summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc2146.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/rfc/rfc2146.txt')
-rw-r--r--doc/rfc/rfc2146.txt675
1 files changed, 675 insertions, 0 deletions
diff --git a/doc/rfc/rfc2146.txt b/doc/rfc/rfc2146.txt
new file mode 100644
index 0000000..fbadee6
--- /dev/null
+++ b/doc/rfc/rfc2146.txt
@@ -0,0 +1,675 @@
+
+
+
+
+
+
+Network Working Group Federal Networking Council
+Request For Comments: 2146 May 1997
+Category: Informational
+Obsoletes: 1816
+
+
+ U.S. Government Internet Domain Names
+
+Status of this Memo
+
+ This memo provides information for the Internet community. This memo
+ does not specify an Internet standard of any kind. Distribution of
+ this memo is unlimited.
+
+Abstract
+
+ This memo provides an update and clarification to RFC 1816. This
+ document describes the registration policies for the top-level domain
+ ".GOV". The purpose of the domain is to provide naming conventions
+ that identify US Federal government agencies in order to facilitate
+ access to their electronic resources. This memo provides guidance
+ for registrations by Federal Agencies that avoids name duplication
+ and facilitates responsiveness to the public. It restricts
+ registrations to coincide with the approved structure of the US
+ government and the advice of its Chief Information Officers. Two
+ documents are recognized as constituting documentation on the US
+ government structure: FIPS 95-1 provides a standard recognized
+ structure into which domain registrations for .GOV and FED.US can
+ fit; and, the US Government Manual [3], a special publication of the
+ Federal Register, provides official documentation of the government
+ structure. The latter document may be subject to more timely updates
+ than the former. Either document is suitable for determining which
+ entities qualify for second-level domain registration within .GOV and
+ FED.US.
+
+ As a side effect, this RFC reduces the number of .GOV and FED.US
+ level registrations and reduces the workload on the registration
+ authority. Previous versions of this document did not address the
+ FED.US domain. This document anticipates the migration of the .GOV
+ domain into the FED.US domain, in keeping with common practice on the
+ Internet today.
+
+
+
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 1]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+U.S. GOVERNMENT INTERNET DOMAIN NAMES POLICY
+
+ The .GOV domain is delegated from the root authority to the US
+ Federal Networking Council. The .GOV domain is for registration of
+ US governmental entities on the federal level only. Registrations
+ for state and local governmental agencies shall be made under the .US
+ domain in accordance with the policies for that domain. Further
+ references in this document to .GOV should be understood to apply to
+ FED.US as well. The most succinct form of the policy is "one agency,
+ one name". The agency may choose its own name, but an easily
+ recognized acronym is suggested. The following paragraphs enumerate
+ the types of agencies eligible for registration and the types that
+ are not eligible:
+
+
+ 1) The document "Codes for the Identification of Federal and
+ Federally Assisted Organizations", FIPS 95-1 (or its successor)
+ lists the official names of US Government agencies. Either that
+ document or the US Government Manual can be used to determine that
+ an entity is eligible for registration as a second level domain of
+ .GOV.
+
+ A) Top-level entities (e.g., those in FIPS 95-1 with codes
+ ending in 00 such a"1200 Department of Agriculture"), those in
+ the US Government Manual listed as "Departments, Independent
+ Establishments (not Corporations), and all the Boards,
+ Commissions, and Committees"), and independent agencies and
+ organizations (e.g., "National Science Foundation" and other
+ non-indented listings unless prohibited below) as listed in
+ this document are eligible for registration directly under
+ .GOV.
+
+ B) Cross-agency collaborative organizations (e.g.,
+ "Federal Networking Council", "Information Infrastructure Task
+ Force") are eligible for registration under .GOV upon
+ presentation of the chartering document and are the only non-
+ FIPS-listed or non-US-Government-Manual-listed organizations
+ eligible for registration under .GOV.
+
+ C) Subsidiary, non-autonomous components of top-level or
+ other entities are not eligible for separate registration.
+ International organizations listed in this document are NOT
+ eligible for registration under .GOV. Subsidiary components
+ should register as third-level domains under their parent
+ organization. Other Federal entities may apply to the FED.US
+ domain.
+
+
+
+
+
+Federal Networking Council Informational [Page 2]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ D) Organizations listed as "Federally Aided Organizations"
+ in FIPS 95-1 are not eligible for registration under .GOV and
+ should register under .ORG or other appropriate top-level
+ domain that reflects their status.
+
+ E) Organizations subsidiary to "Department of Defense"
+ must register under the ".MIL" domain via the Defense Data
+ Network Information Center - contact registrar@nic.ddn.mil.
+
+ F) Other entities may be registered by request of a
+ cognizant Chief Information Officer (CIO); CIO's are those
+ agency officials designated by the agency head in accordance
+ with the requirements of the Information Technology Management
+ Reform Act of 1996 and Executive Order 13011.
+
+ G) Federal Courts constitute a special class of domains.
+ All Federal courts seeking domain registrations should contact
+ the Administrative Office of the US Courts for their guidance
+ on policy and naming.
+
+ a) The string "SUPREME-COURT" is reserved for the Supreme
+ Court domain.
+
+ b) All other courts and their officers and officials should
+ register in .USCOURTS.GOV. The only standard exceptions to
+ these rules are changes to governmental structure due to
+ statutory, regulatory or executive directives not yet
+ reflected in the above document. The requesting agency
+ should provide documentation in one of the above forms to
+ request an exception. Other requests for exception should
+ be referred to the Federal Networking Council.
+
+ 2) A domain name should be derived from the official name for
+ the organization (e.g., "USDA.Gov" or "AGRICULTURE.GOV".) The
+ registration shall be listed in the registration database under
+ the official name (per FIPS 95-1 or US Government Manual) for the
+ organization or under the name in the chartering document.
+
+ 3) Only ONE registration and delegation shall be made for the
+ purpose of identifying an agency. The .GOV registration authority
+ shall provide registrations on a first-come first-served basis.
+ It is an individual agency matter as to which portion of the
+ agency is responsible for managing the domain space under a
+ delegated agency domain.
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 3]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ 4) Those agencies and entities that had multiple registrations
+ under .GOV may retain them until August 1998, but sub-delegations
+ will be permitted only under the one name chosen by the agency as
+ its permanent name. As of August 1996, the auxiliary domains will
+ become un-delegated and will revert to the control of the .GOV
+ owner. As of 2 August 1997, all registrations in the auxiliary
+ domains must be mirrored in the permanent domain and those names
+ should be used where possible. At the three year point, all
+ auxiliary domain registrations will be deleted (August 1998).
+
+ 5) Those agencies and entities already registered in .GOV but
+ not listed in FIPS 95-1 (e.g., DOE labs, state entities) or the US
+ Government Manual may retain their registration within the
+ constraint of the single registration rule (see para 4). No
+ further non-listed registrations will be made. State and local
+ entities are strongly encouraged to re-register under .US, but
+ this is not mandatory.
+
+
+REFERENCES
+
+ [1] Federal Information Processing Standards Publication 95-1
+ (FIPS PUB 95-1), "Codes for the Identification of Federal and
+ Federally Assisted Organizations", U.S. Department of Commerce,
+ National Institute of Standards and Technology, January 4, 1993.
+
+ [2] Postel, J., "Domain Name System Structure and Delegation", RFC
+ 1591, USC/Information Sciences Institute, March 1994.
+
+ [3] US Government Manual, Office of the Federal Register,
+ National Archives and Records Administration, Washington DC 20804.
+
+
+CLARIFICATION
+
+
+ * Registrations prior to August 1995 are grand-fathered and do NOT
+ require re-registration with the exception of duplicate registrations
+ for the SAME organization at the same level. E.g., 2 registrations
+ that represent the Department of Transportation would be considered
+ duplicates. Registrations for each of the Department of
+ Transportation and the FAA would not. (The FAA is an autonomous
+ component contained within the DOT).
+
+
+ * The policy requires resolution of all duplicate registrations by
+ August 1998.
+
+
+
+
+Federal Networking Council Informational [Page 4]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ * Local and state agencies registered under the ".GOV" domain may
+ remain there. However, they are strongly encouraged to transfer to
+ the .US domain.
+
+
+ * Cross-agency collaborative efforts may register under "FED.US"
+ as an alternative to asking for an exception to the .GOV policy.
+
+
+FREQUENTLY ASKED QUESTIONS / ANSWERS
+
+
+ EXISTING .GOV REGISTRATIONS
+
+ Q. What are examples of FIPS 95-1 Departments possessing
+ duplicate top-level domain names, and what guidance has been given
+ to them regarding these names?
+
+ A. Examples of FIPS 95-1 Departments with duplicate DNS'
+ include "STATE.GOV" and "LABOR.GOV". These departments had six
+ months (until December 1996) to determine which name is permanent
+ and which is auxiliary and three years to drop the auxiliary
+ registration.
+
+
+
+ Q. Currently, our services are defined as www.cdc.gov,
+ ftp.cdc.gov, and gopher.cdc.gov. Does this proposal mean that
+ our names will now be: www.ntb.ops.cdc.phs.dhhs.gov, etc or at a
+ minimum: www.cdc.phs.dhhs.gov, ftp.cdc.phs.dhhs.gov, and
+ gopher.cdc.phs.dhhs.gov?
+
+ A. In the case of CDC, NIST, NIH, FDA, and the numerous other
+ non-FIPS-95-1 agencies registered with ".GOV" domains, there will
+ be no changes. The existing DNS' of these agencies are grand-
+ fathered under this policy. In addition, the policy effects only
+ the domains allowed to be registered directly under .GOV; further
+ delegations are under the control of the sub-domain owner. For
+ the above, assuming the HHS sub-domain owner concurs, there is no
+ problem with the HHS registering "cdc.dhhs.gov" as a sub-domain of
+ "dhhs.gov".
+
+
+
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 5]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ Q. How will registrations by Federal Laboratories be
+ addressed?
+
+ A. The existing domain names will be grand-fathered, i.e.,
+ LBL.GOV. Any new registrations will generally be within the
+ domain of the sponsoring agency (and subject to agency policies),
+ within the .US domain as a geographic entity, or within the FED.US
+ domain.
+
+
+
+ Q. What are some examples of state government agencies
+ registered under ".GOV" domain? Will they need to change their
+ DNS?
+
+ A. Examples of cities and states that originally registered
+ under the .GOV include: WA.GOV Department of Information
+ Services, State of Washington LA.GOV Bureau of Sanitation, City of
+ Los Angeles These entities are strongly encouraged to re-register
+ in the .US domain but this is NOT mandatory. No further state and
+ local agencies will be registered under .GOV.
+
+
+
+ Q. It is not in anyone's best interest to name things by
+ organizational boundaries as these things change. Internet domain
+ names and host names, once defined and used, become so widely
+ distributed that they become virtually impossible to change.
+
+ A. The policy does not require organizations to change their
+ names once established, but individual agency policies may. The
+ DNS system contains some capabilities to assist in name transition
+ - the CNAME record provides a capability for cross-domain aliases
+ which can be used to ease a transition between one name space and
+ another. As noted in the clarifications, naming and sub-domain
+ conventions WITHIN an agency or department DNS delegation are
+ solely the province of that entity.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 6]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ Q. How can two entities have the same name registered? How
+ does this apply to NIH.GOV, FDA.GOV, and CDC.GOV, all of which are
+ large components of DHHS/PHS? NCIFCRF.GOV is a component of NIH.
+ Does it have to change? I don't understand how a distinction is
+ made if some are grand-fathered and some are not.
+
+ A. US-STATE.GOV and STATE.GOV for example. The problem is
+ actually one entity with two names. NIH.GOV and FDA.GOV represent
+ separate entities (albeit within DHHS). If there were an NIH.GOV
+ and an NIH-EAST.GOV for example, NIH would have to eliminate one
+ of them (probably moving NIH-EAST.GOV to EAST.NIH.GOV).
+
+
+
+ Q. How much is the taxpayer being asked to spend to alter tens
+ of thousands of existing computer and telecommunications systems
+ to support this RFC?
+
+ A. In August 1995 less that half-a-dozen duplicate DNS names at
+ the FIPS 95-1 level needed to be changed. Given the fact that
+ this will be accomplished over three years, the costs should be
+ minimal.
+
+ CROSS-AGENCY COLLABORATIONS
+
+
+ Q. An organization maintains a domain name that represents a
+ cross-agency community, IC.GOV, which represents members of the
+ intelligence community. As a cross-agency collaborative effort,
+ does the domain have to be re-registered?
+
+ A. The policy states that "Cross-agency collaborative
+ organizations (e.g., "Federal Networking Council", "Information
+ Infrastructure Task Force") are eligible for registration under
+ .GOV upon presentation of the chartering document and are the only
+ non-listed (in either FIPS 95-1 or the US Government Manual)
+ organizations eligible for registration under .GOV." "IC.GOV"
+ however, is grand-fathered since it is an existing domain.
+ Nevertheless, it would be appropriate to provide a copy of the
+ chartering document to the FNC for the record. This would ease
+ future changes to the IC.GOV domain if necessary.
+
+
+
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 7]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ FUTURE .GOV REGISTRATIONS
+
+
+ Q.Top level domains are roughly equivalent to cabinet-level
+ agencies identified in FIPS 95-1. What will happen if non-FIPS
+ 95-1 entities apply for the ".GOV" registration in the future?
+
+ A. The registrar will use this RFC as guidance and will not
+ grant the ".GOV" to any new entity which is not listed in the FIPS
+ 95-1 or the US Government Manual or which has not been granted an
+ exception status by the FNC Executive Committee.
+
+
+
+ Q. Suppose NIH were moved to a new Dept. of Science? Would
+ our domain name have to be changed?
+
+ A. NIH.GOV is grand-fathered under the existing policy and
+ would not change. The "Department of Science" under its own
+ policies may require you to re-register though.
+
+ FNC INTENT
+
+ Q. It is unclear how this will policy will facilitate access
+ by the public to our information, especially since most of the
+ public doesn't know our organizational structure or that CDC is
+ part of DHHS/PHS.
+
+ A. The policy attempts to avoid confusion as an increasing
+ number of entities register under the ".GOV" domain and to
+ transfer authority and responsibility for domain name space to the
+ appropriate agencies and away from a centralized authority. For
+ facilitating access, various tools and capabilities are coming
+ into use on the Internet all the time. Most of these tools
+ provide a fairly strong search capability which should obviate
+ most concerns of finding resources based on domain names.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 8]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ Q. Section 1D of this document unfairly constrains the
+ organizations within the .GOV domain in stark contrast to Section
+ 1F that grants .MIL domain organizations full freedom to operate
+ sub-domains in any manner chosen.
+
+ A. The Federal Networking Council has jurisdiction over the
+ .GOV domain names; .MIL domain names fall within the jurisdiction
+ of the Department of Defense. The .MIL domain has had a written
+ policy delimiting which DOD agencies get registered directly under
+ .MIL since about 1987 when the DNS first started to come into use.
+ Individual agencies under the .MIL domain (e.g., AF.MIL/US Air
+ Force) are responsible for setting policy within their domains and
+ for registrations within those domains. This is exactly
+ equivalent to the .GOV domain - an individual agency (e.g.,
+ Treasury.GOV/Dept of Treasury) may and should set policy for sub-
+ registrations within their domain.
+
+
+
+ Q. Section 1B identifies several law enforcement agencies as
+ being "autonomous" for the purposes of domain registration. What
+ is the selection criteria for an "autonomous law enforcement"
+ agency? For instance, the Internal Revenue Service (IRS) is
+ responsible for law enforcement as is the Bureau of Alcohol,
+ Tobacco, and Firearms (ATF).
+
+ A. The selection criteria for "law enforcement agency" is based
+ on primary mission. A case could be made for either or both of
+ these being law enforcement agencies, although the IRS' primary
+ mission is tax revenue collection and has few armed officers
+ relative to its size. An "autonomous" agency is one with mission
+ and role distinct and (possibly) separate from its containing
+ department. Unfortunately, FIPS 95-1 does not do a good job of
+ identifying "autonomous" entities. In the event of problems with
+ registration, ask the registrar to get a ruling from the
+ registration authority.
+
+ ROUTING QUESTIONS
+
+ Q. How will Domain Name Service resolution on the Internet
+ work? Instead of a root DNS server returning the address of
+ CDC.GOV and immediately directing inquires to our DNS servers,
+ will the root server return a DNS pointer to DHHS, then DHHS will
+ resolve to PHS, then a fourth DNS query to get to CDC? This will
+ add unnecessary traffic to the Net. (example is the host
+ CDC.PHS.DHHS.GOV)
+
+
+
+
+
+Federal Networking Council Informational [Page 9]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ A. The answer is based on how you (personally and agency wide)
+ configure your servers. First, most servers cache previous
+ answers - they may have to ask once, but generally remember the
+ answer if they need it again. Information directly under .GOV will
+ be fairly long-lived which substantially reduces the requirement
+ to query .GOV server. Secondly, multiple levels of the DNS tree
+ MAY reside on the same server. In the above example the
+ information for DHHS.GOV, PHS.DHHS.GOV and CDC.PHS.DHHS.GOV could
+ all reside on the same server. Assuming the location of the
+ DHHS.GOV server was not cached, it would require two queries.
+ Further queries would cache the location of this server and the
+ servers associated with the domains it serves. Lastly, the
+ individual agencies may structure their domains as they please.
+ CDC could reside directly under DHHS.GOV as CDC.DHHS.GOV subject
+ to HHS's own policies.
+
+
+
+ USING DNS FOR ADVERTISING SERVICES
+
+ Q. How can agencies utilize domain names for public service
+ announcements such as regulatory information, health services,
+ etc.?
+
+ A. The use of Domain Names for "advertising" is not encouraged,
+ and there is no empirical data showing that Domain Names are
+ effective for such purposes. Moreover, while it may appear a
+ reasonable assumption, we know of no evidence to show that using
+ even commonly know agency, program or service names as domain
+ names in fact, facilitates locating any particular program or
+ service. Indeed, we find it as reasonable to conclude that, by
+ using freely available search engines, a user could locate
+ responsive information before they would successfully "guess" the
+ appropriate domain name. If the agency CIO deems it advisable to
+ pursue "advertising via domain names," the agency should use WHOIS
+ utility (e.g., whois EXAMPLE.COM or whois EXAMPLE.ORG) to
+ determine if similar or conflicting names with other domains such
+ as .COM or .ORG before proceeding. Any advertising value may be
+ lost if the same or similar names exist within more than one
+ domain.
+
+
+
+
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 10]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ PREVENTING SIMILAR NAMES IN OTHER TOP-LEVEL DOMAINS
+
+ Q: Our agency spent a lot of time coming up with an intuitive
+ domain name and now we find out that the same name exists in .COM
+ and .ORG and is confusing to our customers, they don't know if it
+ is really our site or not. How can we prevent this use of our
+ domain name?
+
+ A. The only practical way is to register your name in all
+ available domains and hold them. We say hold (do not use) them
+ for the same reasons that you don't want your site spoofed --
+ customer uncertainly as to whether they are in fact at a
+ government site. The implications of Federal agencies using other
+ than .GOV or FED.US is a policy matter under the statutory
+ authorities of the Office of Information and Regulatory Affairs of
+ the Office of Management and Budget. Agency CIOs should consult
+ with OMB prior to using domain names other than .GOV or .FED.US.
+
+
+ THIRD-LEVEL DOMAINS: CONTACTING THE SECOND-LEVEL DOMAIN
+ ADMINISTRATOR.
+
+
+ Q. I don't mind having a third-level domain registration, but
+ my parent agency does not have a second level domain or does not
+ provide third-level registration services. What can I do?
+
+ A. In the first case, the registration authority can usually
+ provide contact information for an appropriate second level
+ domain. If not, an exception may be granted by the registration
+ authority. In the second case, make sure that you contact the
+ official administrative contact for the second level domain by
+ using the information returned by the "whois" command, e.g. "whois
+ STATE.GOV". The domain administrators have the responsibility of
+ providing third-level registration services. If an exception is
+ granted because there is no appropriate second level domain, it
+ will only be valid for two years after the subsequent
+ establishment of an appropriate domain. After that time, the
+ exception domain must register in the appropriate second-level
+ domain.
+
+
+
+
+
+
+
+
+
+
+
+Federal Networking Council Informational [Page 11]
+
+RFC 2146 U.S. Government Internet Domain Names May 1997
+
+
+ Q. What are the implications of using a name that conflicts
+ with a .COM or other top-level domain?
+
+ A. When requesting exceptions to this policy, applicants should
+ consider the limitations of the domain naming scheme. Many common
+ words and terms are already used in .COM, the largest TLD at this
+ time, and it may be ineffective to use the same name in .GOV.
+
+
+
+ US GOVERNMENT MANUAL
+
+ Q. How can I get the US Government Manual?
+
+ A. Contact Superintendent of Documents
+ P.O. Box 371954
+ Pittsburgh, PA 15250-7954
+
+ or see http://www.access/gpo.gov/su_docs and follow the links to
+ US government information.
+
+
+
+SECURITY CONSIDERATIONS
+
+ The integrity of the information in the DNS databases and made
+ available through network protocols is not reliable in the Internet
+ environment without additional cryptographic controls or secure
+ lines. Agencies with secure internal network lines may be able to
+ count on the internal naming information as accurate, but users on
+ the Internet cannot. The DNS system may be enhanced by the use of
+ digital signatures on the provided information; as this software
+ becomes available, .GOV SLD administrators are encouraged to use it
+ provide a secure binding for the information associated with DNS
+ names.
+
+
+Author's Address
+
+ Federal Networking Council
+ 4001 N. Fairfax Drive
+ Arlington, VA 22203
+ Phone: (703) 522-6410
+ EMail: execdir@fnc.gov
+ URL: http://www.fnc.gov
+
+
+
+
+
+
+Federal Networking Council Informational [Page 12]
+