U.S. Government Internet Domain Names
Status of this Memo
This memo provides information for the Internet community. This memo does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
This memo provides an update and clarification to RFC 1811. This document describes the registration policies for the top-level domain ".GOV". Thus far, Federal Agencies and their subsidiaries have registered without any guidance. This has resulted in multiple registrations for Federal Agencies and naming schemes that do not facilitate responsiveness to the public. This document fixes this by restricting registrations to coincide with the approved structure of the US government. The document cited, FIPS 95-1, provides a standard recognized structure into which domain registrations for .GOV can be fit. This policy is exactly comparable to that for the top-level domains. The IANA requires that an organization/country apply for and get a 2 letter code from ISO/ITU (e.g., US for United States) for additional top-level registration.
As a side effect, this reduces the number of .GOV level registrations and reduces the workload on the Internic.
U.S. GOVERNMENT INTERNET DOMAIN NAMES POLICY
The .GOV domain is delegated from the root authority to the US Federal Networking Council. The .GOV domain is for registration of US governmental entities on the federal level only. Registrations for state and local governmental agencies shall be made under the .US domain in accordance with the policies for that domain.
1) The document "Codes for the Identification of Federal and Federally Assisted Organizations", FIPS 95-1 (or its successor) lists the official names of US Government agencies.
A) Top-level entities (e.g., those with codes ending in 00 such as "1200 Department of Agriculture"), and independent agencies and organizations (e.g., "National Science Foundation and other non-
indented listings unless prohibited below) as listed in this document are eligible for registration directly under .GOV.
B) Autonomous law enforcement components of top-level entities (e.g., "Federal Bureau of Investigation", "Secret Service", "Coast Guard") are also eligible for registration.
C) Cross-agency collaborative organizations (e.g., "Federal Networking Council", "Information Infrastructure Task Force") are eligible for registration under .GOV upon presentation of the chartering document and are the only non-FIPS-listed organizations eligible for registration under .GOV.
D) Subsidiary, non-autonomous components of top-level or other entities are not eligible for separate registration. International organizations listed in this document are NOT eligible for registration under .GOV.
E) Organizations listed as "Federally Aided Organizations" are not eligible for registration under .GOV and should register under .ORG or other appropriate top-level domain.
F) Organizations subsidiary to "Department of Defense" must register under the ".MIL" domain via the Defense Data Network Network Information Center - contact email@example.com.
The only standard exceptions to these rules are changes to governmental structure due to statutory, regulatory or executive directives not yet reflected in the above document. The requesting agency should provide documentation in one of the above forms to request an exception. Other requests for exception should be referred to the Federal Networking Council.
2) A domain name should be derived from the official name for the organization (e.g., "USDA.Gov" or "Agriculture.GOV".) The registration shall be listed in the registration database under the
official name (per FIPS 95-1) for the organization or under the name in the chartering document.
3) Only ONE registration and delegation shall be made per agency. The .GOV registration authority shall provide registrations on a first-come first-served basis. It is an individual agency matter as to which portion of the agency is responsible for managing the domain space under a delegated agency domain.
4) Those agencies and entities that have multiple registrations under .GOV may retain them for a maximum of 3 years from the publication date of this document. Within 6 months after the publication of this document, one permanent domain must be selected for the agency. The other (auxiliary) domains must cease further sub-delegations and registrations at this time. As of 1 year after the publication of this document, the auxiliary domains will become undelegated and will revert to the control of the .GOV owner. As of 2 years after the publication of this document, all registrations in the auxiliary domains must be mirrored in the permanent domain and those names should be used where possible. At the 3 year point, all auxiliary domain registrations will be deleted.
5) Those agencies and entities already registered in .GOV but not listed in FIPS 95-1 (e.g., DOE labs, state entities) may retain their registration within the constraint of the single registration rule (see para 4). No further non-FIPS-listed registrations will be made. State and local entities are strongly encouraged to re-register under .US, but this is not mandatory.
 Federal Information Processing Standards Publication 95-1 (FIPS PUB 95-1, "Codes for the Identification of Federal and Federally Assisted Organizations", U.S. Department of Commerce, National Institute of Standards and Technology, January 4, 1993.  Postel, J., "Domain Name System Structure and Delegation", RFC 1591, USC/Information Sciences Institute, March 1994.
* All current registrations in .GOV are grandfathered and do NOT require re-registration with the exception of duplicate registrations for the SAME organization at the same level. E.g., two registrations which represent the Department of Transportation would be duplicates; registrations for each of the Department of Transportation and the FAA would not (The FAA is an autonomous component contained within the DOT).
* The policy requires resolution of all duplicate registrations within the next three years.
* Local and state agencies registered under the ".GOV" domain may remain there. However, they are strongly encouraged to transfer to the US domain.
- Cross-agency collaborative efforts may register under ".ORG" or
".US" as an alternative to asking for an exception to the policy.
FREQUENTLY ASKED QUESTIONS / ANSWERS
EXISTING .GOV REGISTRATIONS
Q. What are examples of FIPS-95-1 Departments possessing duplicate top level domain names, and what guidance has been given to them regarding these names?
A. Examples of FIPS-95-1 Departments with duplicate DNS' include "STATE.GOV" and "LABOR.GOV". These departments have six months to determine which name is permanent and which is auxiliary and three years to drop the auxiliary registration.
Q. Currently, our services are defined as www.cdc.gov, ftp.cdc.gov, and gopher.cdc.gov. Does this proposal mean that our names will now be: www.ntb.ops.cdc.phs.dhhs.gov, etc or at a minimum: www.cdc.phs.dhhs.gov, ftp.cdc.phs.dhhs.gov, and gopher.cdc.phs.dhhs.gov?
A. In the case of CDC, NIST, NIH, FDA, and the numerous other non- FIPS-95-1 agencies registered with ".GOV" domains, there will be no changes. The existing DNSs of these agencies are grandfathered under this policy. In addition, the policy effects only the domains allowed to be registered directly under .GOV; further delegations are under the control of the subdomain owner. For the above, assuming the HHS subdomain owner concurs, there is no problem with the HHS registering "cdc.dhhs.gov" as a subdomain of "dhhs.gov".
Q. How will registrations by Federal Laboratories be addressed?
A. The existing domain names will be grandfathered, i.e., LBL.GOV. Any new registrations will generally be within the domain of the sponsoring agency (and subject to that agencies policies), within the .US domain as a geographic entity, or within the .ORG domain.
Q. What are some examples of state government agencies registered under ".GOV" domain? Will they need to change their DNS?
A. Examples of cities and states that originally registered under the ".GOV" include:
WA.GOV Department of Information Services, State of Washington LA.GOV Bureau of Sanitation, City of Los Angeles
These entities are strongly encouraged to reregister in the ".US" domain but this is NOT mandatory. No further state and local agencies will be registered under .GOV.
Q. It is not in anyone's best interest to name things by organizational boundaries as these things change. Internet domain names and host names, once defined and used, become so widely distributed that they become virtually impossible to change. Organizational structure changes but not the underlying networking structure.
A. The policy does not require organizations to change their names once established, but individual agency policies may. The DNS system contains some capabilities to assist in name transition - the CNAME record provides a capability for cross-domain aliases which can be used to ease a transition between one name space and another. As noted in the clarifications, naming and subdomain conventions WITHIN an agency or department DNS delegation are solely the province of that entity.
Q. How can two entities have the same name registered? How does this apply to NIH.GOV, FDA.GOV, and CDC.GOV, all of which are large components of DHHS/PHS? NCIFCRF.GOV is a component of NIH. Does it have to change? I don't understand how a distinction is made if some are grandfathered and some are not.
A. US-STATE.GOV and STATE.GOV for example. The problem is actually one entity with two names. NIH.GOV and FDA.GOV represent separate entities (albeit within DHHS). If there were an NIH.GOV and an NIH- EAST.GOV for example, NIH would have to eliminate one of them (probably moving NIH-EAST.GOV to EAST.NIH.GOV).
Q. How much is the taxpayer being asked to spend to alter tens of thousands of existing computer and telecommunications systems to support RFC 1816?
A. There are currently less that half-a-dozen duplicate DNS names at the FIPS-95-1 level which will need to be changed. Given the fact that this will be accomplished over the next three years, the costs should be minimal.
Q. An organization maintains a domain name which represents a cross-agency community, IC.GOV, which represents members of the intelligence community. As a cross-agency collaborative effort, does the domain have to be reregistered?
A. The policy states that "Cross-agency collaborative organizations (e.g., "Federal Networking Council", "Information Infrastructure Task Force") are eligible for registration under .GOV upon presentation of the chartering document and are the only non-FIPS-listed organizations eligible for registration under .GOV." "IC.GOV" however, is grandfathered since it is an existing domain. Nevertheless, it would be appropriate to provide a copy of the chartering document to the FNC for the record. This would ease future changes to the IC.GOV domain if necessary.
FUTURE .GOV REGISTRATIONS
Q. Top level domains are roughly equivalent to the cabinet-level agencies identified in FIPS-95-1. What will happen if non-FIPS-95-1 entities apply for the ".GOV" registration in the future?
A. The Internic will use RFC 1816 as guidance and will not grant the ".GOV" to any new entity which is not listed in the FIPS-95-1 or which has not been granted an exception status by the FNC Executive Committee.
Q. Suppose NIH were moved to a new Dept. of Science? Would our domain name have to be changed?
A. NIH.GOV is grandfathered under the existing policy and would not change. The "Department of Science" under its own policies may require you to re-register though.
Q. It is unclear how this will policy will facilitate access by the public to our information, especially since most of the public doesn't know our organizational structure or that CDC is part of DHHS/PHS.
A. The policy attempts to avoid confusion as an increasing number of entities register under the ".GOV" domain and to transfer authority and responsibility for domain name space to the appropriate agencies and away from a centralized authority. For facilitating access, various tools and capabilities are coming into use on the Internet all the time. Most of these tools provide a fairly strong search capability which should obviate most concerns of finding resources based on domain names.
Q. Section 1D of RFC 1816 unfairly constrains the organizations within the .gov domain in stark contrast to Section 1F which grants .mil domain organizations full freedom to operate subdomains in any manner chosen.
A. The Federal Networking Council has jurisdiction over the ".GOV" domain names; ".MIL" domain names fall within the jurisdiction of the Department of Defense. The .MIL domain has had a written policy delimiting which DOD agencies get registered directly under .MIL since about 1987 when the DNS first started to come into use. Individual agencies under the .MIL domain (e.g., AF.MIL/US Air Force) are responsible for setting policy within their domains and for registrations within those domains. This is exactly equivalent to the .GOV domain - an individual agency (e.g., Treasury.GOV/Dept of Treasury) may and should set policy for subregistrations within their domain.
Q. Section 1B identifies several law enforcement agencies as being "autonomous" for the purposes of domain registration. What is the selection criteria for an "autonomous law enforcement" agency? For instance, the Internal Revenue Service (IRS) is responsible for law enforcement as is the Bureau of Alcohol, Tobacco, and Firearms (ATF).
A. The selection criteria for "law enforcement agency" is based on primary mission. A case could be made for either or both of these being law enforcement agencies, although the IRS' primary mission is tax revenue collection and has few armed officers relative to its size. An "autonomous" agency is one with mission and role distinct and (possibly) separate from its containing department. Unfortunately, 95-1 does not do a good job of identifying "autonomous" entities. In the event of problems with registration, ask the registrar to get a ruling from the FNC.
Q. How will Domain Name Service resolution on the Net work? Instead of a root DNS server returning the address of cdc.gov and immediately directing inquires to our DNS servers, will the root server return a DNS pointer to DHHS, then DHHS will resolve to PHS, then a fourth DNS query to get to CDC? This will add unnecessary traffic to the Net. (example is host.CDC.PHS.DHHS.GOV)
A. The answer is based on how you (personally and agency wide) configure your servers. First, most servers cache previous answers - they may have to ask once, but generally remember the answer if they need it again. Information directly under .GOV will be fairly long- lived which substantially reduces the requirement to query .GOV server. Secondly, multiple levels of the DNS tree MAY reside on the same server. In the above example the information for DHHS.GOV, PHS.DHHS.GOV and CDC.PHS.DHHS.GOV could all reside on the same server. Assuming the location of the DHHS.GOV server was not cached, it would require 2 queries. Further queries would cache the location of this server and the servers associated with the domains it serves. Lastly, the individual agencies may structure their domains as they please. CDC could reside directly under DHHS.GOV as CDC.DHHS.GOV subject to HHS's own policies.
Security issues are not discussed in this memo.
Federal Networking Council
4001 N. Fairfax Drive
Arlington, VA 22203
Phone: (703) 522-6410 EMail: firstname.lastname@example.org URL: http://www.fnc.gov