RFC 2146 Network Working Group Federal Networking Council Request For Comments: 2146 May 1997 Category: Informational Obsoletes: RFC 1816 U.S. Government Internet Domain Names Status of this Memo This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Abstract This memo provides an update and clarification to RFC 1816. This document describes the registration policies for the top-level domain ".GOV". The purpose of the domain is to provide naming conventions that identify US Federal government agencies in order to facilitate access to their electronic resources. This memo provides guidance for registrations by Federal Agencies that avoids name duplication and facilitates responsiveness to the public. It restricts registrations to coincide with the approved structure of the US government and the advice of its Chief Information Officers. Two documents are recognized as constituting documentation on the US government structure: FIPS 95-1 provides a standard recognized structure into which domain registrations for .GOV and FED.US can fit; and, the US Government Manual [3], a special publication of the Federal Register, provides official documentation of the government structure. The latter document may be subject to more timely updates than the former. Either document is suitable for determining which entities qualify for second-level domain registration within .GOV and FED.US. As a side effect, this RFC reduces the number of .GOV and FED.US level registrations and reduces the workload on the registration authority. Previous versions of this document did not address the FED.US domain. This document anticipates the migration of the .GOV domain into the FED.US domain, in keeping with common practice on the Internet today. Federal Networking Council Informational [Page 1] RFC 2146 U.S. Government Internet Domain Names May 1997 U.S. GOVERNMENT INTERNET DOMAIN NAMES POLICY The .GOV domain is delegated from the root authority to the US Federal Networking Council. The .GOV domain is for registration of US governmental entities on the federal level only. Registrations for state and local governmental agencies shall be made under the .US domain in accordance with the policies for that domain. Further references in this document to .GOV should be understood to apply to FED.US as well. The most succinct form of the policy is "one agency, one name". The agency may choose its own name, but an easily recognized acronym is suggested. The following paragraphs enumerate the types of agencies eligible for registration and the types that are not eligible: 1) The document "Codes for the Identification of Federal and Federally Assisted Organizations", FIPS 95-1 (or its successor) lists the official names of US Government agencies. Either that document or the US Government Manual can be used to determine that an entity is eligible for registration as a second level domain of .GOV. A) Top-level entities (e.g., those in FIPS 95-1 with codes ending in 00 such a"1200 Department of Agriculture"), those in the US Government Manual listed as "Departments, Independent Establishments (not Corporations), and all the Boards, Commissions, and Committees"), and independent agencies and organizations (e.g., "National Science Foundation" and other non-indented listings unless prohibited below) as listed in this document are eligible for registration directly under .GOV. B) Cross-agency collaborative organizations (e.g., "Federal Networking Council", "Information Infrastructure Task Force") are eligible for registration under .GOV upon presentation of the chartering document and are the only non- FIPS-listed or non-US-Government-Manual-listed organizations eligible for registration under .GOV. C) Subsidiary, non-autonomous components of top-level or other entities are not eligible for separate registration. International organizations listed in this document are NOT eligible for registration under .GOV. Subsidiary components should register as third-level domains under their parent organization. Other Federal entities may apply to the FED.US domain. Federal Networking Council Informational [Page 2] RFC 2146 U.S. Government Internet Domain Names May 1997 D) Organizations listed as "Federally Aided Organizations" in FIPS 95-1 are not eligible for registration under .GOV and should register under .ORG or other appropriate top-level domain that reflects their status. E) Organizations subsidiary to "Department of Defense" must register under the ".MIL" domain via the Defense Data Network Information Center - contact registrar@nic.ddn.mil. F) Other entities may be registered by request of a cognizant Chief Information Officer (CIO); CIO's are those agency officials designated by the agency head in accordance with the requirements of the Information Technology Management Reform Act of 1996 and Executive Order 13011. G) Federal Courts constitute a special class of domains. All Federal courts seeking domain registrations should contact the Administrative Office of the US Courts for their guidance on policy and naming. a) The string "SUPREME-COURT" is reserved for the Supreme Court domain. b) All other courts and their officers and officials should register in .USCOURTS.GOV. The only standard exceptions to these rules are changes to governmental structure due to statutory, regulatory or executive directives not yet reflected in the above document. The requesting agency should provide documentation in one of the above forms to request an exception. Other requests for exception should be referred to the Federal Networking Council. 2) A domain name should be derived from the official name for the organization (e.g., "USDA.Gov" or "AGRICULTURE.GOV".) The registration shall be listed in the registration database under the official name (per FIPS 95-1 or US Government Manual) for the organization or under the name in the chartering document. 3) Only ONE registration and delegation shall be made for the purpose of identifying an agency. The .GOV registration authority shall provide registrations on a first-come first-served basis. It is an individual agency matter as to which portion of the agency is responsible for managing the domain space under a delegated agency domain. Federal Networking Council Informational [Page 3] RFC 2146 U.S. Government Internet Domain Names May 1997 4) Those agencies and entities that had multiple registrations under .GOV may retain them until August 1998, but sub-delegations will be permitted only under the one name chosen by the agency as its permanent name. As of August 1996, the auxiliary domains will become un-delegated and will revert to the control of the .GOV owner. As of 2 August 1997, all registrations in the auxiliary domains must be mirrored in the permanent domain and those names should be used where possible. At the three year point, all auxiliary domain registrations will be deleted (August 1998). 5) Those agencies and entities already registered in .GOV but not listed in FIPS 95-1 (e.g., DOE labs, state entities) or the US Government Manual may retain their registration within the constraint of the single registration rule (see para 4). No further non-listed registrations will be made. State and local entities are strongly encouraged to re-register under .US, but this is not mandatory. REFERENCES [1] Federal Information Processing Standards Publication 95-1 (FIPS PUB 95-1), "Codes for the Identification of Federal and Federally Assisted Organizations", U.S. Department of Commerce, National Institute of Standards and Technology, January 4, 1993. [2] Postel, J., "Domain Name System Structure and Delegation", RFC 1591, USC/Information Sciences Institute, March 1994. [3] US Government Manual, Office of the Federal Register, National Archives and Records Administration, Washington DC 20804. CLARIFICATION * Registrations prior to August 1995 are grand-fathered and do NOT require re-registration with the exception of duplicate registrations for the SAME organization at the same level. E.g., 2 registrations that represent the Department of Transportation would be considered duplicates. Registrations for each of the Department of Transportation and the FAA would not. (The FAA is an autonomous component contained within the DOT). * The policy requires resolution of all duplicate registrations by August 1998. Federal Networking Council Informational [Page 4] RFC 2146 U.S. Government Internet Domain Names May 1997 * Local and state agencies registered under the ".GOV" domain may remain there. However, they are strongly encouraged to transfer to the .US domain. * Cross-agency collaborative efforts may register under "FED.US" as an alternative to asking for an exception to the .GOV policy. FREQUENTLY ASKED QUESTIONS / ANSWERS EXISTING .GOV REGISTRATIONS Q. What are examples of FIPS 95-1 Departments possessing duplicate top-level domain names, and what guidance has been given to them regarding these names? A. Examples of FIPS 95-1 Departments with duplicate DNS' include "STATE.GOV" and "LABOR.GOV". These departments had six months (until December 1996) to determine which name is permanent and which is auxiliary and three years to drop the auxiliary registration. Q. Currently, our services are defined as www.cdc.gov, ftp.cdc.gov, and gopher.cdc.gov. Does this proposal mean that our names will now be: www.ntb.ops.cdc.phs.dhhs.gov, etc or at a minimum: www.cdc.phs.dhhs.gov, ftp.cdc.phs.dhhs.gov, and gopher.cdc.phs.dhhs.gov? A. In the case of CDC, NIST, NIH, FDA, and the numerous other non-FIPS-95-1 agencies registered with ".GOV" domains, there will be no changes. The existing DNS' of these agencies are grand- fathered under this policy. In addition, the policy effects only the domains allowed to be registered directly under .GOV; further delegations are under the control of the sub-domain owner. For the above, assuming the HHS sub-domain owner concurs, there is no problem with the HHS registering "cdc.dhhs.gov" as a sub-domain of "dhhs.gov". Federal Networking Council Informational [Page 5] RFC 2146 U.S. Government Internet Domain Names May 1997 Q. How will registrations by Federal Laboratories be addressed? A. The existing domain names will be grand-fathered, i.e., LBL.GOV. Any new registrations will generally be within the domain of the sponsoring agency (and subject to agency policies), within the .US domain as a geographic entity, or within the FED.US domain. Q. What are some examples of state government agencies registered under ".GOV" domain? Will they need to change their DNS? A. Examples of cities and states that originally registered under the .GOV include: WA.GOV Department of Information Services, State of Washington LA.GOV Bureau of Sanitation, City of Los Angeles These entities are strongly encouraged to re-register in the .US domain but this is NOT mandatory. No further state and local agencies will be registered under .GOV. Q. It is not in anyone's best interest to name things by organizational boundaries as these things change. Internet domain names and host names, once defined and used, become so widely distributed that they become virtually impossible to change. A. The policy does not require organizations to change their names once established, but individual agency policies may. The DNS system contains some capabilities to assist in name transition - the CNAME record provides a capability for cross-domain aliases which can be used to ease a transition between one name space and another. As noted in the clarifications, naming and sub-domain conventions WITHIN an agency or department DNS delegation are solely the province of that entity. Federal Networking Council Informational [Page 6] RFC 2146 U.S. Government Internet Domain Names May 1997 Q. How can two entities have the same name registered? How does this apply to NIH.GOV, FDA.GOV, and CDC.GOV, all of which are large components of DHHS/PHS? NCIFCRF.GOV is a component of NIH. Does it have to change? I don't understand how a distinction is made if some are grand-fathered and some are not. A. US-STATE.GOV and STATE.GOV for example. The problem is actually one entity with two names. NIH.GOV and FDA.GOV represent separate entities (albeit within DHHS). If there were an NIH.GOV and an NIH-EAST.GOV for example, NIH would have to eliminate one of them (probably moving NIH-EAST.GOV to EAST.NIH.GOV). Q. How much is the taxpayer being asked to spend to alter tens of thousands of existing computer and telecommunications systems to support this RFC? A. In August 1995 less that half-a-dozen duplicate DNS names at the FIPS 95-1 level needed to be changed. Given the fact that this will be accomplished over three years, the costs should be minimal. CROSS-AGENCY COLLABORATIONS Q. An organization maintains a domain name that represents a cross-agency community, IC.GOV, which represents members of the intelligence community. As a cross-agency collaborative effort, does the domain have to be re-registered? A. The policy states that "Cross-agency collaborative organizations (e.g., "Federal Networking Council", "Information Infrastructure Task Force") are eligible for registration under .GOV upon presentation of the chartering document and are the only non-listed (in either FIPS 95-1 or the US Government Manual) organizations eligible for registration under .GOV." "IC.GOV" however, is grand-fathered since it is an existing domain. Nevertheless, it would be appropriate to provide a copy of the chartering document to the FNC for the record. This would ease future changes to the IC.GOV domain if necessary. Federal Networking Council Informational [Page 7] RFC 2146 U.S. Government Internet Domain Names May 1997 FUTURE .GOV REGISTRATIONS Q.Top level domains are roughly equivalent to cabinet-level agencies identified in FIPS 95-1. What will happen if non-FIPS 95-1 entities apply for the ".GOV" registration in the future? A. The registrar will use this RFC as guidance and will not grant the ".GOV" to any new entity which is not listed in the FIPS 95-1 or the US Government Manual or which has not been granted an exception status by the FNC Executive Committee. Q. Suppose NIH were moved to a new Dept. of Science? Would our domain name have to be changed? A. NIH.GOV is grand-fathered under the existing policy and would not change. The "Department of Science" under its own policies may require you to re-register though. FNC INTENT Q. It is unclear how this will policy will facilitate access by the public to our information, especially since most of the public doesn't know our organizational structure or that CDC is part of DHHS/PHS. A. The policy attempts to avoid confusion as an increasing number of entities register under the ".GOV" domain and to transfer authority and responsibility for domain name space to the appropriate agencies and away from a centralized authority. For facilitating access, various tools and capabilities are coming into use on the Internet all the time. Most of these tools provide a fairly strong search capability which should obviate most concerns of finding resources based on domain names. Federal Networking Council Informational [Page 8] RFC 2146 U.S. Government Internet Domain Names May 1997 Q. Section 1D of this document unfairly constrains the organizations within the .GOV domain in stark contrast to Section 1F that grants .MIL domain organizations full freedom to operate sub-domains in any manner chosen. A. The Federal Networking Council has jurisdiction over the .GOV domain names; .MIL domain names fall within the jurisdiction of the Department of Defense. The .MIL domain has had a written policy delimiting which DOD agencies get registered directly under .MIL since about 1987 when the DNS first started to come into use. Individual agencies under the .MIL domain (e.g., AF.MIL/US Air Force) are responsible for setting policy within their domains and for registrations within those domains. This is exactly equivalent to the .GOV domain - an individual agency (e.g., Treasury.GOV/Dept of Treasury) may and should set policy for sub- registrations within their domain. Q. Section 1B identifies several law enforcement agencies as being "autonomous" for the purposes of domain registration. What is the selection criteria for an "autonomous law enforcement" agency? For instance, the Internal Revenue Service (IRS) is responsible for law enforcement as is the Bureau of Alcohol, Tobacco, and Firearms (ATF). A. The selection criteria for "law enforcement agency" is based on primary mission. A case could be made for either or both of these being law enforcement agencies, although the IRS' primary mission is tax revenue collection and has few armed officers relative to its size. An "autonomous" agency is one with mission and role distinct and (possibly) separate from its containing department. Unfortunately, FIPS 95-1 does not do a good job of identifying "autonomous" entities. In the event of problems with registration, ask the registrar to get a ruling from the registration authority. ROUTING QUESTIONS Q. How will Domain Name Service resolution on the Internet work? Instead of a root DNS server returning the address of CDC.GOV and immediately directing inquires to our DNS servers, will the root server return a DNS pointer to DHHS, then DHHS will resolve to PHS, then a fourth DNS query to get to CDC? This will add unnecessary traffic to the Net. (example is the host CDC.PHS.DHHS.GOV) Federal Networking Council Informational [Page 9] RFC 2146 U.S. Government Internet Domain Names May 1997 A. The answer is based on how you (personally and agency wide) configure your servers. First, most servers cache previous answers - they may have to ask once, but generally remember the answer if they need it again. Information directly under .GOV will be fairly long-lived which substantially reduces the requirement to query .GOV server. Secondly, multiple levels of the DNS tree MAY reside on the same server. In the above example the information for DHHS.GOV, PHS.DHHS.GOV and CDC.PHS.DHHS.GOV could all reside on the same server. Assuming the location of the DHHS.GOV server was not cached, it would require two queries. Further queries would cache the location of this server and the servers associated with the domains it serves. Lastly, the individual agencies may structure their domains as they please. CDC could reside directly under DHHS.GOV as CDC.DHHS.GOV subject to HHS's own policies. USING DNS FOR ADVERTISING SERVICES Q. How can agencies utilize domain names for public service announcements such as regulatory information, health services, etc.? A. The use of Domain Names for "advertising" is not encouraged, and there is no empirical data showing that Domain Names are effective for such purposes. Moreover, while it may appear a reasonable assumption, we know of no evidence to show that using even commonly know agency, program or service names as domain names in fact, facilitates locating any particular program or service. Indeed, we find it as reasonable to conclude that, by using freely available search engines, a user could locate responsive information before they would successfully "guess" the appropriate domain name. If the agency CIO deems it advisable to pursue "advertising via domain names," the agency should use WHOIS utility (e.g., whois EXAMPLE.COM or whois EXAMPLE.ORG) to determine if similar or conflicting names with other domains such as .COM or .ORG before proceeding. Any advertising value may be lost if the same or similar names exist within more than one domain. Federal Networking Council Informational [Page 10] RFC 2146 U.S. Government Internet Domain Names May 1997 PREVENTING SIMILAR NAMES IN OTHER TOP-LEVEL DOMAINS Q: Our agency spent a lot of time coming up with an intuitive domain name and now we find out that the same name exists in .COM and .ORG and is confusing to our customers, they don't know if it is really our site or not. How can we prevent this use of our domain name? A. The only practical way is to register your name in all available domains and hold them. We say hold (do not use) them for the same reasons that you don't want your site spoofed -- customer uncertainly as to whether they are in fact at a government site. The implications of Federal agencies using other than .GOV or FED.US is a policy matter under the statutory authorities of the Office of Information and Regulatory Affairs of the Office of Management and Budget. Agency CIOs should consult with OMB prior to using domain names other than .GOV or .FED.US. THIRD-LEVEL DOMAINS: CONTACTING THE SECOND-LEVEL DOMAIN ADMINISTRATOR. Q. I don't mind having a third-level domain registration, but my parent agency does not have a second level domain or does not provide third-level registration services. What can I do? A. In the first case, the registration authority can usually provide contact information for an appropriate second level domain. If not, an exception may be granted by the registration authority. In the second case, make sure that you contact the official administrative contact for the second level domain by using the information returned by the "whois" command, e.g. "whois STATE.GOV". The domain administrators have the responsibility of providing third-level registration services. If an exception is granted because there is no appropriate second level domain, it will only be valid for two years after the subsequent establishment of an appropriate domain. After that time, the exception domain must register in the appropriate second-level domain. Federal Networking Council Informational [Page 11] RFC 2146 U.S. Government Internet Domain Names May 1997 Q. What are the implications of using a name that conflicts with a .COM or other top-level domain? A. When requesting exceptions to this policy, applicants should consider the limitations of the domain naming scheme. Many common words and terms are already used in .COM, the largest TLD at this time, and it may be ineffective to use the same name in .GOV. US GOVERNMENT MANUAL Q. How can I get the US Government Manual? A. Contact Superintendent of Documents P.O. Box 371954 Pittsburgh, PA 15250-7954 or see http://www.access/gpo.gov/su_docs and follow the links to US government information. SECURITY CONSIDERATIONS The integrity of the information in the DNS databases and made available through network protocols is not reliable in the Internet environment without additional cryptographic controls or secure lines. Agencies with secure internal network lines may be able to count on the internal naming information as accurate, but users on the Internet cannot. The DNS system may be enhanced by the use of digital signatures on the provided information; as this software becomes available, .GOV SLD administrators are encouraged to use it provide a secure binding for the information associated with DNS names. Author's Address Federal Networking Council 4001 N. Fairfax Drive Arlington, VA 22203 Phone: (703) 522-6410 EMail: execdir@fnc.gov URL: http://www.fnc.gov Federal Networking Council Informational [Page 12]