IT Services



DNS Naming Policy


Contents



Preamble

The university itself owns several domains for trademark protection (for instance oxforduniversity.com) or for historical reasons (such as oxford.ac.uk and oxford.edu). College or department usage of these domains is deprecated and new DNS entries will not be permitted; units should normally look to use the ox.ac.uk domain, save for exceptions as described below.

We strongly advise that external domains should be registered through us to simplify administration and to minimise future problems, although this is not mandatory save in the case of .ac.uk domains. IT Services are a member of Nominet and act as a registrar for co.uk, org.uk and other Nominet-managed second-level domains. For most other domain names, IT Services act as an OpenSRS reseller. For certain special cases (such as .museum), we simply register through commercial providers.



Definitions



1. General

  • 1.1 All DNS records must conform to international standards as laid down in the RFC’s2.
  • 1.2 All names must not risk bringing the University into disrepute.
  • 1.3 Domain names must be approved by a Head of Department/Head of House.
  • 1.4 All active IP addresses must have a PTR record.

    Note: Due to current technical limitations there is a temporary exemption for IPv6.

  • 1.5 Currently the existing systems restrict domain names to 5 parts.

    Note: We will review this limit when new systems are implemented.

  • 1.6 All authoritative name servers must be capable of running DNSSEC3.
  • 1.7 IT Services may, from time to time, review domain names to ensure that they are still needed and/or legitimate. Those that are no longer being used will be taken down and may be reused.
  • 1.8 Any DNS records that do not conform to international and/or University standards must be removed promptly.


2. ox.ac.uk domain

  • 2.1 ‘The University's policy is that all University activities (other than those within OUP's remit) should be presented within the ox.ac.uk domain.’ 4 Exceptions are permissible if they meet certain criteria and are discussed later in this document.
  • 2.2 For reasons of accountability and security, hostnames within the ox.ac.uk domain may not ordinarily be pointed at IP addresses outside the address space allocated to the University. An exception may be granted where IT Services are satisfied the Unit retains a level of control over the hosted service comparable with a service hosted on the University network (see Conditions). All exceptions will be reviewed periodically.
  • 2.3 Delegation of Subdomains to a Unit’s Name Servers.

    Note: Due to current technical limitations IT Services can ordinarily only delegate AD zones. IT Services hope to change this in the future.

    • 2.3.1 We will only permit ‘full’ zone delegation in that the Unit has complete control and responsibility for this subdomain.
    • 2.3.2 The zone may then be used for any service except for the following:
      • 2.3.2.1 Email (MX records) can only be for PRAS recognised Units/Sub-Units.
      • 2.3.2.2 No ‘personal/vanity’ domain names.
    • 2.3.3 The zone becomes the responsibility of the Unit but IT Services may carry out ‘due diligence’ inspections to ensure that zone is not causing reputational damage to the ox.ac.uk domain in any way 5.


3. Non-ox.ac.uk domains

  • 3.1 ‘The University's policy is that all University activities (other than those within OUP's remit) should be presented within the ox.ac.uk domain. Oxford University Computing Services ("OUCS") is solely responsible for controlling ox.ac.uk and its sub-domains. Any department, faculty, unit, institute or other grouping within the University (except OUP) which wishes to make use of any other domain should refer to OUCS for approval (which in general will be granted only in connection with projects which have a wider reach than the University, and which need a distinct and identifiable presence).’ 6
  • 3.2 Hostnames not within the ox.ac.uk domain may not ordinarily be pointed at IP addresses on the University network. Exceptions will be made only by special arrangement (and may require payment of a licence fee). Reverse-mapping will always return an address within ox.ac.uk.
  • 3.3 Purchasing
    • 3.3.1 Subject to all the above caveats IT Services will purchase domains for all Units.
    • 3.3.2 As a matter of courtesy, IT Services can also register domains when requested by appropriate staff in Colleges and subsidiaries, which will be registered on their behalf.
  • 3.4 DNS hosting on University of Oxford IP address space
    • 3.4.1 Anything purchased by IT services would normally be DNS hosted on our central DNS servers.
    • 3.4.2 We will also consider DNS hosting domains purchased through other means e.g. project shared between different Universities.
    • 3.4.3 We will not host personal vanity domains, or any domain for non-University purposes.
    • 3.4.4 Trademark Protection: In the case of domain names obtained purely for trademark protection, we will normally only permit a DNS entry for www within that domain. Accessing that site should result in the user being redirected to the standard URL within the ox.ac.uk domain. Where multiple domains have been obtained for use by the same project (for instance identical names under .com, .net, and .org), we strongly encourage use of one domain as standard and the alternatives to be configured as redirects.

In addition to local policy, all purchases and usage of domains must be in line with the policies laid down by the appropriate domain registries and the domain registrars through which we make our purchases. These are listed below:

Approved OUCS/SMG (31/07/12)