电脑技术学习

RFC2146 - U.S

dn001

  Network Working Group Federal Networking Council
Request For Comments: 2146 May 1997
Category: Informational
Obsoletes: 1816

U.S. Government Internet Domain Names

Status of this Memo

This memo provides information for the Internet community. This memo
does not specify an Internet standard of any kind. Distribution of
this memo is unlimited.

Abstract

This memo provides an update and clarification to RFC1816. This
document describes the registration policies for the top-level domain
".GOV". The purpose of the domain is to provide naming conventions
that identify US Federal government agencies in order to facilitate
Access to their electronic resources. This memo provides guidance
for registrations by Federal Agencies that avoids name duplication
and facilitates responsiveness to the public. It restricts
registrations to coincide with the approved strUCture of the US
government and the advice of its Chief Information Officers. Two
documents are recognized as constituting documentation on the US
government structure: FIPS 95-1 provides a standard recognized
structure into which domain registrations for .GOV and FED.US can
fit; and, the US Government Manual [3], a special publication of the
Federal Register, provides official documentation of the government
structure. The latter document may be subject to more timely updates
than the former. Either document is suitable for determining which
entities qualify for second-level domain registration within .GOV and
FED.US.

As a side effect, this RFCreduces the number of .GOV and FED.US
level registrations and reduces the workload on the registration
authority. Previous versions of this document did not address the
FED.US domain. This document anticipates the migration of the .GOV
domain into the FED.US domain, in keeping with common practice on the
Internet today.

U.S. GOVERNMENT INTERNET DOMAIN NAMES POLICY

The .GOV domain is delegated from the root authority to the US
Federal Networking Council. The .GOV domain is for registration of
US governmental entities on the federal level only. Registrations
for state and local governmental agencies shall be made under the .US
domain in accordance with the policies for that domain. Further
references in this document to .GOV should be understood to apply to
FED.US as well. The most succinct form of the policy is "one agency,
one name". The agency may choose its own name, but an easily
recognized acronym is suggested. The following paragraphs enumerate
the types of agencies eligible for registration and the types that
are not eligible:

1) The document "Codes for the Identification of Federal and
Federally Assisted Organizations", FIPS 95-1 (or its successor)
lists the official names of US Government agencies. Either that
document or the US Government Manual can be used to determine that
an entity is eligible for registration as a second level domain of
.GOV.

A) Top-level entities (e.g., those in FIPS 95-1 with codes
ending in 00 such a"1200 Department of Agriculture"), those in
the US Government Manual listed as "Departments, Independent
Establishments (not Corporations), and all the Boards,
Commissions, and Committees"), and independent agencies and
organizations (e.g., "National Science Foundation" and other
non-indented listings unless prohibited below) as listed in
this document are eligible for registration directly under
.GOV.

B) Cross-agency collaborative organizations (e.g.,
"Federal Networking Council", "Information Infrastructure Task
Force") are eligible for registration under .GOV upon
presentation of the chartering document and are the only non-
FIPS-listed or non-US-Government-Manual-listed organizations
eligible for registration under .GOV.

C) Subsidiary, non-autonomous components of top-level or
other entities are not eligible for separate registration.
International organizations listed in this document are NOT
eligible for registration under .GOV. Subsidiary components
should register as third-level domains under their parent
organization. Other Federal entities may apply to the FED.US
domain.

D) Organizations listed as "Federally Aided Organizations"
in FIPS 95-1 are not eligible for registration under .GOV and
should register under .ORG or other appropriate top-level
domain that reflects their status.

E) Organizations subsidiary to "Department of Defense"
must register under the ".MIL" domain via the Defense Data
Network Information Center - contact registrar@nic.ddn.mil.

F) Other entities may be registered by request of a
cognizant Chief Information Officer (CIO); CIO's are those
agency officials designated by the agency head in accordance
with the requirements of the Information Technology Management
Reform Act of 1996 and Executive Order 13011.

G) Federal Courts constitute a special class of domains.
All Federal courts seeking domain registrations should contact
the Administrative Office of the US Courts for their guidance
on policy and naming.

a) The string "SUPREME-COURT" is reserved for the Supreme
Court domain.

b) All other courts and their officers and officials should
register in .USCOURTS.GOV. The only standard exceptions to
these rules are changes to governmental structure due to
statutory, regulatory or executive directives not yet
reflected in the above document. The requesting agency
should provide documentation in one of the above forms to
request an exception. Other requests for exception should
be referred to the Federal Networking Council.

2) A domain name should be derived from the official name for
the organization (e.g., "USDA.Gov" or "AGRICULTURE.GOV".) The
registration shall be listed in the registration database under
the official name (per FIPS 95-1 or US Government Manual) for the
organization or under the name in the chartering document.

3) Only ONE registration and delegation shall be made for the
purpose of identifying an agency. The .GOV registration authority
shall provide registrations on a first-come first-served basis.
It is an individual agency matter as to which portion of the
agency is responsible for managing the domain space under a
delegated agency domain.

4) Those agencies and entities that had multiple registrations
under .GOV may retain them until August 1998, but sub-delegations
will be permitted only under the one name chosen by the agency as
its permanent name. As of August 1996, the auxiliary domains will
become un-delegated and will revert to the control of the .GOV
owner. As of 2 August 1997, all registrations in the auxiliary
domains must be mirrored in the permanent domain and those names
should be used where possible. At the three year point, all
auxiliary domain registrations will be deleted (August 1998).

5) Those agencies and entities already registered in .GOV but
not listed in FIPS 95-1 (e.g., DOE labs, state entities) or the US
Government Manual may retain their registration within the
constraint of the single registration rule (see para 4). No
further non-listed registrations will be made. State and local
entities are strongly encouraged to re-register under .US, but
this is not mandatory.

REFERENCES

[1] Federal Information Processing Standards Publication 95-1
(FIPS PUB 95-1), "Codes for the Identification of Federal and
Federally Assisted Organizations", U.S. Department of Commerce,
National Institute of Standards and Technology, January 4, 1993.

[2] Postel, J., "Domain Name System Structure and Delegation", RFC
1591, USC/Information Sciences Institute, March 1994.

[3] US Government Manual, Office of the Federal Register,
National Archives and Records Administration, Washington DC 20804.

CLARIFICATION

* Registrations prior to August 1995 are grand-fathered and do NOT
require re-registration with the exception of duplicate registrations
for the SAME organization at the same level. E.g., 2 registrations
that represent the Department of Transportation would be considered
duplicates. Registrations for each of the Department of
Transportation and the FAA would not. (The FAA is an autonomous
component contained within the DOT).

* The policy requires resolution of all duplicate registrations by
August 1998.

* Local and state agencies registered under the ".GOV" domain may
remain there. However, they are strongly encouraged to transfer to
the .US domain.

* Cross-agency collaborative efforts may register under "FED.US"
as an alternative to aSKINg for an exception to the .GOV policy.

FREQUENTLY ASKED QUESTIONS / ANSWERS

EXISTING .GOV REGISTRATIONS

Q. What are examples of FIPS 95-1 Departments possessing
duplicate top-level domain names, and what guidance has been given
to them regarding these names?

A. Examples of FIPS 95-1 Departments with duplicate DNS'
include "STATE.GOV" and "LABOR.GOV". These departments had six
months (until December 1996) to determine which name is permanent
and which is auxiliary and three years to drop the auxiliary
registration.

Q. Currently, our services are defined as www.cdc.gov,
FTP.cdc.gov, and gopher.cdc.gov. Does this proposal mean that
our names will now be: www.ntb.ops.cdc.phs.dhhs.gov, etc or at a
minimum: www.cdc.phs.dhhs.gov, ftp.cdc.phs.dhhs.gov, and
gopher.cdc.phs.dhhs.gov?

A. In the case of CDC, NIST, NIH, FDA, and the numerous other
non-FIPS-95-1 agencies registered with ".GOV" domains, there will
be no changes. The existing DNS' of these agencies are grand-
fathered under this policy. In addition, the policy effects only
the domains allowed to be registered directly under .GOV; further
delegations are under the control of the sub-domain owner. For
the above, assuming the HHS sub-domain owner concurs, there is no
problem with the HHS registering "cdc.dhhs.gov" as a sub-domain of
"dhhs.gov".

Q. How will registrations by Federal Laboratories be
addressed?

A. The existing domain names will be grand-fathered, i.e.,
LBL.GOV. Any new registrations will generally be within the
domain of the sponsoring agency (and subject to agency policies),
within the .US domain as a geographic entity, or within the FED.US
domain.

Q. What are some examples of state government agencies
registered under ".GOV" domain? Will they need to change their
DNS?

A. Examples of cities and states that originally registered
under the .GOV include: WA.GOV Department of Information
Services, State of Washington LA.GOV Bureau of Sanitation, City of
Los Angeles These entities are strongly encouraged to re-register
in the .US domain but this is NOT mandatory. No further state and
local agencies will be registered under .GOV.

Q. It is not in anyone's best interest to name things by
organizational boundaries as these things change. Internet domain
names and host names, once defined and used, become so widely
distributed that they become virtually impossible to change.

A. The policy does not require organizations to change their
names once established, but individual agency policies may. The
DNS system contains some capabilities to assist in name transition
- the CNAME record provides a capability for cross-domain aliases
which can be used to ease a transition between one name space and
another. As noted in the clarifications, naming and sub-domain
conventions WITHIN an agency or department DNS delegation are
solely the province of that entity.

Q. How can two entities have the same name registered? How
does this apply to NIH.GOV, FDA.GOV, and CDC.GOV, all of which are
large components of DHHS/PHS? NCIFCRF.GOV is a component of NIH.
Does it have to change? I don't understand how a distinction is
made if some are grand-fathered and some are not.

A. US-STATE.GOV and STATE.GOV for example. The problem is
actually one entity with two names. NIH.GOV and FDA.GOV represent
separate entities (albeit within DHHS). If there were an NIH.GOV
and an NIH-EAST.GOV for example, NIH would have to eliminate one
of them (probably moving NIH-EAST.GOV to EAST.NIH.GOV).

Q. How much is the taXPayer being asked to spend to alter tens
of thousands of existing computer and telecommunications systems
to support this RFC?

A. In August 1995 less that half-a-dozen duplicate DNS names at
the FIPS 95-1 level needed to be changed. Given the fact that
this will be accomplished over three years, the costs should be
minimal.

CROSS-AGENCY COLLABORATIONS

Q. An organization maintains a domain name that represents a
cross-agency community, IC.GOV, which represents members of the
intelligence community. As a cross-agency collaborative effort,
does the domain have to be re-registered?

A. The policy states that "Cross-agency collaborative
organizations (e.g., "Federal Networking Council", "Information
Infrastructure Task Force") are eligible for registration under
.GOV upon presentation of the chartering document and are the only
non-listed (in either FIPS 95-1 or the US Government Manual)
organizations eligible for registration under .GOV." "IC.GOV"
however, is grand-fathered since it is an existing domain.
Nevertheless, it would be appropriate to provide a copy of the
chartering document to the FNC for the record. This would ease
future changes to the IC.GOV domain if necessary.

FUTURE .GOV REGISTRATIONS

Q.Top level domains are roughly equivalent to cabinet-level
agencies identified in FIPS 95-1. What will happen if non-FIPS
95-1 entities apply for the ".GOV" registration in the future?

A. The registrar will use this RFCas guidance and will not
grant the ".GOV" to any new entity which is not listed in the FIPS
95-1 or the US Government Manual or which has not been granted an
exception status by the FNC Executive Committee.

Q. Suppose NIH were moved to a new Dept. of Science? Would
our domain name have to be changed?

A. NIH.GOV is grand-fathered under the existing policy and
would not change. The "Department of Science" under its own
policies may require you to re-register though.

FNC INTENT

Q. It is unclear how this will policy will facilitate access
by the public to our information, especially since most of the
public doesn't know our organizational structure or that CDC is
part of DHHS/PHS.

A. The policy attempts to avoid confusion as an increasing
number of entities register under the ".GOV" domain and to
transfer authority and responsibility for domain name space to the
appropriate agencies and away from a centralized authority. For
facilitating access, various tools and capabilities are coming
into use on the Internet all the time. Most of these tools
provide a fairly strong search capability which should obviate
most concerns of finding resources based on domain names.

Q. Section 1D of this document unfairly constrains the
organizations within the .GOV domain in stark contrast to Section
1F that grants .MIL domain organizations full freedom to operate
sub-domains in any manner chosen.

A. The Federal Networking Council has jurisdiction over the
.GOV domain names; .MIL domain names fall within the jurisdiction
of the Department of Defense. The .MIL domain has had a written
policy delimiting which DOD agencies get registered directly under
.MIL since about 1987 when the DNS first started to come into use.
Individual agencies under the .MIL domain (e.g., AF.MIL/US Air
Force) are responsible for setting policy within their domains and
for registrations within those domains. This is exactly
equivalent to the .GOV domain - an individual agency (e.g.,
Treasury.GOV/Dept of Treasury) may and should set policy for sub-
registrations within their domain.

Q. Section 1B identifies several law enforcement agencies as
being "autonomous" for the purposes of domain registration. What
is the selection criteria for an "autonomous law enforcement"
agency? For instance, the Internal Revenue Service (IRS) is
responsible for law enforcement as is the Bureau of Alcohol,
Tobacco, and Firearms (ATF).

A. The selection criteria for "law enforcement agency" is based
on primary mission. A case could be made for either or both of
these being law enforcement agencies, although the IRS' primary
mission is tax revenue collection and has few armed officers
relative to its size. An "autonomous" agency is one with mission
and role distinct and (possibly) separate from its containing
department. Unfortunately, FIPS 95-1 does not do a good job of
identifying "autonomous" entities. In the event of problems with
registration, ask the registrar to get a ruling from the
registration authority.

ROUTING QUESTIONS

Q. How will Domain Name Service resolution on the Internet
work? Instead of a root DNS server returning the address of
CDC.GOV and immediately directing inquires to our DNS servers,
will the root server return a DNS pointer to DHHS, then DHHS will
resolve to PHS, then a fourth DNS query to get to CDC? This will
add unnecessary traffic to the Net. (example is the host
CDC.PHS.DHHS.GOV)

A. The answer is based on how you (personally and agency wide)
configure your servers. First, most servers cache previous
answers - they may have to ask once, but generally remember the
answer if they need it again. Information directly under .GOV will
be fairly long-lived which substantially reduces the requirement
to query .GOV server. Secondly, multiple levels of the DNS tree
MAY reside on the same server. In the above example the
information for DHHS.GOV, PHS.DHHS.GOV and CDC.PHS.DHHS.GOV could
all reside on the same server. Assuming the location of the
DHHS.GOV server was not cached, it would require two queries.
Further queries would cache the location of this server and the
servers associated with the domains it serves. Lastly, the
individual agencies may structure their domains as they please.
CDC could reside directly under DHHS.GOV as CDC.DHHS.GOV subject
to HHS's own policies.

USING DNS FOR ADVERTISING SERVICES

Q. How can agencies utilize domain names for public service
announcements such as regulatory information, health services,
etc.?

A. The use of Domain Names for "advertising" is not encouraged,
and there is no empirical data showing that Domain Names are
effective for such purposes. Moreover, while it may appear a
reasonable assumption, we know of no evidence to show that using
even commonly know agency, program or service names as domain
names in fact, facilitates locating any particular program or
service. Indeed, we find it as reasonable to conclude that, by
using freely available search engines, a user could locate
responsive information before they would successfully "guess" the
appropriate domain name. If the agency CIO deems it advisable to
pursue "advertising via domain names," the agency should use WHOIS
utility (e.g., whois EXAMPLE.COM or whois EXAMPLE.ORG) to
determine if similar or conflicting names with other domains such
as .COM or .ORG before proceeding. Any advertising value may be
lost if the same or similar names exist within more than one
domain.

PREVENTING SIMILAR NAMES IN OTHER TOP-LEVEL DOMAINS

Q: Our agency spent a lot of time coming up with an intuitive
domain name and now we find out that the same name exists in .COM
and .ORG and is confusing to our customers, they don't know if it
is really our site or not. How can we prevent this use of our
domain name?

A. The only practical way is to register your name in all
available domains and hold them. We say hold (do not use) them
for the same reasons that you don't want your site spoofed --
customer uncertainly as to whether they are in fact at a
government site. The implications of Federal agencies using other
than .GOV or FED.US is a policy matter under the statutory
authorities of the Office of Information and Regulatory Affairs of
the Office of Management and Budget. Agency CIOs should consult
with OMB prior to using domain names other than .GOV or .FED.US.

THIRD-LEVEL DOMAINS: CONTACTING THE SECOND-LEVEL DOMAIN
ADMINISTRATOR.

Q. I don't mind having a third-level domain registration, but
my parent agency does not have a second level domain or does not
provide third-level registration services. What can I do?

A. In the first case, the registration authority can usually
provide contact information for an appropriate second level
domain. If not, an exception may be granted by the registration
authority. In the second case, make sure that you contact the
official administrative contact for the second level domain by
using the information returned by the "whois" command, e.g. "whois
STATE.GOV". The domain administrators have the responsibility of
providing third-level registration services. If an exception is
granted because there is no appropriate second level domain, it
will only be valid for two years after the subsequent
establishment of an appropriate domain. After that time, the
exception domain must register in the appropriate second-level
domain.

Q. What are the implications of using a name that conflicts
with a .COM or other top-level domain?

A. When requesting exceptions to this policy, applicants should
consider the limitations of the domain naming scheme. Many common
Words and terms are already used in .COM, the largest TLD at this
time, and it may be ineffective to use the same name in .GOV.

US GOVERNMENT MANUAL

Q. How can I get the US Government Manual?

A. Contact Superintendent of Documents
P.O. Box 371954
Pittsburgh, PA 15250-7954

or see http://www.access/gpo.gov/su_docs and follow the links to
US government information.

SECURITY CONSIDERATIONS

The integrity of the information in the DNS databases and made
available through network protocols is not reliable in the Internet
environment without additional cryptographic controls or secure
lines. Agencies with secure internal network lines may be able to
count on the internal naming information as accurate, but users on
the Internet cannot. The DNS system may be enhanced by the use of
digital signatures on the provided information; as this software
becomes available, .GOV SLD administrators are encouraged to use it
provide a secure binding for the information associated with DNS
names.

Author's Address

Federal Networking Council
4001 N. Fairfax Drive
Arlington, VA 22203
Phone: (703) 522-6410
EMail: execdir@fnc.gov
URL: http://www.fnc.gov