Appropriate Network Device and Domain Name Space Registration Procedure
The University of North Carolina at Greensboro
Policy Reference: Security of Networks and Networked Data
Approved: November 30, 2006
Document Maintainer: Information Technology Manager, ITS - Data and Voice Operations
Purpose
This procedure addresses the following sections of the related policy:
Section III.A.ii
- "All network attached devices require registration in the ITS network registration system.
- Name resolution to/from the Internet will only be provided for devices specifically identified as servers. Servers with administrative applications are subject to the Enterprise Systems Policy.
- ITS will manage additional domain name space (for example, email.uncg.edu, uncg.info) in support of the University mission.
- Individuals, academic colleges/departments, or administrative departments at UNCG may not create and support an Internet domain name space without prior approval of ITS."
Scope
This procedure covers all physical network access connections on the campus. All faculty, staff, and students are also implicitly covered.
Responsible Parties
- Faculty, Staff, Students
- ITS Employees
- ITS Approved Representative
Procedure
- ITS-Networks maintains the allocation of Internet Protocol (IP) addressing throughout the campus network. Each campus building is allocated IP addressing in accordance with the sub-networks operating in that building. ITS networks reserves the right to readdress building networks if the need arises due to expansion, contraction, optimization, or reallocation.
- All connected network devices within a building are assumed to be using Dynamic Host Configuration Protocol (DHCP) to obtain correct IP addressing.
- ITS-Networks also maintains Domain Name Services (DNS) for the campus network.
- Only ITS central DNS servers are permitted to operate on the campus.
- Devices identified as application servers will be granted public domain (A) records that are externally known.
- UNCG will not create domain (A) records that point to IP address space outside of the UNCG campus allocation.
- Internet Service Providers (ISP's) are not permitted to create domain (A) records that point to IP address space within the UNCG campus address allocation.
- All devices operating on UNCG's network will be identified through a database registration or authenticated via a Network Admission Control (NAC) system and centralized identity management systems (IDMS).
- Registration services are provided through an automated system known as NETREG, the ITS Tech Services Dept, or ITS Service Desk.
- Client network devices are expected to have only a single unique registered name which will be known to internal DNS servers.
- Web hosting services with the UNCG.EDU domain.
- Unique domain names for Web hosting purposes will be granted for devices residing within the ITS Enterprise Server farm. Up to four additional canonical name alias (CNAME) records within the uncg.edu DNS zone will be provided per server.
- Web hosting services for NON UNCG.EDU domains. ITS networks will provide domain name service for non uncg.edu domains that end with .ORG or .INFO only. Clients registering a unique domain name with an external provider are subject to the following restrictions.
- The Web server hosting the domain name must reside within the ITS Enterprise Server Farm.
- Clients must contact ITS Networks before registering the domain name with the external registrar and advise of a new externally registered domain name request.
- The domain name (DNS) servers ns1.uncg.edu and ns2.uncg.edu must be listed with the external registrar.
- The billing contact must be listed as the client requester of the domain name.
- The technical contact must be listed as hostmaster@uncg.edu.
- Once the domain name is created within UNCG domain name services, there will exist only a single record with the name of www.
- No email forwarding service or any other domain service will be provided. No other domain records will be provided.