Table of contents

This documentation is intended for internal use by the RE team.

GOV.UK Verify

DNS changes

The main domain associated with Verify infrastructural things is ida.digital.cabinet-office.gov.uk. It lives in GOV.UK DNS. signin.service.gov.uk also lives in GOV.UK DNS.

How to deploy GOV.UK DNS changes

  • Make a change to alphagov/govuk-dns-config (private repo). There’s a YAML file for each zone in the root of the repository. Make a PR with your changes, get someone to approve it, and merge.
  • Run gds aws govuk-production-admin -e in shell to get your credentials. You will need some GOV.UK production access to do this.
  • Go to https://deploy.publishing.service.gov.uk/job/Deploy_DNS/build - this is the ‘Build with Parameters’ form of the DNS deployment job
  • You’ll need to log into Jenkins using GitHub, you will need to be in the gov-uk-dns-administrators team.
  • Fill out the form with your credentials, action will be ‘plan’, and the correct zone for your change. Do this once with provider aws and once with provider gcp.
  • Click on each of the plan jobs and look at their console output (you may have to wait for it to complete, especially the AWS plan).

    • If you updated a record, expect to see Terraform deleting and re-creating it.
    • If you add a new record, expect to see lots of green.
    • When you apply changes to GCP, there may be some unrelated TXT record updates containing quotes and backslashes. This is due to a bug with govuk-dns - the underlying system - and how it splits long TXT records per provider. These are able to be ignored.
  • If that was okay, fill out the form for each provider again but this time with action 'apply’. If updating a record, the GCP one may need to be repeated to work properly as it will try to create a record before Terraform has processed the destruction of the previous one.