DNS Services

DNS (Domain Name System) is essentially a simple idea in that it converts human-friendly computer names into the IP addresses that drive the Internet.  But in practice it is a black art as a glimpse at the Wikipedia page on the subject will testify.

Luckily, for those connected through HICS, DNS for your “.herts.sch.uk” domains is managed by Updata on your behalf.  There are three contexts in which you might need to ask the Service Desk to arrange a DNS change  … your website, your email or browser-based access from the Internet (mainly staff and pupil homes) to school based systems.  We don’t expect you to understand all that follows before you you can request a DNS change … just contact the Service Desk and they will advise you … but in case you are interested …

Your domain

The fist thing to note is that Updata only manage the “.herts.sch.uk” domains.  If you have a DNS problem with respect to a different sort of domain then some of what is here might be useful information but any DNS change will have to be made by whoever does manage your domain … your “Registrar” … see below.

An easy way to find out the who owns and manages a particular domain is to carry out a “Whois” query … and a good place to do that is on the Nominet website.  Enter your domain into the “Whois Lookup” box on the Nominet Home Page and you will be presented with a screen-full of information.

Registrant: This is the owner of the domain. So your school name should show here … if it is your domain. If it’s your official “.herts.sch.uk” domain it probably shows your DfE number as well.  You will see that it is you, the school, who own the domain and not the County Council … which many schools seem to mistakenly believe.
Registrar: This is the body which has registered the domain on your behalf. For “.herts.sch.uk” domains this will usually show Updata as the Registrar … also known as the TAG holder. The TAG holder controls how the DNS records for your domain are managed.
Relevant dates: These show when the domain was first registered and when registration was last renewed.  (Registration is permanent for “.herts.sch.uk” domains … others will show a renewal date. See DNS FAQs at the end of this page for more information.)
Nameservers: These are the DNS servers that have the authority to tell all other nameservers on the Internet about your domain and its DNS records. Where Updata are the TAG holder it is usually best to let them list their own nameservers as authoritative for the domain. Updata have 4 nameservers … 2 are located in the LD4 data centre and 2 in LD5. If Updata’s nameservers are authoritative for your domain then Updata will be able to make any DNS changes that you request through the Service Desk.

Looking up your existing DNS records

An easy way too look up your existing DNS records is with a tool like MyDNSTools.  From the left menu of that site choose <DNS lookup>.  In the <Host/Domain:> field enter the domain you wish to investigate … without the “HTTP://” … then choose “Any” from the <Type> drop down list and finally click <Perform lookup>.

You must be very specific about the domain you enter into the <Host/Domain:> field.  The DNS records for “www.lea.herts.sch.uk” will be different from the records for “lea.herts.sch.uk” and different again from “moodle.lea.herts.sch.uk”.    Using “www.lea.herts.sch.uk” you will see a readout like that below.

Websites and DNS

There are two types of record which might be used to signpost your website; the A Record and the CName Record.

The A Record simply supplies the IP address of where your website is hosted.  So an A record that looks like …
www.butterfield.herts.sch.uk.     IN    A     194.154.20.2
… just means that the browser of a user requesting the URL “www.butterfield.herts.sch.uk” will be directed to the address 194.154.20.2   (The IN means INternet and the A is for Adress)  In most cases this simple A Record is all you need to make sure that visitors to your website end up in the right place.

A CName Record (canonical name record) makes one domain name an alias of another. The aliased domain gets all the subdomains and DNS records of the original.  Some schools use this where they have their website hosted under an “unofficial” domain but they wish all visitors using their “official” domain name to end up in that same place.  So a CName Record might look like this:
www.butterfield.herts.sch.uk.     IN     CNAME     butterfieldschool.org.uk
butterfieldschool.org.uk.     IN     A     194.154.20.2
What happens here is that when a visitor requests the address “www.butterfield.herts.sch.uk” their browser does a DNS lookup and discovers that it does not have its own A Record but is actually aliased to another address.  This other address is “butterfieldschool.org.uk” and the A Record for that is 194.154.20.2.  So that is the address to which the visitor is sent.

An added complexity here is that although Updata are authoritative for the official domains (the .herts.sch.uk domains) and can therefore manage the A Record, in the example above, they will not be authoritative for unofficial domains like “butterfield.org.uk”.  Someone else will manage the DNS for this unofficial domain.  This means that where a school uses the a CName Record in this way there are actually two parties that they have to deal with to ensure that all relevant DNS records are correct.  The HICS Service Desk will be able to arrange any changes to “.herts.sch.uk” domains but schools will have to deal directly with whoever manages the DNS for any other domains.  So there is a clear advantage in keeping things simple, if possible, and just having one domain which is managed through HICS.

Email and DNS

As well as ensuring that visitors to your website end up in the right place DNS also ensures that email for your domain is correctly delivered.  This is controlled with the MX Record (Mail EXchange Record)

If you use RM EasyMail or if you have a school-based Exchange Server, with RM relaying your mail to that server, you will have an MX record that looks like:
butterfield.herts.sch.uk.     86400   IN     MX    10 in.mx.ifl.net.
This ensures that when someone sends a message to an address on the domain “butterfield.herts.sch.uk” their email programme will discover, by looking up the MX recortd, that the message should be sent to the mail server with name “in.mx.ifl.net”.  It will then look up the A Record for that name to find the actual IP address to which the message should be sent.

The above example shows a mail server belonging to RM.  Once the sender’s message arrives with RM they first check it for viruses and SPAM and then, if all clear, send it to either their own EasyMail servers or to your Exchange Server depending on which type of mail you have.

(In the above example the “86400” sets the number of seconds that this record will live before checking back with its authoritative source, which of course for the “.herts.sch.uk” domains is Updata, to see if anything has changed … in this example every 86400 seconds or 24 hours.  The “10” in the example indicates the priority with which mail servers should be used if there are multiple MX records … it’s rather redundant when there is just one MX record.)

If you use Microsoft Live@Edu for your email you will have an MX record that looks something like:
butterfield.herts.sch.uk.    1992    IN    MX    0 329036507.mail.outlook.com.

If you use Google for your email you may well have multiple MX records with each one looking something like (but with each one having a different priority number):
butterfield.herts.sch.uk.    58917      IN      MX      30 ASPMX4.GOOGLEMAIL.COM.

Sometimes you may also have a DNS TXT (Text) record that plays a part in the delivery of your email.  Here’s an example from a school using Live@Edu
butterfield.herts.sch.uk.    3600    IN    TXT    “v=spf1 include:outlook.com ~all”
This example refers to something called SPF (Sender Policy Framework) which is a mechanism to stop other people from sending messages which claim to have come from you.

Access from the Internet to school-based systems and DNS

Many schools have systems, such as a Moodle server, located in school but to which access is required from staff and students homes.  Arranging this type of access, including DNS if required, is described here.

DNS FAQs

Q1:  What do I do if I need a DNS change on a domain where Updata is not the TAG holder (Registrar)
A: 
You should contactthe TAG holder for the domain.  The Service Desk will be able to advise you about the DNS change that may be required but you will have to contact the organisation concerned.

Q2:   If I want to move my school website to a new host do I need a new domain?
A:    There really is no need.  With a simple DNS change we can send your website visitors to the new location.  Some hosting companies will try to sell you a domain as well …. but you already have an official domain (.herts.sch.uk) which has been registered for ever in your name.

Q3:   Are schools responsible for the renewal of their domain name registrations?
A:   If you use the Nominet site to do a WHOIS query for information about your domain you will see that there is a section called “Relevant dates”.  For school official domains (.herts.sch.uk” domains) no registration renewal date is shown.  That’s because these official domains have been registered permanently … you don’t need to worry about renewal.  For other domains a registration renewal date will be shown.  The Registrar for the domain will contact you when this date comes around.  If the Registrar is Updata they will just renew the registration automatically on your behalf.  If in doubt contact the Registrar … and if Updata is the Registrar contact the Service Desk.

Q4:  Can we have another “.herts.sch.uk” domain alongside our current one?
A:   The allocation of domain names is managed by the not-for-profit organisation called Nominet and so you should ask this question of them.  In our experience the answer has always been, “No”.  Nominet will generally only allow one “.herts.sch.uk” domain name per school.  However they have been known to grant an additional domain name for use by a consortium of schools.  The Nominet rules on domain names for schools are explained here.

Q5:  We are becoming an Academy with a radically new school name so we really need a new domain name as well.  How do we arrange that?
A:  Changing domain name, with its repercussions for your website and email, is not a trivial task but where your school name is changing it clearly does make sense to change your domain name as well.  The “.herts” component of a “.herts.sch.uk” domain is just a geographical indicator.  Nominet will grant a “.herts.sch.uk” domain to any school within Hertfordshire whether it be maintained, academy, independent or free.  So changing to academy status does not require you to move away from a “.herts.sch.uk” domain name.  However you will have to contact Nominet in order to agree your new one.  This is something we cannot do for you as Nominet like to speak directly with the Registrant.  (The contact details for Nominet are here.  In our experience it is best to start with a telephone call and ask to speak with someone who deals with schools.)

In your discussion with Nominet you need to:

  1. Agree what your new domain name will be.
  2. Tell them that the Registrar (or TAG holder) will be Updata.
  3. Agree an overlap period between when your new domain name will become active and your existing one will cease.  This is important so that you have the time to organise the transition.  Nominet seem happy to agree to three months.  They will probably insist that your existing domain name should cease because of their rule about one “.herts.sch.uk” domain per school.

Having agreed all of that with Nominet you should the contact our Service Desk so that they can tell Updata about your new domain and make arrangements for the new DNS records that you will now need.

Q6:  I am trying to obtain an SSL certificate and the provider is insisting that I create a TXT DNS record.  What’s that all about?
A:  This is simply a device for proving that you are the registrant of a particular domain.  It is based on the assumption that only the registrant can make a DNS change and so they ask you to make a simple DNS TXT record which won’t actually affect anything … it just proves that you can do it and so that you are the registrant for that domain.  Just contact the Service Desk with the details of the TXT record to be created and they will organise it for you.

Q7:  I need to know all of the DNS records associated with my domain but because I don’t know what subdomains may have been used I don’t know what to look for using a tool like MyDNSTools.  How can I get a list of all DNS records for my domain?
A:  You need a DNS Zone File listing.  If the domain in question is your official “.herts.sch.uk” domain please contact the Service Desk who will be able to obtain the listing from Updata and send it to you.  If it’s another domain that the listing is required for then contact the Registrar for that domain.

Leave a Reply