Merge pull request #19 from ukhsa-collaboration/feature/mafd_103_document_dns

ntse · web-flow · commit adbfb91d8b3c · 2026-03-10T17:54:17.000Z
feat: MAFD-103 Document central DNS
diff --git a/source/documentation/aws/delivery-and-operations.html.md.erb b/source/documentation/aws/delivery-and-operations.html.md.erb
@@ -29,12 +29,6 @@ One potential improvement would be to centralise backend bucket creation via Sta
 
 CloudTrail and Config are enabled through Control Tower, so logs should already land in the centralised log archive account. 
 
-## DNS
-
-DNS is not consistent today. It’s mostly delegated from `phe-prd`, but the subdomain patterns vary by service.
-
-Service-specific quirks are documented on each service page under `Services`.
-
 ## Secrets
 
 Most secrets are created as placeholders in Terraform, with values set manually afterwards. This gives us some infrastructure visibility, but it means our infrastructure is not fully reproducible.
diff --git a/source/documentation/aws/dns.html.md.erb b/source/documentation/aws/dns.html.md.erb
@@ -0,0 +1,19 @@
+---
+title: DNS
+parent: OHID AWS Landing Zone
+nav_order: 6
+---
+
+# <%= current_page.data.title %>
+
+DNS is managed centrally in Amazon Route 53.
+
+The central DNS account contains the public hosted zones for our primary domains, such as `phedigital.co.uk` and `betterhealthapps.com`. Subdomains are delegated to workload accounts where appropriate so teams can manage service-level DNS records without needing access to the central account.
+
+## Current state
+
+This model has not been applied consistently across all existing services. In some cases, delegation differs between accounts or services for historical reasons. Where service-specific behaviour exists, it is documented on the relevant page under `Services`.
+
+## Infrastructure as code
+
+DNS configuration is managed in the [`ohid-dns-iac` repository](https://github.com/ukhsa-collaboration/ohid-dns-iac).
diff --git a/source/index.html.md.erb b/source/index.html.md.erb
@@ -46,6 +46,7 @@ This is the technical documentation for the developers and DevOps engineers work
 - [AWS Account Structure](documentation/aws/account-structure)
 - [AWS Centralised Backups](documentation/aws/centralised-backups)
 - [AWS Networking](documentation/aws/networking)
+- [AWS DNS](documentation/aws/dns)
 - [Delivery and Operations](documentation/aws/delivery-and-operations)
 
 ## Other documentation
