Preamble

The university itself owns several domains for trademark protection (for instance oxforduniversity.com) or for historical reasons (such as oxford.ac.uk and oxford.edu). College or department usage of these domains is deprecated and new DNS entries will not be permitted; units should normally look to use the ox.ac.uk domain, save for exceptions as described below.

We strongly advise that external domains should be registered through us to simplify administration and to minimise future problems, although this is not mandatory save in the case of .ac.uk domains. IT Services are a member of Nominet and act as a registrar for co.uk, org.uk and other Nominet-managed second-level domains. For most other domain names, IT Services act as an OpenSRS reseller. For certain special cases (such as .museum), we simply register through commercial providers.

Definitions

  • Domains: are “identified by a domain name, and consists of that part of the domain name space that is at or below the domain name which specifies the domain” (p.7, RFC 1034)
  • Subdomains: are subsets of a parent domain e.g. unit.ox.ac.uk is subdomain of the parent ox.ac.uk domain.
  • Name Servers: “…are server programs which hold information about the domain tree's structure and set information.” (p.5, RFC 1034)
  • DNSSEC: “…[adds] origin authentication and integrity protection for DNS data, as well as a means of public key distribution. These extensions do not provide confidentiality.” (p.2, RFC 4033).
  • AD Zones: "For a given domain, certain subdomains are used by Microsoft Active Directory1.The term AD Zones is used to refer specifically to these subdomains but not the parent domain of unit.ox.ac.uk."

1. General

  • 1.1 All DNS records must conform to international standards as laid down in the RFC’s2.
  • 1.2 All names must not risk bringing the University into disrepute.
  • 1.3 Domain names must be approved by a Head of Department/Head of House.
  • 1.4 All active IP addresses must have a PTR record.

    Note: Due to current technical limitations there is a temporary exemption for IPv6.

  • 1.5 Currently the existing systems restrict domain names to 5 parts.

    Note: We will review this limit when new systems are implemented.

  • 1.6 All authoritative name servers must be capable of running DNSSEC3.
  • 1.7 IT Services may, from time to time, review domain names to ensure that they are still needed and/or legitimate. Those that are no longer being used will be taken down and may be reused.
  • 1.8 Any DNS records that do not conform to international and/or University standards must be removed promptly.

2. ox.ac.uk domain

  • 2.1 ‘The University's policy is that all University activities (other than those within OUP's remit) should be presented within the ox.ac.uk domain.’ 4 Exceptions are permissible if they meet certain criteria and are discussed later in this document.
  • 2.2 For reasons of accountability and security, hostnames within the ox.ac.uk domain may not ordinarily be pointed at IP addresses outside the address space allocated to the University. An exception may be granted where IT Services are satisfied the Unit retains a level of control over the hosted service comparable with a service hosted on the University network (see Conditions). All exceptions will be reviewed periodically.
  • 2.3 Delegation of Subdomains to a Unit’s Name Servers.

    Note: Due to current technical limitations IT Services can ordinarily only delegate AD zones. IT Services hope to change this in the future.

    • 2.3.1 We will only permit ‘full’ zone delegation in that the Unit has complete control and responsibility for this subdomain.
    • 2.3.2 The zone may then be used for any service except for the following:
      • 2.3.2.1 Email (MX records) can only be for PRAS recognised Units/Sub-Units.
      • 2.3.2.2 No ‘personal/vanity’ domain names.
    • 2.3.3 The zone becomes the responsibility of the Unit but IT Services may carry out ‘due diligence’ inspections to ensure that zone is not causing reputational damage to the ox.ac.uk domain in any way 5.

3. Non-ox.ac.uk domains

  • 3.1 ‘The University's policy is that all University activities (other than those within OUP's remit) should be presented within the ox.ac.uk domain. Oxford University Computing Services ("OUCS") is solely responsible for controlling ox.ac.uk and its sub-domains. Any department, faculty, unit, institute or other grouping within the University (except OUP) which wishes to make use of any other domain should refer to OUCS for approval (which in general will be granted only in connection with projects which have a wider reach than the University, and which need a distinct and identifiable presence).’ 6
  • 3.2 Hostnames not within the ox.ac.uk domain may not ordinarily be pointed at IP addresses on the University network. Exceptions will be made only by special arrangement (and may require payment of a licence fee). Reverse-mapping will always return an address within ox.ac.uk.
  • 3.3 Purchasing
    • 3.3.1 Subject to all the above caveats IT Services will purchase domains for all Units.
    • 3.3.2 As a matter of courtesy, IT Services can also register domains when requested by appropriate staff in Colleges and subsidiaries, which will be registered on their behalf.
  • 3.4 DNS hosting on University of Oxford IP address space
    • 3.4.1 Anything purchased by IT services would normally be DNS hosted on our central DNS servers.
    • 3.4.2 We will also consider DNS hosting domains purchased through other means e.g. project shared between different Universities.
    • 3.4.3 We will not host personal vanity domains, or any domain for non-University purposes.
    • 3.4.4 Trademark Protection: In the case of domain names obtained purely for trademark protection, we will normally only permit a DNS entry for www within that domain. Accessing that site should result in the user being redirected to the standard URL within the ox.ac.uk domain. Where multiple domains have been obtained for use by the same project (for instance identical names under .com, .net, and .org), we strongly encourage use of one domain as standard and the alternatives to be configured as redirects.

In addition to local policy, all purchases and usage of domains must be in line with the policies laid down by the appropriate domain registries and the domain registrars through which we make our purchases. These are listed below:

Approved OUCS/SMG (31/07/12)

Up: Contents

Notes
1.
For a domain unit.ox.ac.uk, six are required at the time of writing: _tcp.unit.ox.ac.uk _udp.unit.ox.ac.uk _sites.unit.ox.ac.uk _msdcs.unit.ox.ac.uk DomainDNSZones.unit.ox.ac.uk ForestDNSZones.unit.ox.ac.uk.
2.
At time of writing the foundational RFC’s are: in RFC 1034 and 1035. Many other RFCs also apply
3.
While DNSSEC (RFC 4033) is not deployed currently, it is anticipated that this will be a requirement across the Internet.
4.
Legal Services website http://www.admin.ox.ac.uk/lso/faq/#d.en.30994 (para.8b)
5.
For example, being slow to respond, replying with out-of-date/inaccurate information.
6.
Legal Services website http://www.admin.ox.ac.uk/lso/faq/#d.en.30994 (para.8b)