It has been nearly 6 months since we transitioned all of our customers from N3 to HSCN, so it is about time that another change is required of us all, courtesy of NHS Digital. Thankfully this should be a minor change for most, though perhaps for some customers this is a bit of a bigger change to consider.
All users of HSCN should have received the below communication from NHS Digital a couple of weeks ago, however for those of you who didn’t get it, we have pasted it in full below so you can have a read.
The long-and-short of it is that there are some new DNS services on HSCN (and N3) which are now available, and the old services get turned off in early 2020. This means that if you have any applications that use these services then you should make changes to configurations to point to the new DNS between now and the end of 2019.
As always, we are here to help, so if you have any questions or comments then please don’t hesitate to contact us via your Sales Account Manager, Technical Account Manager or Support Portal.
FAO: DNS Managers within Transition Network or HSCN consumer organisations.
We are writing to you with important information regarding the replacement of the Transition Network (TN) (formerly N3) Health and Social Care Network (HSCN) Domain Name Service (DNS) used to resolve host names to Internet Protocol (IP) addresses.
The replacement service will use two new NHS Digital RIPE IP addresses for future proofing, and we are asking all organisations that use the TN or HSCN to complete migration to the replacement service before December 2019.
HSCN DNS replacement
The TN has completed a technical refresh programme to ensure the core components of the network and key supporting infrastructure (including nhs.uk DNS) continue to perform well during the migration to HSCN.
To allow for closure of the TN NHS Digital are running a procurement for a new DNS service. The chosen provider will use NHS Digital IP addresses and all organisations must transition to the new resolution IP addresses.
HSCN nhs.uk logical DNS configuration
As part of the DNS refresh, two new resolution IP addresses have been implemented alongside the legacy IP addresses.
| Current - DNS BT RIPE IP Addresses | New - NHS Digital RIPE IP Addresses |
| 194.72.7.137 (cns0.nhs.uk) | 155.231.231.1 |
| 194.72.7.142 (cns1.nhs.uk) | 155.231.231.2 |
The new NHS Digital RIPE IP addresses of 155.231.231.1 and 155.231.231.2 will run concurrently alongside the legacy, BT RIPE IP addresses of 194.72.7.137 and 194.72.7.142.
The historical IP configurations will continue to use the current internal DNS servers shown as their ‘local’ servers for DNS queries. They are at the following network IP addresses: cns0.nhs.uk (194.72.7.137) and cns1.nhs.uk (194.72.7.142).
These IP addresses are owned and managed by BT and will be decommissioned when the BT TN DNS service is replaced by an alternate service provider following NHS Digital procurement activity.
In readiness for the migration to an alternate service provider all organisations using the existing BT TN DNS service must reconfigure their service to use the new NHS Digital RIPE IP addresses no later than 31st December 2019.
NHS Digital recommended that you carry out local risk assessments and testing of the new IP addresses to ensure that they can resolve DNS requests against the new IP address configurations. Where firewall rules are in place to allow port 53 queries to only connect to the legacy IP addresses, these rules should be updated.
For more information on DNS and IP addressing see the NHS Digital Networking addressing webpage and HSCN/Transition Network DNS page. We have also published guidance on HSCN / Transition Network (TN) DNS, including information on the technical refresh on the NHS Digital website.
For further information or DNS enquiries please contact the DNS team at [email protected]
Yours sincerely
HSCN programme team
TL;DR – mandatory DNS change from NHS Digital, do it before end of 2019