Public DNS
External DNS
We use Azure DNS for managing our public DNS.
The DNS is self-service, managed in the azure-public-dns repository, follow the shuttering instructions for which records you need to add for a new service.
Setup required for an application
- Copy the FrontDoor endpoint hostname for the environment:
# Sandbox
sdshmcts-sbox-bueqa6a6hefjfne4.z01.azurefd.net
# Dev (only used in very limited use-cases for FrontDoor)
sdshmcts-dev-c4ercybwaubzbmfn.z01.azurefd.net
# Staging
sdshmcts-stg-abfwhrf8g0btcqhe.z01.azurefd.net
# Test
sdshmcts-test-a2d9enhbenftckhu.z01.azurefd.net
# ITHC
sdshmcts-ithc-hjd8acedcyeygkgk.z01.azurefd.net
# Demo
sdshmcts-demo-d9brfxgseqf0cpen.z01.azurefd.net
# Prod
sdshmcts-prod-egd0dscwgwh0bpdq.z01.azurefd.net
- Clone the Azure Public DNS repository.
- Under environments directory there are yaml files depicting environments that represents zones corresponding to each environment. There can be multiple zones in one environment,
- Create a PR with records as per the below convention (make sure you replace the variables with the correct values).
- name: "${name}"
ttl: 300
record: "{copy endpoint hostname from frontdoor}"
Where:
${name} = Identifier that will be used to create endpoints and hosts entries in Frontdoor and CDN profiles.
This should be the name attribute from env.tfvars file e.g. name attribute
Send the PR for review to the Platform Operations team. Once the PR is merged terraform will create appropriate records.
Synchronising Public DNS Zone CNAME Records with Private DNS Zone
We synchronize CNAME records from our public DNS zone to the corresponding private DNS zone, such as sandbox.platform.hmcts.net. This ensures that internal services can reach the correct destinations without encountering failures.
If you prefer not to sync specific public CNAME records to the private DNS zone, you can easily achieve this by setting syncPrivateDNS to false. By default, this setting is true, simplifying the synchronisation process when needed. Please note that the pipeline responsible for syncing records is scheduled to run overnight.
If you like to set different record for private dns zone, you can always update the azure-private-dns repo, the sync pipeline will neither overwrite nor delete any records on private dns zones.
Refer to this example for guidance on excluding records from synchronisation.