📄 rfc2146.txt
字号:
RFC 2146 U.S. Government Internet Domain Names May 1997
Q. How can two entities have the same name registered? How
does this apply to NIH.GOV, FDA.GOV, and CDC.GOV, all of which are
large components of DHHS/PHS? NCIFCRF.GOV is a component of NIH.
Does it have to change? I don't understand how a distinction is
made if some are grand-fathered and some are not.
A. US-STATE.GOV and STATE.GOV for example. The problem is
actually one entity with two names. NIH.GOV and FDA.GOV represent
separate entities (albeit within DHHS). If there were an NIH.GOV
and an NIH-EAST.GOV for example, NIH would have to eliminate one
of them (probably moving NIH-EAST.GOV to EAST.NIH.GOV).
Q. How much is the taxpayer being asked to spend to alter tens
of thousands of existing computer and telecommunications systems
to support this RFC?
A. In August 1995 less that half-a-dozen duplicate DNS names at
the FIPS 95-1 level needed to be changed. Given the fact that
this will be accomplished over three years, the costs should be
minimal.
CROSS-AGENCY COLLABORATIONS
Q. An organization maintains a domain name that represents a
cross-agency community, IC.GOV, which represents members of the
intelligence community. As a cross-agency collaborative effort,
does the domain have to be re-registered?
A. The policy states that "Cross-agency collaborative
organizations (e.g., "Federal Networking Council", "Information
Infrastructure Task Force") are eligible for registration under
.GOV upon presentation of the chartering document and are the only
non-listed (in either FIPS 95-1 or the US Government Manual)
organizations eligible for registration under .GOV." "IC.GOV"
however, is grand-fathered since it is an existing domain.
Nevertheless, it would be appropriate to provide a copy of the
chartering document to the FNC for the record. This would ease
future changes to the IC.GOV domain if necessary.
Federal Networking Council Informational [Page 7]
RFC 2146 U.S. Government Internet Domain Names May 1997
FUTURE .GOV REGISTRATIONS
Q.Top level domains are roughly equivalent to cabinet-level
agencies identified in FIPS 95-1. What will happen if non-FIPS
95-1 entities apply for the ".GOV" registration in the future?
A. The registrar will use this RFC as guidance and will not
grant the ".GOV" to any new entity which is not listed in the FIPS
95-1 or the US Government Manual or which has not been granted an
exception status by the FNC Executive Committee.
Q. Suppose NIH were moved to a new Dept. of Science? Would
our domain name have to be changed?
A. NIH.GOV is grand-fathered under the existing policy and
would not change. The "Department of Science" under its own
policies may require you to re-register though.
FNC INTENT
Q. It is unclear how this will policy will facilitate access
by the public to our information, especially since most of the
public doesn't know our organizational structure or that CDC is
part of DHHS/PHS.
A. The policy attempts to avoid confusion as an increasing
number of entities register under the ".GOV" domain and to
transfer authority and responsibility for domain name space to the
appropriate agencies and away from a centralized authority. For
facilitating access, various tools and capabilities are coming
into use on the Internet all the time. Most of these tools
provide a fairly strong search capability which should obviate
most concerns of finding resources based on domain names.
Federal Networking Council Informational [Page 8]
RFC 2146 U.S. Government Internet Domain Names May 1997
Q. Section 1D of this document unfairly constrains the
organizations within the .GOV domain in stark contrast to Section
1F that grants .MIL domain organizations full freedom to operate
sub-domains in any manner chosen.
A. The Federal Networking Council has jurisdiction over the
.GOV domain names; .MIL domain names fall within the jurisdiction
of the Department of Defense. The .MIL domain has had a written
policy delimiting which DOD agencies get registered directly under
.MIL since about 1987 when the DNS first started to come into use.
Individual agencies under the .MIL domain (e.g., AF.MIL/US Air
Force) are responsible for setting policy within their domains and
for registrations within those domains. This is exactly
equivalent to the .GOV domain - an individual agency (e.g.,
Treasury.GOV/Dept of Treasury) may and should set policy for sub-
registrations within their domain.
Q. Section 1B identifies several law enforcement agencies as
being "autonomous" for the purposes of domain registration. What
is the selection criteria for an "autonomous law enforcement"
agency? For instance, the Internal Revenue Service (IRS) is
responsible for law enforcement as is the Bureau of Alcohol,
Tobacco, and Firearms (ATF).
A. The selection criteria for "law enforcement agency" is based
on primary mission. A case could be made for either or both of
these being law enforcement agencies, although the IRS' primary
mission is tax revenue collection and has few armed officers
relative to its size. An "autonomous" agency is one with mission
and role distinct and (possibly) separate from its containing
department. Unfortunately, FIPS 95-1 does not do a good job of
identifying "autonomous" entities. In the event of problems with
registration, ask the registrar to get a ruling from the
registration authority.
ROUTING QUESTIONS
Q. How will Domain Name Service resolution on the Internet
work? Instead of a root DNS server returning the address of
CDC.GOV and immediately directing inquires to our DNS servers,
will the root server return a DNS pointer to DHHS, then DHHS will
resolve to PHS, then a fourth DNS query to get to CDC? This will
add unnecessary traffic to the Net. (example is the host
CDC.PHS.DHHS.GOV)
Federal Networking Council Informational [Page 9]
RFC 2146 U.S. Government Internet Domain Names May 1997
A. The answer is based on how you (personally and agency wide)
configure your servers. First, most servers cache previous
answers - they may have to ask once, but generally remember the
answer if they need it again. Information directly under .GOV will
be fairly long-lived which substantially reduces the requirement
to query .GOV server. Secondly, multiple levels of the DNS tree
MAY reside on the same server. In the above example the
information for DHHS.GOV, PHS.DHHS.GOV and CDC.PHS.DHHS.GOV could
all reside on the same server. Assuming the location of the
DHHS.GOV server was not cached, it would require two queries.
Further queries would cache the location of this server and the
servers associated with the domains it serves. Lastly, the
individual agencies may structure their domains as they please.
CDC could reside directly under DHHS.GOV as CDC.DHHS.GOV subject
to HHS's own policies.
USING DNS FOR ADVERTISING SERVICES
Q. How can agencies utilize domain names for public service
announcements such as regulatory information, health services,
etc.?
A. The use of Domain Names for "advertising" is not encouraged,
and there is no empirical data showing that Domain Names are
effective for such purposes. Moreover, while it may appear a
reasonable assumption, we know of no evidence to show that using
even commonly know agency, program or service names as domain
names in fact, facilitates locating any particular program or
service. Indeed, we find it as reasonable to conclude that, by
using freely available search engines, a user could locate
responsive information before they would successfully "guess" the
appropriate domain name. If the agency CIO deems it advisable to
pursue "advertising via domain names," the agency should use WHOIS
utility (e.g., whois EXAMPLE.COM or whois EXAMPLE.ORG) to
determine if similar or conflicting names with other domains such
as .COM or .ORG before proceeding. Any advertising value may be
lost if the same or similar names exist within more than one
domain.
Federal Networking Council Informational [Page 10]
RFC 2146 U.S. Government Internet Domain Names May 1997
PREVENTING SIMILAR NAMES IN OTHER TOP-LEVEL DOMAINS
Q: Our agency spent a lot of time coming up with an intuitive
domain name and now we find out that the same name exists in .COM
and .ORG and is confusing to our customers, they don't know if it
is really our site or not. How can we prevent this use of our
domain name?
A. The only practical way is to register your name in all
available domains and hold them. We say hold (do not use) them
for the same reasons that you don't want your site spoofed --
customer uncertainly as to whether they are in fact at a
government site. The implications of Federal agencies using other
than .GOV or FED.US is a policy matter under the statutory
authorities of the Office of Information and Regulatory Affairs of
the Office of Management and Budget. Agency CIOs should consult
with OMB prior to using domain names other than .GOV or .FED.US.
THIRD-LEVEL DOMAINS: CONTACTING THE SECOND-LEVEL DOMAIN
ADMINISTRATOR.
Q. I don't mind having a third-level domain registration, but
my parent agency does not have a second level domain or does not
provide third-level registration services. What can I do?
A. In the first case, the registration authority can usually
provide contact information for an appropriate second level
domain. If not, an exception may be granted by the registration
authority. In the second case, make sure that you contact the
official administrative contact for the second level domain by
using the information returned by the "whois" command, e.g. "whois
STATE.GOV". The domain administrators have the responsibility of
providing third-level registration services. If an exception is
granted because there is no appropriate second level domain, it
will only be valid for two years after the subsequent
establishment of an appropriate domain. After that time, the
exception domain must register in the appropriate second-level
domain.
Federal Networking Council Informational [Page 11]
RFC 2146 U.S. Government Internet Domain Names May 1997
Q. What are the implications of using a name that conflicts
with a .COM or other top-level domain?
A. When requesting exceptions to this policy, applicants should
consider the limitations of the domain naming scheme. Many common
words and terms are already used in .COM, the largest TLD at this
time, and it may be ineffective to use the same name in .GOV.
US GOVERNMENT MANUAL
Q. How can I get the US Government Manual?
A. Contact Superintendent of Documents
P.O. Box 371954
Pittsburgh, PA 15250-7954
or see http://www.access/gpo.gov/su_docs and follow the links to
US government information.
SECURITY CONSIDERATIONS
The integrity of the information in the DNS databases and made
available through network protocols is not reliable in the Internet
environment without additional cryptographic controls or secure
lines. Agencies with secure internal network lines may be able to
count on the internal naming information as accurate, but users on
the Internet cannot. The DNS system may be enhanced by the use of
digital signatures on the provided information; as this software
becomes available, .GOV SLD administrators are encouraged to use it
provide a secure binding for the information associated with DNS
names.
Author's Address
Federal Networking Council
4001 N. Fairfax Drive
Arlington, VA 22203
Phone: (703) 522-6410
EMail: execdir@fnc.gov
URL: http://www.fnc.gov
Federal Networking Council Informational [Page 12]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -