name server with ultimate authority for the domain
- who to contact about the domain
- name server (NS): defines one or more name servers with definitive DNS information
- Canonical Name/alias (CNAME): defines additional aliases for an IP address (as alternative to multiple A records)
- Pointer (PTR): a 'reverse lookup' record that associates an IP address to a DNS name - effectively the reverse of an A record
DNS change request process
NHS Digital own and administer nhs.uk DNS for the NHS in England.
NSS in Scotland administers the scot.nhs.uk (sub) domain.
NHS Wales Informatics Service manages the wales.nhs.uk/cymru.nhs.uk sub-domain.
HSCNI manages the n-i.nhs.uk sub-domain.
The TN provider will continue to manage the 'live' DNS service for the foreseeable future.
DNS change requests, to change either zone data files or individual DNS records, must be made directly to these bodies. The HSCN/TN service provider cannot accept DNS change requests from end-users.
Find all information relating to IP address management under HSCN, including the HSCN IP addressing policy, IP addressing good practice guidelines, IPAM process and change request forms.
This document provides guidance on procuring standard business applications to replace N3 overlays and is aimed at health and social care organisations moving to HSCN from N3.
This document is intended for NHS 'end-user' organisations connected to the Transition Network (TN), who have opted for local DNS provision.
This guidance document provides a step by step guide to using specific tools and techniques that will resolve or rule out issues that commonly cause network connectivity problems.
Quality of Service (QoS) is a set of techniques to manage resources within a communications network. This page provides details of QoS implementation across HSCN.
The processes to be followed by consumers of Transition Network (TN) and HSCN services, and national application providers to request a change to a quality of service (QoS) configuration.
The Health and Social Care Network (HSCN) programme will provide new and significantly different network services to the N3 network it succeeds.