Part of HSCN domain naming standards and policies
Management
The trusted domain name administrator and technical contacts
It is a requirement of the Cyber Security Standard that a domain name administrator is appointed. The domain name administrator has the authority to request changes to domain names and records in the apex domain namespaces, and authorise technical contacts who will submit day-to-day DNS change requests.
The apex domain namespace refers to the parent domain in which all of our sub-domains and records ultimately reside.
At NHS England, we are responsible for the apex domain nhs.uk
Responsibilities of the domain name administrator
- apply for a domain name in the apex domain namespaces
- provide a role-based email contact when applying, so the DNS Team can contact them in the future for example domainmanagement@[your-organisation].nhs.uk or domainmanagement_[your-organisation]@nhs.net
- comply with the schedule of activities for Domain Name administrators
- manage the sub-domains in the apex domain namespace for which they are responsible
- ensure that each domain name has a process in place to manage its lifecycle
- sign a memorandum of understanding (MOU) acknowledging their responsibilities and agreeing to abide by NHS England’s published standards and guidance relating to DNS
Failure to follow these policies will severely hamper an organisation’s ability to request new DNS names, or changes to existing DNS names.
Responsibilities of technical contacts
- be authorised by the domain name administrator to manage sub-domains in the apex domain namespace for which they are responsible
- provide individual email and telephone contact details, so the DNS Team can contact them in the future
- comply with the schedule of activities for technical contacts
- request changes to records in the sub-domains of the apex domain namespace for which they are responsible - requests must comply with all DNS Requests for Comments (RFCs)
- request removal of defunct sub-domains and records
Failure to follow these policies will prevent a technical contact from being able to request new records, or changes to existing DNS records.
Self-administration
Self-administration is the ability to edit an organisation’s DNS records in near real-time. NHS England intends to develop the facility to permit self-administration for those organisations that provide sufficient details of the domain name administrator and technical contacts and register for multi-factor authentication (MFA).
Once a domain name administrator or technical contact has authenticated on the application, they will be able to make changes to the owned sub-domains to be applied at the next batch run.
To be eligible for self-administration, the records in question must be in their own sub-domain (they cannot be in the apex domains).
Contact [email protected] to register your interest in self-administration.
Last edited: 10 June 2024 4:31 pm