DNS Request Procedures
DNS Requests
Automation
DNS records for VMs in Azure is managed by Infoblox with requests to the NavAPI-DNS endpoints. There is an Ansible role meant for this purpose, however the authentication is not fully setup and cannot be immediately used.
In the meantime, a request to Tom Hudak, Manuel Palacios, or Patrick O'Shea is required to complete this effort using their scripts.
- Create a post in the Epic on Azure -> Network channel
- Provide the fully qualified domain name (ex. servername.ms.ds.uhc.com)
- Provide the IP that should be set
- Tag one of the above people if they are available, otherwise the Office Hours call is a good time to request this
Manual Change
The NavAPI-DNS endpoints may not satisfy all needs, so there are ways to request direct help from the IPAM team responsible. This requires a Change Request in ServiceNow and can be done by following the steps below. You must have an account in ServiceNow and be assigned to an assignment group to complete this, otherwise not all fields in a Change Request are available to you to edit.
-
Open a Change Request in ServiceNow
-
What Type of Change:Standard -
Assignment Group: (Your Assignment Group) -
Assigned To: (Yourself) -
Short Description: Provide something descriptive (ex.Add Manual A Record: server.ms.ds.uhc.com) -
Click
Submit -
Under Risk Assessment, fill out the form. Below are typical answers but correct them if needed for your specific case.
Service Impact:NoFully Tested:YesFully Backed Out:Yes
-
Planning tab, these are all examples so please modify them for your change:
-
Pre-implementation test plan:Verify there is no current DNS resolution for this hostname: $ host server.ms.ds.uhc.com Host server.ms.ds.uhc.com not found: 3(NXDOMAIN) -
Implementation test plan:Host: server.ms.ds.uhc.com TTL: 300 seconds A Records: 10.150.255.255 -
Validation plan:Verify the host is correctly entered: $ host server.ms.ds.uhc.com -
Backout plan:If the record cannot be created, there is nothing to back out. If the record can only be partially created, the record should be removed to prevent issues testing the application.
-
-
Security Analysis tab, typically all answers are No as DNS changes should not impact security, controls, or other items but review should ne performed to be certain.
-
Affected CIs related list:
- For internal changes (i.e. ms.ds.uhc.com, msnonprod.dsnonprod.uhc.com), choose
NS0-1 - For external changes (i.e. public facing optum.com), choose
NS13-1 - For combined changes, choose both
- For internal changes (i.e. ms.ds.uhc.com, msnonprod.dsnonprod.uhc.com), choose
-
Change Tasks related list:
- Create a new Change Task
Short Description: You can copy theShort Descriptionof the change or provided something specificDescription: Copy theImplementation Plandetails from the changeAssignment Group:ISO - IPAM
-
Submit for Approval
-
Once approved:
- You should receive an email from the DNS team lead notifying you of approval
- Schedule a Teams Meeting with the technician in the
Assigned Tofield of theChange Taskfor the time of the change - You or a team member must be available and on this call for the change to take place
-
Once completed and verified, mark the change closed