summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc2146.txt
blob: fbadee60b2f49760e30a160b37182baa4db50fe7 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
Network Working Group                         Federal Networking Council
Request For Comments: 2146                                      May 1997
Category: Informational
Obsoletes: 1816


                 U.S. Government Internet Domain Names

Status of this Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   This memo provides an update and clarification to RFC 1816.  This
   document describes the registration policies for the top-level domain
   ".GOV".  The purpose of the domain is to provide naming conventions
   that identify US Federal government agencies in order to facilitate
   access to their electronic resources.  This memo provides guidance
   for registrations by Federal Agencies that avoids name duplication
   and facilitates responsiveness to the public.  It restricts
   registrations to coincide with the approved structure of the US
   government and the advice of its Chief Information Officers.  Two
   documents are recognized as constituting documentation on the US
   government structure: FIPS 95-1 provides a standard recognized
   structure into which domain registrations for .GOV and FED.US can
   fit; and, the US Government Manual [3], a special publication of the
   Federal Register, provides official documentation of the government
   structure. The latter document may be subject to more timely updates
   than the former.  Either document is suitable for determining which
   entities qualify for second-level domain registration within .GOV and
   FED.US.

   As a side effect, this RFC reduces the number of .GOV and FED.US
   level registrations and reduces the workload on the registration
   authority.  Previous versions of this document did not address the
   FED.US domain.  This document anticipates the migration of the .GOV
   domain into the FED.US domain, in keeping with common practice on the
   Internet today.










Federal Networking Council   Informational                      [Page 1]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


U.S. GOVERNMENT INTERNET DOMAIN NAMES POLICY

   The .GOV domain is delegated from the root authority to the US
   Federal Networking Council.  The .GOV domain is for registration of
   US governmental entities on the federal level only.  Registrations
   for state and local governmental agencies shall be made under the .US
   domain in accordance with the policies for that domain.  Further
   references in this document to .GOV should be understood to apply to
   FED.US as well.  The most succinct form of the policy is "one agency,
   one name".  The agency may choose its own name, but an easily
   recognized acronym is suggested.  The following paragraphs enumerate
   the types of agencies eligible for registration and the types that
   are not eligible:


         1) The document "Codes for the Identification of Federal and
      Federally Assisted Organizations", FIPS 95-1 (or its successor)
      lists the official names of US Government agencies.  Either that
      document or the US Government Manual can be used to determine that
      an entity is eligible for registration as a second level domain of
      .GOV.

              A) Top-level entities (e.g., those in FIPS 95-1 with codes
         ending in 00 such a"1200 Department of Agriculture"), those in
         the US Government Manual listed as "Departments, Independent
         Establishments (not Corporations), and all the Boards,
         Commissions, and Committees"), and independent agencies and
         organizations (e.g., "National Science Foundation" and other
         non-indented listings unless prohibited below) as listed in
         this document are eligible for registration directly under
         .GOV.

              B) Cross-agency collaborative organizations (e.g.,
         "Federal Networking Council", "Information Infrastructure Task
         Force") are eligible for registration under .GOV upon
         presentation of the chartering document and are the only non-
         FIPS-listed or non-US-Government-Manual-listed organizations
         eligible for registration under .GOV.

              C) Subsidiary, non-autonomous components of top-level or
         other entities are not eligible for separate registration.
         International organizations listed in this document are NOT
         eligible for registration under .GOV.  Subsidiary components
         should register as third-level domains under their parent
         organization.  Other Federal entities may apply to the FED.US
         domain.





Federal Networking Council   Informational                      [Page 2]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


              D) Organizations listed as "Federally Aided Organizations"
         in FIPS 95-1 are not eligible for registration under .GOV and
         should register under .ORG or other appropriate top-level
         domain that reflects their status.

              E) Organizations subsidiary to "Department of Defense"
         must register under the ".MIL" domain via the Defense Data
         Network Information Center - contact registrar@nic.ddn.mil.

              F) Other entities may be registered by request of a
         cognizant Chief Information Officer (CIO); CIO's are those
         agency officials designated by the agency head in accordance
         with the requirements of the Information Technology Management
         Reform Act of 1996 and Executive Order 13011.

              G) Federal Courts constitute a special class of domains.
         All Federal courts seeking domain registrations should contact
         the Administrative Office of the US Courts for their guidance
         on policy and naming.

            a) The string "SUPREME-COURT" is reserved for the Supreme
            Court domain.

            b) All other courts and their officers and officials should
            register in .USCOURTS.GOV.  The only standard exceptions to
            these rules are changes to governmental structure due to
            statutory, regulatory or executive directives not yet
            reflected in the above document.  The requesting agency
            should provide documentation in one of the above forms to
            request an exception.  Other requests for exception should
            be referred to the Federal Networking Council.

         2) A domain name should be derived from the official name for
      the organization (e.g., "USDA.Gov" or "AGRICULTURE.GOV".)  The
      registration shall be listed in the registration database under
      the official name (per FIPS 95-1 or US Government Manual) for the
      organization or under the name in the chartering document.

         3) Only ONE registration and delegation shall be made for the
      purpose of identifying an agency.  The .GOV registration authority
      shall provide registrations on a first-come first-served basis.
      It is an individual agency matter as to which portion of the
      agency is responsible for managing the domain space under a
      delegated agency domain.







Federal Networking Council   Informational                      [Page 3]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


         4) Those agencies and entities that had multiple registrations
      under .GOV may retain them until August 1998, but sub-delegations
      will be permitted only under the one name chosen by the agency as
      its permanent name.  As of August 1996, the auxiliary domains will
      become un-delegated and will revert to the control of the .GOV
      owner.  As of 2 August 1997, all registrations in the auxiliary
      domains must be mirrored in the permanent domain and those names
      should be used where possible. At the three year point, all
      auxiliary domain registrations will be deleted (August 1998).

         5) Those agencies and entities already registered in .GOV but
      not listed in FIPS 95-1 (e.g., DOE labs, state entities) or the US
      Government Manual may retain their registration within the
      constraint of the single registration rule (see para 4).  No
      further non-listed registrations will be made.  State and local
      entities are strongly encouraged to re-register under .US, but
      this is not mandatory.


REFERENCES

      [1] Federal Information Processing Standards Publication 95-1
   (FIPS PUB 95-1), "Codes for the Identification of Federal and
   Federally Assisted Organizations", U.S. Department of Commerce,
   National Institute of Standards and Technology, January 4, 1993.

      [2] Postel, J., "Domain Name System Structure and Delegation", RFC
   1591, USC/Information Sciences Institute, March 1994.

      [3] US Government Manual,  Office of the Federal Register,
   National Archives and Records Administration, Washington DC 20804.


CLARIFICATION


      * Registrations prior to August 1995 are grand-fathered and do NOT
   require re-registration with the exception of duplicate registrations
   for the SAME organization at the same level.  E.g., 2 registrations
   that represent the Department of Transportation would be considered
   duplicates.  Registrations for each of the Department of
   Transportation and the FAA would not.  (The FAA is an autonomous
   component contained within the DOT).


      * The policy requires resolution of all duplicate registrations by
   August 1998.




Federal Networking Council   Informational                      [Page 4]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


      * Local and state agencies registered under the ".GOV" domain may
   remain there.  However, they are strongly encouraged to transfer to
   the .US domain.


      * Cross-agency collaborative efforts may register under "FED.US"
   as an alternative to asking for an exception to the .GOV policy.


FREQUENTLY ASKED QUESTIONS / ANSWERS


   EXISTING .GOV REGISTRATIONS

         Q.  What are examples of FIPS 95-1 Departments possessing
      duplicate top-level domain names, and what guidance has been given
      to them regarding these names?

         A.  Examples of FIPS 95-1 Departments with duplicate DNS'
      include "STATE.GOV" and "LABOR.GOV".  These departments had six
      months (until December 1996) to determine which name is permanent
      and which is auxiliary and three years to drop the auxiliary
      registration.



         Q.  Currently, our services are defined as www.cdc.gov,
      ftp.cdc.gov,  and gopher.cdc.gov.  Does this proposal mean that
      our names will now be: www.ntb.ops.cdc.phs.dhhs.gov, etc or at a
      minimum: www.cdc.phs.dhhs.gov, ftp.cdc.phs.dhhs.gov, and
      gopher.cdc.phs.dhhs.gov?

         A.  In the case of CDC, NIST, NIH, FDA, and the numerous other
      non-FIPS-95-1 agencies registered with ".GOV" domains, there will
      be no changes.  The existing DNS' of these agencies are grand-
      fathered under this policy.  In addition, the policy effects only
      the domains allowed to be registered directly under .GOV; further
      delegations are under the control of the sub-domain owner.  For
      the above, assuming the HHS sub-domain owner concurs, there is no
      problem with the HHS registering "cdc.dhhs.gov" as a sub-domain of
      "dhhs.gov".










Federal Networking Council   Informational                      [Page 5]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


         Q.  How will registrations by Federal Laboratories be
      addressed?

         A. The existing domain names will be grand-fathered, i.e.,
      LBL.GOV.  Any new registrations will generally be within the
      domain of the sponsoring agency (and subject to agency policies),
      within the .US domain as a geographic entity, or within the FED.US
      domain.



         Q.  What are some examples of state government agencies
      registered under ".GOV" domain?  Will they need to change their
      DNS?

         A.  Examples of cities and states that originally registered
      under the .GOV include:  WA.GOV Department of Information
      Services, State of Washington LA.GOV Bureau of Sanitation, City of
      Los Angeles These entities are strongly encouraged to re-register
      in the .US domain but this is NOT mandatory.  No further state and
      local agencies will be registered under .GOV.



         Q.  It is not in anyone's best interest to name things by
      organizational boundaries as these things change. Internet domain
      names and host names, once defined and used, become so widely
      distributed that they become virtually impossible to change.

         A.  The policy does not require organizations to change their
      names once established, but individual agency policies may.  The
      DNS system contains some capabilities to assist in name transition
      - the CNAME record provides a capability for cross-domain aliases
      which can be used to ease a transition between one name space and
      another.  As noted in the clarifications, naming and sub-domain
      conventions WITHIN an agency or department DNS delegation are
      solely the province of that entity.














Federal Networking Council   Informational                      [Page 6]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


         Q.  How can two entities have the same name registered?  How
      does this apply to NIH.GOV, FDA.GOV, and CDC.GOV, all of which are
      large components of DHHS/PHS?  NCIFCRF.GOV is a component of NIH.
      Does it have to change?  I don't understand how a distinction is
      made if some are grand-fathered and some are not.

        A. US-STATE.GOV and STATE.GOV for example.  The problem is
      actually one entity with two names.  NIH.GOV and FDA.GOV represent
      separate entities (albeit within DHHS).  If there were an NIH.GOV
      and an NIH-EAST.GOV for example, NIH would have to eliminate one
      of them (probably moving NIH-EAST.GOV to EAST.NIH.GOV).



         Q.  How much is the taxpayer being asked to spend to alter tens
      of thousands of existing computer and telecommunications systems
      to support this RFC?

         A. In August 1995 less that half-a-dozen duplicate DNS names at
      the FIPS 95-1 level needed to be changed.  Given the fact that
      this will be accomplished over three years, the costs should be
      minimal.

   CROSS-AGENCY COLLABORATIONS


         Q.  An organization maintains a domain name that represents a
      cross-agency community, IC.GOV, which represents members of the
      intelligence community.  As a cross-agency collaborative effort,
      does the domain have to be re-registered?

      A.  The policy states that "Cross-agency collaborative
      organizations (e.g., "Federal Networking Council", "Information
      Infrastructure Task Force") are eligible for registration under
      .GOV upon presentation of the chartering document and are the only
      non-listed (in either FIPS 95-1 or the US Government Manual)
      organizations eligible for registration under .GOV."  "IC.GOV"
      however, is grand-fathered since it is an existing domain.
      Nevertheless, it would be appropriate to provide a copy of the
      chartering document to the FNC for the record.  This would ease
      future changes to the IC.GOV domain if necessary.










Federal Networking Council   Informational                      [Page 7]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


   FUTURE .GOV REGISTRATIONS


        Q.Top level domains are roughly equivalent to cabinet-level
      agencies identified in FIPS 95-1.  What will happen if non-FIPS
      95-1 entities apply for the ".GOV" registration in the future?

        A.  The registrar will use this RFC as guidance and will not
      grant the ".GOV" to any new entity which is not listed in the FIPS
      95-1 or the US Government Manual or which has not been granted an
      exception status by the FNC Executive Committee.



         Q.  Suppose NIH were moved to a new Dept. of Science?  Would
      our domain name have to be changed?

         A.  NIH.GOV is grand-fathered under the existing policy and
      would not change.  The "Department of Science" under its own
      policies may require you to re-register though.

   FNC INTENT

         Q.  It is unclear how this will policy will facilitate access
      by the public to our information, especially since most of the
      public doesn't know our organizational structure or that CDC is
      part of DHHS/PHS.

         A. The policy attempts to avoid confusion as an increasing
      number of entities register under the ".GOV" domain and to
      transfer authority and responsibility for domain name space to the
      appropriate agencies and away from a centralized authority.  For
      facilitating access, various tools and capabilities are coming
      into use on the Internet all the time.  Most of these tools
      provide a fairly strong search capability which should obviate
      most concerns of finding resources based on domain names.















Federal Networking Council   Informational                      [Page 8]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


         Q.  Section 1D of this document unfairly constrains the
      organizations within the .GOV domain in stark contrast to Section
      1F that grants .MIL domain organizations full freedom to operate
      sub-domains in any manner chosen.

         A.  The Federal Networking Council has jurisdiction over the
      .GOV domain names; .MIL domain names fall within the jurisdiction
      of the Department of Defense.  The .MIL domain has had a written
      policy delimiting which DOD agencies get registered directly under
      .MIL since about 1987 when the DNS first started to come into use.
      Individual agencies under the .MIL domain (e.g., AF.MIL/US Air
      Force) are responsible for setting policy within their domains and
      for registrations within those domains.  This is exactly
      equivalent to the .GOV domain - an individual agency (e.g.,
      Treasury.GOV/Dept of Treasury) may and should set policy for sub-
      registrations within their domain.



         Q.  Section 1B identifies several law enforcement agencies as
      being "autonomous" for the purposes of domain registration.  What
      is the selection criteria for an "autonomous law enforcement"
      agency?  For instance, the Internal Revenue Service (IRS) is
      responsible for law enforcement as is the Bureau of Alcohol,
      Tobacco, and Firearms (ATF).

        A.  The selection criteria for "law enforcement agency" is based
      on primary mission.  A case could be made for either or both of
      these being law enforcement agencies, although the IRS' primary
      mission is tax revenue collection and has few armed officers
      relative to its size.  An "autonomous" agency is one with mission
      and role distinct and (possibly) separate from its containing
      department.  Unfortunately, FIPS 95-1 does not do a good job of
      identifying "autonomous" entities.  In the event of problems with
      registration, ask the registrar to get a ruling from the
      registration authority.

   ROUTING QUESTIONS

        Q.  How will Domain Name Service resolution on the Internet
      work?  Instead of a root DNS server returning the address of
      CDC.GOV and immediately directing inquires to our DNS servers,
      will the root server return a DNS pointer to DHHS, then DHHS will
      resolve to PHS, then a fourth DNS query to get to CDC?  This will
      add unnecessary traffic to the Net.  (example is the host
      CDC.PHS.DHHS.GOV)





Federal Networking Council   Informational                      [Page 9]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


         A.  The answer is based on how you (personally and agency wide)
      configure your servers.  First, most servers cache previous
      answers - they may have to ask once, but generally remember the
      answer if they need it again. Information directly under .GOV will
      be fairly long-lived which substantially reduces the requirement
      to query .GOV server.  Secondly, multiple levels of the DNS tree
      MAY reside on the same server.  In the above example the
      information for DHHS.GOV, PHS.DHHS.GOV and CDC.PHS.DHHS.GOV could
      all reside on the same server.  Assuming the  location of the
      DHHS.GOV server was not cached, it would require two queries.
      Further queries would cache the location of this server and the
      servers associated with the domains it serves.  Lastly, the
      individual agencies may structure their domains as they please.
      CDC could reside directly under DHHS.GOV as CDC.DHHS.GOV subject
      to HHS's own policies.



   USING DNS FOR ADVERTISING SERVICES

         Q.  How can agencies utilize domain names for public service
      announcements such as regulatory information, health services,
      etc.?

        A.  The use of Domain Names for "advertising" is not encouraged,
      and there is no empirical data showing that Domain Names are
      effective for such purposes.  Moreover, while it may appear a
      reasonable assumption, we know of no evidence to show that using
      even commonly know agency, program or service names as domain
      names in fact, facilitates locating any particular program or
      service.  Indeed, we find it as reasonable to conclude that, by
      using freely available search engines, a user could locate
      responsive information before they would successfully "guess" the
      appropriate domain name. If the agency CIO deems it advisable to
      pursue "advertising via domain names," the agency should use WHOIS
      utility (e.g., whois EXAMPLE.COM or whois EXAMPLE.ORG) to
      determine if similar or conflicting names with other domains such
      as .COM or .ORG before proceeding.  Any advertising value may be
      lost if the same or similar names exist within more than one
      domain.











Federal Networking Council   Informational                     [Page 10]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


   PREVENTING SIMILAR NAMES IN OTHER TOP-LEVEL DOMAINS

         Q:  Our agency spent a lot of time coming up with an intuitive
      domain name and now we find out that the same name exists in .COM
      and .ORG and is confusing to our customers, they don't know if it
      is really our site or not.  How can we prevent this use of our
      domain name?

         A.  The only practical way is to register your name in all
      available domains and hold them.  We say hold (do not use) them
      for the same reasons that you don't want your site spoofed --
      customer uncertainly as to whether they are in fact at a
      government site.  The implications of Federal agencies using other
      than .GOV or FED.US is a policy matter under the statutory
      authorities of the Office of Information and Regulatory Affairs of
      the Office of Management and Budget.  Agency  CIOs should consult
      with OMB prior to using domain names other than .GOV or .FED.US.


   THIRD-LEVEL DOMAINS:  CONTACTING THE SECOND-LEVEL DOMAIN
   ADMINISTRATOR.


         Q. I don't mind having a third-level domain registration, but
      my parent agency does not have a second level domain or does not
      provide third-level registration services.  What can I do?

        A.  In the first case, the registration authority can usually
      provide contact information for an appropriate second level
      domain.  If not, an exception may be granted by the registration
      authority.  In the second case, make sure that you contact the
      official administrative contact for the second level domain by
      using the information returned by the "whois" command, e.g. "whois
      STATE.GOV".  The domain administrators have the responsibility of
      providing third-level registration services. If an exception is
      granted because there is no appropriate second level domain, it
      will only be valid for two years after the subsequent
      establishment of an appropriate domain. After that time, the
      exception domain must register in the appropriate second-level
      domain.











Federal Networking Council   Informational                     [Page 11]
^L
RFC 2146         U.S. Government Internet Domain Names          May 1997


         Q.  What are the implications of using a name that conflicts
      with a .COM or other top-level domain?

        A.  When requesting exceptions to this policy, applicants should
      consider the limitations of the domain naming scheme.  Many common
      words and terms are already used in .COM, the largest TLD at this
      time, and it may be ineffective to use the same name in .GOV.



   US GOVERNMENT MANUAL

         Q. How can I get the US Government Manual?

         A.  Contact Superintendent of Documents
                P.O. Box 371954
                Pittsburgh, PA 15250-7954

      or see http://www.access/gpo.gov/su_docs and follow the links to
      US government information.



SECURITY CONSIDERATIONS

      The integrity of the information in the DNS databases and made
   available through network protocols is not reliable in the Internet
   environment without additional cryptographic controls or secure
   lines.  Agencies with secure internal network lines may be able to
   count on the internal naming information as accurate, but users on
   the Internet cannot.  The DNS system may be enhanced by the use of
   digital signatures on the provided information; as this software
   becomes available, .GOV SLD administrators are encouraged to use it
   provide a secure binding for the information associated with DNS
   names.


Author's Address

      Federal Networking Council
      4001 N. Fairfax Drive
      Arlington, VA 22203
      Phone: (703) 522-6410
      EMail: execdir@fnc.gov
      URL:  http://www.fnc.gov






Federal Networking Council   Informational                     [Page 12]
^L