Domain Transfers for Non-gov.uk subdomains
Overview
Occasionally the team are asked to transfer a domain or web application into the MoJ AWS Route53 account. This runbook covers the steps to transfer a domain.
Note - This process does not apply to gov.uk subdomains i.e. example.gov.uk or example.service.gov.uk. That process is managed via BT. See Domain Transfers for gov.uk subdomains runbook (TBC).
Domain transfers usually occur for one of three reasons:
MoJ is taking ownership of a new service from another organisation.
MoJ is Domain Registrar for a domain, but management is being delegated to another Service Team e.g. Cloud Platform, HMCTS Ops
MoJ is taking ownership of a new domain for defensive domain registration purposes.
Links
This runbook is based on these two guides from AWS:
AWS migrate-dns-domain-in-use guide
AWS domain-transfer-to-route-53 guide
Before the Transfer
Either or both the Domain Registrar and the domain can be transferred to our Route53 account. The Domain Registrar are the contact details for the domain. Changes to the Domain Registrar will not affect the DNS for the domain. The domain itself can be moved to our Route53 account and/or be cutover onto a new subdomain based off service.justice.gov.uk or justice.gov.uk. This means we can manage the DNS for that domain.
Before the transfer we try and replicate the current DNS set up in our Route 53 account. So that it is running on the current provide and on our Route53 account. This will help reduce downtime when the cutover occurs.
Note - In the case of transfers for domains that will be delegated to another Service Team we will not need to create a Hostedzone, but we do need details of the Nameservers that the domain will be delegated to. The Registration process will need these Nameserver details when the Transfer process is initiated.
Note - In the case of defensive domain registartion you can set up the standard defensive domain DNS records.
Start by getting the domain / URL from the other person. If the domain is being moved onto service.justice.gov.uk or justice.gov.uk ensure it meets the naming standards .
Next obtain the domains DNS record details i.e. IP address for a A record, any namespace server details for NS records, TXT and MX records or ask for a zone file from the current provider, or create defensive domain records depending on the type of domain.
If received a zone file then import that into Route 53. Or in our Route53 account create a new hosted zone and add all the records they provided. AWS will create the NS and SOA records in the new hosted zone, do not modify them.
If the domain is becoming a subdomain on service.justice.gov.uk or justice.gov.uk then you can add a A record to point to an IP address provided by the current provider for example.service.justice.gov.uk then add a CNAME record that points to the new A record for www.example.service.justice.gov.uk.
If they ask about Google Analytics (GA), point them towards these slack messages: message1 and message2.
Email the IPS tag GANDI to the other person, ask them to reduce the TTL on the current namespace servers to 60, ask them to remove any DNSSEC flags that would stop the domain transfer. Also ask the current provider to take a copy of the current Namespace servers record details so that they can be reverted if a problem occurs with the transfer process.
Once the user has confirmed the tag has been applied, the NS TTL has been reduced and any DNSSEC has been disabled the domain transfer can be started.
Lower the TTL for the Namespace server NS records in the new hosted zone on our Route53 account.
The Namespace server records TTL is reduced so that cached requests to the site occur more often than the original 2 days.
The Transfer
Open Route53, on the left hand side select Registered Domains, select the Transfer In (orange button), pick either the Single or Multiple option, paste the domain address into the Add box, click the check button, move along the screens until you can add the contact details. For the contact details select the option to use a person and enter the details from the table. Continue until you can click on the submit request button.
| Name | Steve Marshall |
| domains@digital.justice.gov.uk | |
| Tel | +44 02033345664 |
| Address | 102 Petty France |
| City | London |
| Post Code | SW1H 9AJ |
| Country | UK |
| Privacy protection | On |
To see the progress of the transfer click on left hand menu Domains then Requests.
The transfer should be a “Transfer domain in” type in the Requests screen.
On the Route53 dashboard it will display messages and errors regarding the transfer.
The message to look out for to see that the transfer has completed is Domain transfer successful: Sent email to registrant contact: transfer is complete (step 14 of 14).
Now go to the Registered domains section in Route53 and search for the domain. Open it and check the domain contact details. If the Registrar contact details are still the previous registrars contact details, then edit the settings and use the contact details to match the table above. AWS will send an email to the current registrar to approve the change. When the current registrar has approved we receive an email from AWS named Amazon Route 53 successfully changed the registrant contact for DOMAIN-NAME. To see status of this request look in the left hand menu Domains -> Requests and it should be a Change domain owner type.