Login   |   Secure Purdue > Best Practices

PROCEDURES FOR USE OF THE PURDUE UNIVERSITY DOMAIN NAME SYSTEM

PDF icon View PDF for print

Issued April 7, 2014 from IT Infrastructure Services.
Questions about this document can be addressed to hostmaster@purdue.edu.

Introduction:

The Domain Name System (DNS) is a distributed database system used to translate hostnames (i.e., www.purdue.edu) to IP addresses (i.e., 172.31.9.5) and to translate IP addresses back to hostnames. Global authority for the DNS has been delegated by the Internet Architecture Board to several top- level registries. These registries further delegate authority for portions of the DNS to sites on the Internet and may, in turn, have portions of their namespace delegated to other entities.

At Purdue University, authority for the purdue.edu namespace has been delegated to ITaP’s Infrastructure Services (ITIS) group. ITIS is responsible for the smooth operation of the Purdue DNS and works with other departments to coordinate changes and manage resources for the benefit of the University as a whole.

The purpose of this operational procedure is to provide instruction for use of the Purdue University DNS and to maintain consistency in the registration request process.

Subnet Allocation and Use:

Purdue University’s West Lafayette campus has been assigned multiple IP networks by the American Registry for Internet Numbers. These networks are:

128.10.0.0/16

Computer Science

128.46.0.0/16

Engineering Computer Network

128.210.0.0/16

West Lafayette campus address pool, administered by IT Networks and Security

128.211.0.0/16

Split between Computer Science and the Campus address pool

204.52.32.0/19

College of Agriculture IT

192.5.40.0/24
192.5.101.0/24
192.5.102.0/24
192.31.0.0/24

Reserved for network management

Additionally, Purdue’s Regional campuses have the following assigned networks: 

 

134.68.0.0/16

IUPUI

149.164.0.0/16

IPFW

163.245.0.0/16

Purdue North Central

205.215.64.0/18
69.51.160.0/19

Purdue Calumet



The West Lafayette campus network supports the use of private IP subnetworks as defined in the Request for Comments (RFC) 1918, a publication of the Internet Engineering Task Force and the Internet Society, the principal technical development and standards-setting bodies for the Internet. Currently, the address ranges defined in that document are handled by the West Lafayette campus network as follows:

192.168.0.0/16

Completely private (no router presence), but may span between buildings

172.16.0.0/12

Fully  routed   within   the   West   Lafayette   campus network

10.0.0.0/8

Partially  routed  within  the  West  Lafayette  campus network

Usage of subnets of these private address ranges is coordinated by the ITIS Data Network Team. When a group wishes to be assigned a portion of one of these address spaces, it should contact the ITIS Data Network Team (see Contact Information section) indicating the size and type of address space needed, along with a brief description of the intended usage. As ITIS Data Network Team’s role is only to coordinate, configure the network and record the usage, no reasonable request will be denied. 

Procedures for subnet allocation specified in this document apply only to the address space controlled by ITIS Data Network Team. Other groups with IP address space assigned to them may have their own procedures.

Subnet Assignment

ITIS attempts to balance good utilization of finite address space, while allowing adequate room for expansion by organizational entities. Currently, ITIS assigns subnets sized to meet the anticipated needs of the customer. To achieve this, the target initial population for a subnet should be between 50-75 percent of the initial allocation.

An organizational entity must audit their currently assigned IP addresses to ensure that their currently registered addresses are actually in use prior to requesting additional address space. Requests for ITIS assistance with this audit can be sent to hostmaster@purdue.edu.

An organizational entity should send a request to ITIS Data Network Team (see Contact Information section) if additional address space is still needed after cleaning up any unused addresses. The request should provide a growth projection for the next 6-8 months and contain a plan describing how an organizational entity will split one or more of their existing subnets to achieve the target initial allocation indicated above.

While a balanced split is desirable, it is unlikely that a perfect split will be achieved. The organizational entity should take the opportunity to consider dividing their network users along logically consistent lines, preferably geographic. For instance, an organization may want to split its network to place all users in one building on one subnet and those in another building on a different subnet (or split existing subnets between wings or floors of a building).

Although the available address space is finite and this procedure seeks to conserve available address space, no reasonable request for address space that conforms to the above guidelines should be denied. ITIS may request that organizations consider using Network Address Translation or private address space if address space is limited or full Internet access is not required (i.e., networked printers).

Note:  Address space allocations for IPv6 networks are still being developed. When address allocations for IPv6 are made, the same standards and procedures listed for current IPv4 addresses in this document will also apply to IPv6.

Address Allocation within a Subnet

Address allocation within a subnet is a cooperative effort between the Hostmaster and the group assigned to the subnet. As part of this cooperative effort, ITIS will make reasonable efforts to comply with the requests of the group with respect to specific IP addresses. However, it should be noted that all addresses within ITIS administered space are owned by ITIS, not the group or groups assigned to the subnet.

Up to the first 10 addresses on any /24 subnet shall be reserved to ITIS. These will be used for router attachment, testing, and other network monitoring and management functions.

When an organizational entity has an entire subnet, or multiple subnets assigned for its use, it may exercise nearly complete control over how it chooses to assign addresses. The organization may choose to divide the address space to try to collocate various sub-groups, or may simply exercise a “first come, first serve” policy. Regardless of the method used, all addresses in use must be registered with the IP address management ( IPAM) solution.

When an organizational entity shares a subnet with another group, care must be taken to ensure that each group’s address assignments do not interfere with the other.

Domain Name System (DNS) Procedures:

Top-Level Host Names

A top-level host name is a host name in the purdue.edu namespace that is not a member of any subdomain (e.g., itap.purdue.edu). The procedure for applying for a top-level host name is set forth in the below section titled DNS Service Requests.

Subdomains

Each University organizational entity is entitled to one subdomain of purdue.edu. Any organizational entity may change its subdomain name at any time. If an instant change is desired (no overlap between old and new names), the request can be made by sending an email message to hostmaster@purdue.edu indicating the change.

Once the name change has been processed, the organization is expected to make every effort to complete the change and abandon the old subdomain name by the end of the agreed upon overlap period. If, despite appropriate effort, the change cannot be completed by the original date, an extension may be requested by sending an email to  hostmaster@purdue.edu.

Student Organizations

Requests to register names for student organization machines may be made by the faculty sponsor for the organization or by an officer of the organization, provided that the faculty sponsor is copied on all correspondence. Requests from new student organizations must identify the name and email address of the faculty sponsor to be processed. Requests can be made by sending an email to hostmaster@purdue.edu.

Foreign Domain Names

When an organizational entity wishes to pursue a foreign domain name, a domain in the Purdue University DNS space that is not part of the purdue.edu domain, ITIS provides two options:

  1. Self-managed
  2. Purdue managed 

An organizational entity choosing the self-managed solution is responsible for all aspects of providing the DNS service for the foreign domain and must notify the Hostmaster prior to implementation. This includes contacting an appropriate registry (including paying any fees they may assess), providing or identifying willing DNS server hosts, and working with the maintainers of those hosts for the registration of any aliases for Purdue hosts. ITSP’ only responsibility in the self-managed solution is to respond to any request by the registry or DNS server administrators for authorization to assign aliases to Purdue hosts. 

An organizational entity choosing the self-managed solution (not recommended) is responsible for all aspects of providing the DNS service for the foreign domain and must notify the Hostmaster prior to implementation. This includes contacting an appropriate registry (including paying any fees they may assess), providing or identifying willing DNS server hosts, and working with the maintainers of those hosts for the registration of any aliases for Purdue hosts. ITIS’ only responsibility in the self- managed solution is to respond to any request by the registry or DNS server administrators for authorization to assign aliases to Purdue hosts.

For organizational entities choosing the Purdue-managed solution, ITIS will take on all responsibilities for establishing and maintaining the foreign domain name (preferred). This includes contacting the appropriate registry (and paying any fees  assessed), providing and  configuring at least  two DNS servers,  and responding to host registration requests in the same manner as requests for purdue.edu registrations.

In essence, the foreign domain is operated exactly as the purdue.edu domain. There is a minimal cost for this service to cover expenses associated with managing a foreign domain name.

When the foreign domain name comes up for renewal with the external registry, the organizational entity will be contacted by the Hostmaster and asked if it wishes to continue the service. Notices from the Hostmaster will be sent 30 days, 2 weeks and 1 week before expiration. Only a positive response will result in the service being continued. No answer, or a negative answer, will result in the foreign domain being retired from service when the external registry’s term expires.

DNS Service Requests

An organizational entity or other group within the University may request the following items by sending a request to hostmaster@purdue.edu.

  • Requests for a top-level host name
  • Requests for a student organization top-level host name
  • Requests for a Purdue-managed solution for a foreign domain name

A supporting email signed by the appropriate dean, department head, or organizational director, should also be sent to hostmaster@purdue.edu.

Top level domain ("site.purdue.edu") or hostname request process

When a request for a top level domain or hostname is received (preferably submitted as an email to hostmaster@purdue.edu), a FootPrints ticket is created for tracking. Once the FootPrints ticket is created, the Hostmaster completes the following steps.

1.   Hostmaster checks with the requestor to make certain a top-level domain is needed, or whether a subdomain could be used instead.

2.   If a top level domain is required, Hostmaster asks for a memo from a dean, department head, organizational director or higher with a short statement of the purpose and use for the name.

3.   Hostmaster confirms the name is available, reviews the memo and shares the request with the Domain Oversight Committee via email. Those members include:

a.   Martin Sickafoose (Marketing & Media)
b.   David Wilson (Marketing & Media)
c.   Scott Ballew (ITaP Web Administration).

4.   The Domain Oversight Committee members review the request to make certain

a.   there is no licensing conflict,
b.   the name will not cause confusion with existing names,
c.   the name will not cause confusion with existing webpages,
d.   other.

If there are no difficulties, review generally takes less than one day.

5.   The Domain Oversight Committee members communicate their findings via email to the Hostmaster.

a.   If there potential problems with the request, Hostmaster contacts the requestor to explain the issues and discuss alternatives.
b.   If no problems are identified, Hostmaster proceeds with provisioning the request, which generally takes a few minutes if there are no difficulties.

The goal is that all top level domain requests will be processed for approval within two business days. 

Registration Requests

All host registration requests (whether additions, changes, or deletions) should be fulfilled by the organizational entity’s designated departmental hostmaster via the IPAM solution. When a change or deletion is requested, it is advisable to include the old information (IP address and host name) in addition to any new information to help avoid errors. If a request is unclear or the departmental hostmaster is uncertain what the request means, the departmental hostmaster will contact the requestor for clarification.

DNS services are provided by the central DNS server. Departments that have their own address space (as listed in the tables on Page 1) may request permission from the Executive Director for IT Infrastructure Services to have service for their domains delegated to their own servers.

While every effort will be made to process pending host registration requests in a timely manner, no guarantees are provided as to exactly when the request will be processed. If a request needs to be fulfilled by a specific time, the request should be sent to the departmental hostmaster at least two business days in advance of the desired change and should clearly indicate when change should occur. Failure to provide appropriate advance notice may result in the change happening later than the requested time.

IPAM Solution

Designated departmental hostmasters will be able to use the IPAM solution to register, modify, and remove DNS entries for their delegated domains and subnets. They will be responsible for ensuring that any names registered meet the DNS naming policy guidelines. Requests for new subdomains, foreign names, and other top-level requests will still be managed by the ITIS Hostmaster.

Contact Information

Hostmaster at Purdue is maintained by ITaP Infrastructure Services. All questions about the Purdue University DNS, host registration requests, or other requests designated in this document must be directed to the Purdue University Hostmaster at  hostmaster@purdue.edu.

The ITIS Data Network team can be contacted by sending an email to  itap@purdue.edu to create a FootPrints ticket. The email should include a request that it be assigned to the ITIS Data Network team.

Related References:

Issued January 14, 2011 from IT Security and Policy. Questions about this document can be addressed to hostmaster@purdue.edu.

Revised September 5, 2012 to update IT Security and Policy new name.

Revised April 7, 2014.