diff options
Diffstat (limited to 'doc/rfc/rfc2146.txt')
-rw-r--r-- | doc/rfc/rfc2146.txt | 675 |
1 files changed, 675 insertions, 0 deletions
diff --git a/doc/rfc/rfc2146.txt b/doc/rfc/rfc2146.txt new file mode 100644 index 0000000..fbadee6 --- /dev/null +++ b/doc/rfc/rfc2146.txt @@ -0,0 +1,675 @@ + + + + + + +Network Working Group Federal Networking Council +Request For Comments: 2146 May 1997 +Category: Informational +Obsoletes: 1816 + + + U.S. Government Internet Domain Names + +Status of this Memo + + This memo provides information for the Internet community. This memo + does not specify an Internet standard of any kind. Distribution of + this memo is unlimited. + +Abstract + + This memo provides an update and clarification to RFC 1816. This + document describes the registration policies for the top-level domain + ".GOV". The purpose of the domain is to provide naming conventions + that identify US Federal government agencies in order to facilitate + access to their electronic resources. This memo provides guidance + for registrations by Federal Agencies that avoids name duplication + and facilitates responsiveness to the public. It restricts + registrations to coincide with the approved structure of the US + government and the advice of its Chief Information Officers. Two + documents are recognized as constituting documentation on the US + government structure: FIPS 95-1 provides a standard recognized + structure into which domain registrations for .GOV and FED.US can + fit; and, the US Government Manual [3], a special publication of the + Federal Register, provides official documentation of the government + structure. The latter document may be subject to more timely updates + than the former. Either document is suitable for determining which + entities qualify for second-level domain registration within .GOV and + FED.US. + + As a side effect, this RFC reduces the number of .GOV and FED.US + level registrations and reduces the workload on the registration + authority. Previous versions of this document did not address the + FED.US domain. This document anticipates the migration of the .GOV + domain into the FED.US domain, in keeping with common practice on the + Internet today. + + + + + + + + + + +Federal Networking Council Informational [Page 1] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + +U.S. GOVERNMENT INTERNET DOMAIN NAMES POLICY + + The .GOV domain is delegated from the root authority to the US + Federal Networking Council. The .GOV domain is for registration of + US governmental entities on the federal level only. Registrations + for state and local governmental agencies shall be made under the .US + domain in accordance with the policies for that domain. Further + references in this document to .GOV should be understood to apply to + FED.US as well. The most succinct form of the policy is "one agency, + one name". The agency may choose its own name, but an easily + recognized acronym is suggested. The following paragraphs enumerate + the types of agencies eligible for registration and the types that + are not eligible: + + + 1) The document "Codes for the Identification of Federal and + Federally Assisted Organizations", FIPS 95-1 (or its successor) + lists the official names of US Government agencies. Either that + document or the US Government Manual can be used to determine that + an entity is eligible for registration as a second level domain of + .GOV. + + A) Top-level entities (e.g., those in FIPS 95-1 with codes + ending in 00 such a"1200 Department of Agriculture"), those in + the US Government Manual listed as "Departments, Independent + Establishments (not Corporations), and all the Boards, + Commissions, and Committees"), and independent agencies and + organizations (e.g., "National Science Foundation" and other + non-indented listings unless prohibited below) as listed in + this document are eligible for registration directly under + .GOV. + + B) Cross-agency collaborative organizations (e.g., + "Federal Networking Council", "Information Infrastructure Task + Force") are eligible for registration under .GOV upon + presentation of the chartering document and are the only non- + FIPS-listed or non-US-Government-Manual-listed organizations + eligible for registration under .GOV. + + C) Subsidiary, non-autonomous components of top-level or + other entities are not eligible for separate registration. + International organizations listed in this document are NOT + eligible for registration under .GOV. Subsidiary components + should register as third-level domains under their parent + organization. Other Federal entities may apply to the FED.US + domain. + + + + + +Federal Networking Council Informational [Page 2] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + D) Organizations listed as "Federally Aided Organizations" + in FIPS 95-1 are not eligible for registration under .GOV and + should register under .ORG or other appropriate top-level + domain that reflects their status. + + E) Organizations subsidiary to "Department of Defense" + must register under the ".MIL" domain via the Defense Data + Network Information Center - contact registrar@nic.ddn.mil. + + F) Other entities may be registered by request of a + cognizant Chief Information Officer (CIO); CIO's are those + agency officials designated by the agency head in accordance + with the requirements of the Information Technology Management + Reform Act of 1996 and Executive Order 13011. + + G) Federal Courts constitute a special class of domains. + All Federal courts seeking domain registrations should contact + the Administrative Office of the US Courts for their guidance + on policy and naming. + + a) The string "SUPREME-COURT" is reserved for the Supreme + Court domain. + + b) All other courts and their officers and officials should + register in .USCOURTS.GOV. The only standard exceptions to + these rules are changes to governmental structure due to + statutory, regulatory or executive directives not yet + reflected in the above document. The requesting agency + should provide documentation in one of the above forms to + request an exception. Other requests for exception should + be referred to the Federal Networking Council. + + 2) A domain name should be derived from the official name for + the organization (e.g., "USDA.Gov" or "AGRICULTURE.GOV".) The + registration shall be listed in the registration database under + the official name (per FIPS 95-1 or US Government Manual) for the + organization or under the name in the chartering document. + + 3) Only ONE registration and delegation shall be made for the + purpose of identifying an agency. The .GOV registration authority + shall provide registrations on a first-come first-served basis. + It is an individual agency matter as to which portion of the + agency is responsible for managing the domain space under a + delegated agency domain. + + + + + + + +Federal Networking Council Informational [Page 3] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + 4) Those agencies and entities that had multiple registrations + under .GOV may retain them until August 1998, but sub-delegations + will be permitted only under the one name chosen by the agency as + its permanent name. As of August 1996, the auxiliary domains will + become un-delegated and will revert to the control of the .GOV + owner. As of 2 August 1997, all registrations in the auxiliary + domains must be mirrored in the permanent domain and those names + should be used where possible. At the three year point, all + auxiliary domain registrations will be deleted (August 1998). + + 5) Those agencies and entities already registered in .GOV but + not listed in FIPS 95-1 (e.g., DOE labs, state entities) or the US + Government Manual may retain their registration within the + constraint of the single registration rule (see para 4). No + further non-listed registrations will be made. State and local + entities are strongly encouraged to re-register under .US, but + this is not mandatory. + + +REFERENCES + + [1] Federal Information Processing Standards Publication 95-1 + (FIPS PUB 95-1), "Codes for the Identification of Federal and + Federally Assisted Organizations", U.S. Department of Commerce, + National Institute of Standards and Technology, January 4, 1993. + + [2] Postel, J., "Domain Name System Structure and Delegation", RFC + 1591, USC/Information Sciences Institute, March 1994. + + [3] US Government Manual, Office of the Federal Register, + National Archives and Records Administration, Washington DC 20804. + + +CLARIFICATION + + + * Registrations prior to August 1995 are grand-fathered and do NOT + require re-registration with the exception of duplicate registrations + for the SAME organization at the same level. E.g., 2 registrations + that represent the Department of Transportation would be considered + duplicates. Registrations for each of the Department of + Transportation and the FAA would not. (The FAA is an autonomous + component contained within the DOT). + + + * The policy requires resolution of all duplicate registrations by + August 1998. + + + + +Federal Networking Council Informational [Page 4] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + * Local and state agencies registered under the ".GOV" domain may + remain there. However, they are strongly encouraged to transfer to + the .US domain. + + + * Cross-agency collaborative efforts may register under "FED.US" + as an alternative to asking for an exception to the .GOV policy. + + +FREQUENTLY ASKED QUESTIONS / ANSWERS + + + EXISTING .GOV REGISTRATIONS + + Q. What are examples of FIPS 95-1 Departments possessing + duplicate top-level domain names, and what guidance has been given + to them regarding these names? + + A. Examples of FIPS 95-1 Departments with duplicate DNS' + include "STATE.GOV" and "LABOR.GOV". These departments had six + months (until December 1996) to determine which name is permanent + and which is auxiliary and three years to drop the auxiliary + registration. + + + + Q. Currently, our services are defined as www.cdc.gov, + ftp.cdc.gov, and gopher.cdc.gov. Does this proposal mean that + our names will now be: www.ntb.ops.cdc.phs.dhhs.gov, etc or at a + minimum: www.cdc.phs.dhhs.gov, ftp.cdc.phs.dhhs.gov, and + gopher.cdc.phs.dhhs.gov? + + A. In the case of CDC, NIST, NIH, FDA, and the numerous other + non-FIPS-95-1 agencies registered with ".GOV" domains, there will + be no changes. The existing DNS' of these agencies are grand- + fathered under this policy. In addition, the policy effects only + the domains allowed to be registered directly under .GOV; further + delegations are under the control of the sub-domain owner. For + the above, assuming the HHS sub-domain owner concurs, there is no + problem with the HHS registering "cdc.dhhs.gov" as a sub-domain of + "dhhs.gov". + + + + + + + + + + +Federal Networking Council Informational [Page 5] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + Q. How will registrations by Federal Laboratories be + addressed? + + A. The existing domain names will be grand-fathered, i.e., + LBL.GOV. Any new registrations will generally be within the + domain of the sponsoring agency (and subject to agency policies), + within the .US domain as a geographic entity, or within the FED.US + domain. + + + + Q. What are some examples of state government agencies + registered under ".GOV" domain? Will they need to change their + DNS? + + A. Examples of cities and states that originally registered + under the .GOV include: WA.GOV Department of Information + Services, State of Washington LA.GOV Bureau of Sanitation, City of + Los Angeles These entities are strongly encouraged to re-register + in the .US domain but this is NOT mandatory. No further state and + local agencies will be registered under .GOV. + + + + Q. It is not in anyone's best interest to name things by + organizational boundaries as these things change. Internet domain + names and host names, once defined and used, become so widely + distributed that they become virtually impossible to change. + + A. The policy does not require organizations to change their + names once established, but individual agency policies may. The + DNS system contains some capabilities to assist in name transition + - the CNAME record provides a capability for cross-domain aliases + which can be used to ease a transition between one name space and + another. As noted in the clarifications, naming and sub-domain + conventions WITHIN an agency or department DNS delegation are + solely the province of that entity. + + + + + + + + + + + + + + +Federal Networking Council Informational [Page 6] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + Q. How can two entities have the same name registered? How + does this apply to NIH.GOV, FDA.GOV, and CDC.GOV, all of which are + large components of DHHS/PHS? NCIFCRF.GOV is a component of NIH. + Does it have to change? I don't understand how a distinction is + made if some are grand-fathered and some are not. + + A. US-STATE.GOV and STATE.GOV for example. The problem is + actually one entity with two names. NIH.GOV and FDA.GOV represent + separate entities (albeit within DHHS). If there were an NIH.GOV + and an NIH-EAST.GOV for example, NIH would have to eliminate one + of them (probably moving NIH-EAST.GOV to EAST.NIH.GOV). + + + + Q. How much is the taxpayer being asked to spend to alter tens + of thousands of existing computer and telecommunications systems + to support this RFC? + + A. In August 1995 less that half-a-dozen duplicate DNS names at + the FIPS 95-1 level needed to be changed. Given the fact that + this will be accomplished over three years, the costs should be + minimal. + + CROSS-AGENCY COLLABORATIONS + + + Q. An organization maintains a domain name that represents a + cross-agency community, IC.GOV, which represents members of the + intelligence community. As a cross-agency collaborative effort, + does the domain have to be re-registered? + + A. The policy states that "Cross-agency collaborative + organizations (e.g., "Federal Networking Council", "Information + Infrastructure Task Force") are eligible for registration under + .GOV upon presentation of the chartering document and are the only + non-listed (in either FIPS 95-1 or the US Government Manual) + organizations eligible for registration under .GOV." "IC.GOV" + however, is grand-fathered since it is an existing domain. + Nevertheless, it would be appropriate to provide a copy of the + chartering document to the FNC for the record. This would ease + future changes to the IC.GOV domain if necessary. + + + + + + + + + + +Federal Networking Council Informational [Page 7] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + FUTURE .GOV REGISTRATIONS + + + Q.Top level domains are roughly equivalent to cabinet-level + agencies identified in FIPS 95-1. What will happen if non-FIPS + 95-1 entities apply for the ".GOV" registration in the future? + + A. The registrar will use this RFC as guidance and will not + grant the ".GOV" to any new entity which is not listed in the FIPS + 95-1 or the US Government Manual or which has not been granted an + exception status by the FNC Executive Committee. + + + + Q. Suppose NIH were moved to a new Dept. of Science? Would + our domain name have to be changed? + + A. NIH.GOV is grand-fathered under the existing policy and + would not change. The "Department of Science" under its own + policies may require you to re-register though. + + FNC INTENT + + Q. It is unclear how this will policy will facilitate access + by the public to our information, especially since most of the + public doesn't know our organizational structure or that CDC is + part of DHHS/PHS. + + A. The policy attempts to avoid confusion as an increasing + number of entities register under the ".GOV" domain and to + transfer authority and responsibility for domain name space to the + appropriate agencies and away from a centralized authority. For + facilitating access, various tools and capabilities are coming + into use on the Internet all the time. Most of these tools + provide a fairly strong search capability which should obviate + most concerns of finding resources based on domain names. + + + + + + + + + + + + + + + +Federal Networking Council Informational [Page 8] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + Q. Section 1D of this document unfairly constrains the + organizations within the .GOV domain in stark contrast to Section + 1F that grants .MIL domain organizations full freedom to operate + sub-domains in any manner chosen. + + A. The Federal Networking Council has jurisdiction over the + .GOV domain names; .MIL domain names fall within the jurisdiction + of the Department of Defense. The .MIL domain has had a written + policy delimiting which DOD agencies get registered directly under + .MIL since about 1987 when the DNS first started to come into use. + Individual agencies under the .MIL domain (e.g., AF.MIL/US Air + Force) are responsible for setting policy within their domains and + for registrations within those domains. This is exactly + equivalent to the .GOV domain - an individual agency (e.g., + Treasury.GOV/Dept of Treasury) may and should set policy for sub- + registrations within their domain. + + + + Q. Section 1B identifies several law enforcement agencies as + being "autonomous" for the purposes of domain registration. What + is the selection criteria for an "autonomous law enforcement" + agency? For instance, the Internal Revenue Service (IRS) is + responsible for law enforcement as is the Bureau of Alcohol, + Tobacco, and Firearms (ATF). + + A. The selection criteria for "law enforcement agency" is based + on primary mission. A case could be made for either or both of + these being law enforcement agencies, although the IRS' primary + mission is tax revenue collection and has few armed officers + relative to its size. An "autonomous" agency is one with mission + and role distinct and (possibly) separate from its containing + department. Unfortunately, FIPS 95-1 does not do a good job of + identifying "autonomous" entities. In the event of problems with + registration, ask the registrar to get a ruling from the + registration authority. + + ROUTING QUESTIONS + + Q. How will Domain Name Service resolution on the Internet + work? Instead of a root DNS server returning the address of + CDC.GOV and immediately directing inquires to our DNS servers, + will the root server return a DNS pointer to DHHS, then DHHS will + resolve to PHS, then a fourth DNS query to get to CDC? This will + add unnecessary traffic to the Net. (example is the host + CDC.PHS.DHHS.GOV) + + + + + +Federal Networking Council Informational [Page 9] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + A. The answer is based on how you (personally and agency wide) + configure your servers. First, most servers cache previous + answers - they may have to ask once, but generally remember the + answer if they need it again. Information directly under .GOV will + be fairly long-lived which substantially reduces the requirement + to query .GOV server. Secondly, multiple levels of the DNS tree + MAY reside on the same server. In the above example the + information for DHHS.GOV, PHS.DHHS.GOV and CDC.PHS.DHHS.GOV could + all reside on the same server. Assuming the location of the + DHHS.GOV server was not cached, it would require two queries. + Further queries would cache the location of this server and the + servers associated with the domains it serves. Lastly, the + individual agencies may structure their domains as they please. + CDC could reside directly under DHHS.GOV as CDC.DHHS.GOV subject + to HHS's own policies. + + + + USING DNS FOR ADVERTISING SERVICES + + Q. How can agencies utilize domain names for public service + announcements such as regulatory information, health services, + etc.? + + A. The use of Domain Names for "advertising" is not encouraged, + and there is no empirical data showing that Domain Names are + effective for such purposes. Moreover, while it may appear a + reasonable assumption, we know of no evidence to show that using + even commonly know agency, program or service names as domain + names in fact, facilitates locating any particular program or + service. Indeed, we find it as reasonable to conclude that, by + using freely available search engines, a user could locate + responsive information before they would successfully "guess" the + appropriate domain name. If the agency CIO deems it advisable to + pursue "advertising via domain names," the agency should use WHOIS + utility (e.g., whois EXAMPLE.COM or whois EXAMPLE.ORG) to + determine if similar or conflicting names with other domains such + as .COM or .ORG before proceeding. Any advertising value may be + lost if the same or similar names exist within more than one + domain. + + + + + + + + + + + +Federal Networking Council Informational [Page 10] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + PREVENTING SIMILAR NAMES IN OTHER TOP-LEVEL DOMAINS + + Q: Our agency spent a lot of time coming up with an intuitive + domain name and now we find out that the same name exists in .COM + and .ORG and is confusing to our customers, they don't know if it + is really our site or not. How can we prevent this use of our + domain name? + + A. The only practical way is to register your name in all + available domains and hold them. We say hold (do not use) them + for the same reasons that you don't want your site spoofed -- + customer uncertainly as to whether they are in fact at a + government site. The implications of Federal agencies using other + than .GOV or FED.US is a policy matter under the statutory + authorities of the Office of Information and Regulatory Affairs of + the Office of Management and Budget. Agency CIOs should consult + with OMB prior to using domain names other than .GOV or .FED.US. + + + THIRD-LEVEL DOMAINS: CONTACTING THE SECOND-LEVEL DOMAIN + ADMINISTRATOR. + + + Q. I don't mind having a third-level domain registration, but + my parent agency does not have a second level domain or does not + provide third-level registration services. What can I do? + + A. In the first case, the registration authority can usually + provide contact information for an appropriate second level + domain. If not, an exception may be granted by the registration + authority. In the second case, make sure that you contact the + official administrative contact for the second level domain by + using the information returned by the "whois" command, e.g. "whois + STATE.GOV". The domain administrators have the responsibility of + providing third-level registration services. If an exception is + granted because there is no appropriate second level domain, it + will only be valid for two years after the subsequent + establishment of an appropriate domain. After that time, the + exception domain must register in the appropriate second-level + domain. + + + + + + + + + + + +Federal Networking Council Informational [Page 11] + +RFC 2146 U.S. Government Internet Domain Names May 1997 + + + Q. What are the implications of using a name that conflicts + with a .COM or other top-level domain? + + A. When requesting exceptions to this policy, applicants should + consider the limitations of the domain naming scheme. Many common + words and terms are already used in .COM, the largest TLD at this + time, and it may be ineffective to use the same name in .GOV. + + + + US GOVERNMENT MANUAL + + Q. How can I get the US Government Manual? + + A. Contact Superintendent of Documents + P.O. Box 371954 + Pittsburgh, PA 15250-7954 + + or see http://www.access/gpo.gov/su_docs and follow the links to + US government information. + + + +SECURITY CONSIDERATIONS + + The integrity of the information in the DNS databases and made + available through network protocols is not reliable in the Internet + environment without additional cryptographic controls or secure + lines. Agencies with secure internal network lines may be able to + count on the internal naming information as accurate, but users on + the Internet cannot. The DNS system may be enhanced by the use of + digital signatures on the provided information; as this software + becomes available, .GOV SLD administrators are encouraged to use it + provide a secure binding for the information associated with DNS + names. + + +Author's Address + + Federal Networking Council + 4001 N. Fairfax Drive + Arlington, VA 22203 + Phone: (703) 522-6410 + EMail: execdir@fnc.gov + URL: http://www.fnc.gov + + + + + + +Federal Networking Council Informational [Page 12] + |