For AWS Route53 DNS records for use on parked "gov.uk" domains.
Reference: https://www.gov.uk/guidance/protect-domains-that-dont-send-email
Reference: https://www.ncsc.gov.uk/blog-post/protecting-parked-domains
This reduces the likelihood that the domain could be a source of successful email spoofing.
Not yet implemented. Likely CNAME
to a central redirecting CloudFront
distribution.
You'll need an aws_route53_zone
already, the below examples assume you've
called this primary
.
Note: the use of the //
is important to select the sub-directory.
module "co-cddo-aws-r53-parked-domain" {
source = "github.com/co-cddo/aws-route53-parked-govuk-domain//terraform?ref=5e85556ce417cd335c440fd1e7079bd331f443d5"
zone_id = aws_route53_zone.primary.zone_id
}
# all variables
module "co-cddo-aws-r53-parked-domain" {
source = "github.com/co-cddo/aws-route53-parked-govuk-domain//terraform?ref=5e85556ce417cd335c440fd1e7079bd331f443d5"
zone_id = aws_route53_zone.primary.zone_id
depends_on = aws_route53_zone.primary
email_records = true # default
webserver_records = false # default
additional_dmarc_ruas = [] # default, list of additional email addresses
default_dmarc_record = "v=DMARC1;p=reject;sp=reject;adkim=s;aspf=s;fo=1;rua=mailto:dmarc-rua@dmarc.service.gov.uk"
default_txt_record = "v=spf1 -all"
additional_txt_records = [] # default, list of additional TXT records for the root
}