REGISTRATION, MANAGEMENT AND USE OF UC SAN DIEGO DOMAIN NAMES
The Administrative Computing & Telecommunications (ACT) department is the sole steward of the UC San Diego network (including medical centers and hospitals) and the UC San Diego Internet gateways. As part of this role, ACT serves as the central point of contact for the outside world and is responsible for ensuring that the management of these University resources complies with applicable laws and regulations.
ACT is the sole coordinating unit receiving and reviewing requests for registration of domain names and IP addresses, and the sole endorsing authority for certificate requests. The department is the sole provider of Domain Name Service (DNS) information management and host/domain name registration for those organizations and individuals who are authorized to connect to UC San Diego's data communications network. These services are provided under the terms and conditions specified in this policy (and in others described in Supplement II: References & Related Policies).
Selected terms in this policy are defined in Supplement I: Definitions.
This document sets forth a domain name management policy that will conserve and appropriately acknowledge limited campus resources (such as IP address space, staff time, and computer processing); ensure compliance with applicable laws, University and campus regulations; and maximize accountability and problem management for purposes of campus computing security. Other University policies also apply to the operation of the campus network. Relevant policies are mentioned under Supplement II.
- Campus DNS management
In certain cases, for historical reasons and/or to provide a specialized service, certain departments have been granted authority to maintain their own DNS entries within the UC San Diego DNS server. This does not eliminate the requirement to register all campus equipment as specified in this policy and the Network Security Policy (PPM 135-3).
- The primary name server for UC San Diego is maintained by ACT, which may maintain secondary name servers and/or may conduct information transfers to other UC San Diego secondary name servers.
- Sub-domains in the UC San Diego DNS server are made available within the UC San Diego primary name server at the discretion of ACT for security and organizational purposes.
- In general, sub-domains are not delegated to name servers outside ACT. Specifically designated and approved name servers may be run only with the approval of and in compliance with principles specified by ACT.
- Use and registration of IP addresses
- ACT maintains registration information for all equipment connected to the UC San Diego data communications network, with certain exceptions. The required information for each piece of equipment includes IP address, hardware address, type of equipment and operating system, current contact information for the device's user (where appropriate) and security contact, physical location (where appropriate), department of record, and domain name.
- Computers and other equipment that make use of the data communication network at UC San Diego may use only IP addresses that have been registered with ACT and that have been assigned specifically to them, either by ACT or, for those departments who have been delegated permission by ACT to manage IP space for their area, by their departmental computing management. All IP address usage and all devices connected to the campus network must be registered with ACT, as noted in the Network Security Policy cited above.
- Users whose unauthorized use of a campus IP address leads to an IP address conflict or other violation of campus policies and procedures that must be investigated by ACT may be responsible for the time and material costs incurred by ACT. Conflicting or unregistered infrastructure may be removed from the network without notice.
- IP addresses that fall into disuse may be reclaimed by ACT after a period of six months without recorded use by campus backbone network equipment, unless otherwise arranged.
- Use and registration of domain/host names
- All domain names associated with official University names are managed and assigned by ACT; these domains include ucsd.edu and ucsandiego.edu. This policy covers sub- domain names, host names, CNAMEs and all other DNS name types.
- Host names (also referred to as domain names, and including CNAMEs) are assigned by ACT in UC San Diego domain locations.
- Eligible entities may request registration of host names of their choice on a first-come, first-served basis, provided that the names:
- comply with all University and campus regulations such as the policy on Use of the University Name and Seal (PPM 510-10);
- refer to their own department or organization, or to a project managed by the department or organization;
- do not imply affiliation with a campus individual, unit, department or activity with which the requesting entity is not affiliated, nor conflict or cause confusion with stated business needs of another individual, unit, department or activity;
- are not currently in use in a UC San Diego wireless, wired, dial-in, VPN or any other UC San Diego domain/sub-domain;
- will not diminish the University's mission or reputation;
- do not infringe on non-University trademarks;
- are requested by an official representative (including system administrators) of a campus department, unit, or other recognized campus organization.
Host name requests may be refused or altered for reasonable cause at the discretion of ACT.
- Host name requests shall be made using tools and procedures provided by the ACT Hostmaster. All requests must include the department, e-mail address of security contact, MAC (hardware interface) address, the device's operating system, and, wherever appropriate, the e-mail address of the user, name of the machine, and physical location of the machine. If the machine is moved or if any of this information changes, the Hostmaster must be notified promptly.
- In general, host name assignment is made on a first-come, first-served basis. If a host name requested is an official name of the department making the request (for example "mae", "psychology") and is already assigned to another UC San Diego department or organization, that organization may be asked to voluntarily give up the conflicting name. If the department holding the name refuses, and the requesting party will not accept an alternative name, ACT will make the final determination.
- Except for aliases and other non-address records, each host name must point to a valid UC San Diego IP address. Exceptions may be granted for legitimate business needs. Such exceptions must be approved by the Vice Chancellor with appropriate oversight for the requesting department, and are generally limited to: (a) special arrangements with vendors providing specific (generally UC San Diego-branded) services to UC San Diego faculty, staff, and students, where another arrangement is not possible owing to technical constraints - in these cases a University business agreement must be in place, or (b) cases where a UCSD host name must point at another educational or research institution's site in order to provide temporary hosting of an event, conference or journal. Business agreements must reflect relevant data retention, access, privacy and security issues necessary to appropriately protect University interests.
- Except as specifically noted in section D below, all host names and domain names registered at UC San Diego are the exclusive property of The Regents of the University of California. UC San Diego host names and domain names are subject to this policy and other University policies whether the Web sites or other electronic services associated with them: (1) are operated by campus entities, non-campus entities or others; or (2) are hosted on UC San Diego servers or on other computing facilities.
- Non-UC San Diego domain names for campus use
Campus units and departments are strongly encouraged to use only UC San Diego domain/host names (for example chem.ucsd.edu) in order to avoid confusing Internet users and to preserve and promote the integrity of UC San Diego. When a University unit promotes a Web address without the .ucsd.edu or .ucsandiego.edu domain name, such as chemistrydegrees.org, that unit dissociates the Web site from UC San Diego, which may cause confusion to Web users and may cause the University to lose some educational and marketing advantages that could have been developed from a more prominent and consistent association with the University.
The unit also opens the department and the University to risk owing to reduced University control, as when such a name is discontinued by the original UC San Diego department and is then purchased by a third party. This cannot be prevented unless the UC San Diego department continues to renew and pay for the non-UC San Diego domain name indefinitely.
Notwithstanding these disadvantages, the University recognizes that, for a variety of reasons related to business, outreach, and research, some units whose computers are physically part of the UC San Diego data communications network may wish to register non-UC San Diego domain names. All such cases must be approved by the Vice Chancellor with appropriate oversight for the requesting department. After approval, such requests must be processed through ACT.
Unless otherwise approved, Web servers must be configured so that non-UC San Diego host names are rewritten to appear as UC San Diego host names on page load. For example, an end user may type "ucsdhealthcare.org" in their browser, but when the page load completes, the URL would be displayed as healthcare.ucsd.edu. Unless otherwise approved, Web sites and other services provided under non-UC San Diego domain names must make clear their UC San Diego affiliation and must acknowledge the fact that their services are provided by UC San Diego.
Sites must comply with all University and campus regulations, including those of the UC Electronic Communications Policy regarding establishment of UC San Diego identity. The requesting department is solely responsible for all registration fees and ongoing costs, which will be recharged to them by ACT at time of registration and/or renewal.
- A UC San Diego faculty member or graduate student (when sponsored by a faculty member) may request a separate domain name for his or her laboratory, research project, or other work related to faculty status. This request must be endorsed by the department head. At the discretion of his or her department, such a faculty member or graduate student may be granted permission to transfer his or her domain name to another entity should that member or student leave UC San Diego; if granted, The Regents of the University of California relinquish ownership of the non-.ucsd.edu domain name.
- One or more department(s), unit(s) or other recognized campus organization(s) may request a separate domain name when business needs require, as when the unit has an independent business relationship with the outside community requiring "branding" of a service. Such a request must be made or approved by the department business officer or responsible faculty member.
- A faculty member, department, unit, or other recognized campus organization may request a separate domain name when a Web site must be created for a national project spanning several institutions or when a rotating project, such as a conference or journal, is temporarily housed at UC San Diego. In these cases, ownership of the domain name is not retained by The Regents of the University of California. (However, during their tenure at UC San Diego the domain name and site are bound by UC and UC San Diego policy and by California law.)
- A non-campus entity that is sponsored by a UC San Diego department and that has been granted use of the UC San Diego network (such as an organization that leases space in a building on campus-owned land) may request a non-UC San Diego domain name. In these cases, ownership of the domain name is not retained by The Regents of the University of California.
- The University retains the right to domain names that make use of the UC San Diego name or seal, that promote or identify a UC San Diego program, service or activity, or that are closely identified with UC San Diego, whether or not they are properly registered in the name of The Regents of the University of California.
- Domain names with top-level domains of ".com", ".biz", or other top-level domains that refer to commercial or business entities shall not be registered to point at UC San Diego IP space, except when approved by the Vice Chancellor for Business Affairs to support a critical University business need. Meaningful top-level domains should be
chosen. The top-level domains of ".org", ".info", ".name", or other top-level domains that refer to non-commercial, organizational, or professional entities are strongly recommended when a non-UC San Diego name is required.
Exceptions to these provisions may be made where historical or resource-sharing agreements have been made with other organizations to "trade" name services, especially where such trades provide increased redundancy for the campus network. (An example is ACT providing remote backup DNS services for other campuses in exchange for the reciprocal provision of remote ucsd.edu DNS service.)
- Unapproved activities
- The University recognizes that it is technically possible to point an unapproved name at UC San Diego IP space using an outside registrar as the source. The University does not condone such use and will take actions available to it to stop such instances when detected.
- Any person who registers or uses a domain name that makes use of the UC San Diego name to imply, indicate or otherwise suggest that an entity is connected or affiliated with, or is endorsed, favored, or supported by, or is opposed by UC San Diego and otherwise infringes upon UC San Diego's trademarks will be subject to sanction under federal and state law. Any registration or use of a domain name described in this section shall be referred to UC San Diego Campus Counsel.
REFERENCES & RELATED POLICIES
- CNAME - Additional host name that refers indirectly to another DNS name, often used for a Web site address or specification of a service.
- Domain name - A domain name may be used to refer to a host name, but in this document it refers to the Internet name of an organization. No two organizations can have the same domain name. A domain name always contains two or more components separated by "dots" (.), and includes the top-level domain. For example, the UC San Diego campus domain name is "ucsd.edu".
- Domain Name Service (DNS) - The way that Internet domain names are located and translated into IP
- DNS server - A server that provides IP address/host name mapping for computers on a network (see "name server").
- Host name - A method by which to identify and locate computers connected to the Internet. A host name typically refers to a particular computer or device that is part of a domain; for example, blink.ucsd.edu or popmail.ucsd.edu. The host name is mapped to a unique IP address in the DNS.
- Internet Protocol (IP) address - The location of a particular connection to the Internet, usually expressed as four series of digits separated by dots for Internet Protocol V4 (IPV4) addresses or as 16 pairs of hex characters separated by colons for Internet Protocol V6 (IPV6) addresses. A computer connection registered with the DNS has at least one domain name associated with one or more IP addresses.
- MAC/hardware address - MAC is an abbreviation for Media Access Control. A MAC or hardware address is a unique identifier for a computer or device's network adapter (wired, such as Ethernet, or wireless). A computer may have multiple hardware addresses.
- Name server - A server that provides IP address/host name mapping for computers on a network (see
- Non-campus entity - Any organization or group related to UC San Diego's educational, research or public service mission and having an affiliation or contractual relationship with UC San Diego. Examples include a non-profit entity, a professional organization or a commercial services provider.
- Primary name server - A name server that is authoritative for a domain and is the original source of all DNS information for that domain. Changes to the domain are made through non-DNS database updating, or through dynamic updating, first to the primary name server.
- Recognized campus organization - A group, organization, foundation, or association formally recognized by UC San Diego pursuant to the University's Policy on Support Groups, Campus Foundations and Alumni Associations, including the UC San Diego Alumni Association, and any organization formally affiliated with UC San Diego and located on the UC San Diego campus. Student and campus activity organizations registered through the Center for Student Involvement are also considered recognized campus organizations for purposes of this policy.
- Secondary name server - A name server that transfers all of the host information from a primary name server and that is authoritative for that domain.
- Sub-domain - For the purposes of this policy, a sub-domain is a further formal division of a name.ucsd.edu domain. Once a domain name (such as chem.ucsd.edu) has been established, it can be made into a sub- domain, with further divisions made within it for hosts (for example desktop1.chem.ucsd.edu). Sub-domains can be useful for establishing security boundaries, especially for Web-based/cookie-based services.
- Top-level domain - In a domain name, that portion of the domain name that appears to the right of the right-most "dot" (.), as the "com" in "ucsd.com" or "edu" in "ucsd.edu".
- UCSD POLICY AND PROCEDURE MANUAL (PPM)
135-3 Network Security, including Minimum Network Connection Standards
135-2 Academic Computing Services
135-5 UCSD Electronic Communications Procedures and Practices
460-5 Reporting & Investigating Improper Governmental Activities Misuse of University
Resources, Fraud, and other Financial Irregularities
510-1 Use of University Properties
510-10 Use of University Name and Seal, 1/1/01
- SYSTEMWIDE RESOURCES
UC Electronic Communications Policy, 11/17/00
Policy on Support Groups, Campus Foundations and Alumni Associations, 9/95
UCSD Guidelines for Advertising in Print and Electronic Media, 4/05
UCSD Graphic Identity Guidelines and Policies, 9/99
Conflict of Commitment
Other UC and UC San Diego regulations applying to campus activities, organizations, and students.
This Policy considers the following to constitute campus resources and subject to University and campus regulations pertaining to resources and facilities:
Physical network connections: Includes physical wiring in and between campus buildings, hubs, switches, wireless access points and/or routers that serve campus buildings or spaces leased by campus for departmental use.
IP address space: The following address blocks have been assigned to the University and are maintained by the American Registry of Internet Numbers (ARIN):
18.104.22.168 - 22.214.171.124
126.96.36.199 - 188.8.131.52
184.108.40.206 - 220.127.116.11
192.135.237 - 238.0-255
18.104.22.168 - 22.214.171.124
Additionally, local registries are kept for these UC San Diego -only addresses:
172.16.0.0/12, 192.168.0.0/16, 10.0.0.0/8, 2001:48d0:c000::/34, 2001:468:E90::/48
These address blocks constitute a University resource.
The campus Hostmaster in the department of ACT provides assistance interpreting and following this policy and may be reached via e-mail to firstname.lastname@example.org