CD2H gitForager

GSA/dns

Name: dns

Owner: U.S. General Services Administration

Description: DNS configuration for domains managed by GSA TTS

Created: 2018-03-09 21:22:06.0

Updated: 2018-05-07 17:41:51.0

Pushed: 2018-05-07 17:41:50.0

Homepage: https://github.com/18F/Infrastructure/wiki/DNS-architecture

Size: 451

Language: HCL

GitHub Committers

User	Most Recent Commit	# Commits

Other Committers

User	Email	Most Recent Commit	# Commits

README

TTS DNS configuration

This repository holds the source code for configuring DNS for domains managed by GSA TTS, including 18F and the Presidential Innovation Fellows.

Making changes

Assuming you're TTS staff, it's recommended that you make the change in a branch on this repository itself, rather than on a fork, because the credentials aren't shared with forks.

Is the domain pointing to the right nameservers? In other words, is there a file for the domain under terraform/ already?
- Yes: Continue to next step.
- No:
  1. Add a file for the domain (or subdomain, if the second-level domain isn't being added), to create the public hosted zone.
    - 18f.us is a good example to copy from.
    - You'll be using Terraform's aws_route53_zone.
  2. After the pull request is merged, to get the name servers for your domain check the output for your build in CircleCI. If you need further assistance, check with #admins-dns.
  3. Change the nameservers for the domain to point to AWS.
    - For .gov domains, this will be done by the “domain manager” in dotgov.gov. The domain manager is likely someone in the respective agency's IT department.
Add the relevant additional record sets. In Terraform, these are known as aws_route53_records. Generally speaking, the required arguments are:
- zone_id
- name
- type
- Either alias or records
- If alias, then evaluate_target_health is also required and ttl is not allowed.
- If records, then ttl is also required and evaluate_target_health is not allowed.

It's worth noting that if you are pointing to a CloudFront distro, you should use Route 53's own alias and not a CNAME record. In fact, CNAMEing a top-level domain (or the top level of a delegated subdomain) is not allowed in DNS. See the various examples in the repo, such as this one.

On merge, changes are deployed to an AWS account hosting the Route53 records automatically by a CircleCI job.

Please note: only production systems with an ATO should have their DNS configuration here. If you wish to create DNS records for pre-production systems, please use the domain sandbox.gov which is available in the TTS Sandbox account.

Public domain

This project is in the worldwide public domain. As stated in the license:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.

This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.