IT Connect
Your connection to information technology at the UW

DNS Policy Guidelines

Critical (“top level”) zones and restrictions

The public faces of the University of Washington are the ‘washington.edu’ and ‘uw.edu domains’.

Records at the zone level in these domains can affect all subdomains beneath them and can potentially alter service behavior for the entire campus.  Record types at this level include but are not limited to A/AAAA, MX, NS, TXT, CAA, SRV, and DKIM.  As an example of cascading effects, CAA records can restrict which SSL Certificate Authorities are acceptable in all subdomains below washington.edu and uw.edu.

A secondary consideration involves perception of support for or implied endorsement of a particular external service offering.  The risks in these areas are more difficult to define but could have potential significance for the University’s reputation if misused by a vendor as a product endorsement (top-level records are, in general, visible to the Internet at large).  Alternatively, campus users may encounter software which locates certain top-level records and assume certain global services are available which are not in fact supported.

For each departmental request for a top-level record we will:

  1. Determine the scope of action for a particular type of record and its potential impact.
  2. Consider any potential support issues, especially if there is possible benefit to the campus as a whole in a campus-wide service offering.
  3. Determine if there are potential risks for installing particular records in top-level zones and if it is feasible to install such records within a department subdomain. (At times, this can include working with a vendor to refine a service’s configuration)

In all cases, given the complexity of the campus environment, we will be conservative in application as our overriding priority will always be the stability of our campus DNS service.

UW Subdomains and non UW domains

Historically, campus subdomains were created primarily by department groups for departmental email, creation of a specific windows domain, and departmental host organization.  Recently, subdomains have shifted to be created primarily for use as websites, and are often grant, project or event based.

UW-IT initially allowed a large number of two and three letter department names. For example, ‘ee’ for electrical engineering, ‘cs’ for computer science and ‘ess’ for earth & space sciences.  There are two problems with this practice: acronyms used as subdomains are not descriptive and do not give users any indication what the domain is used for, and domain names that are not fully qualified can conflict with country codes and three letter domain extensions  With the growing number of websites, we have adopted a best practice of using descriptive subdomain names, even if they require more typing.  Abbreviations that make sense (e.g. phys for physics) are still allowed.

The UW Groups service enables departments to create self-service Organizational Home Groups subdomains under the “uw_” stem, since these are required in the washington.edu or uw.edu namespace.

Current process:

UW-IT tries very hard to not allow offensive or controversial names.   At times, we are unaware or do not catch these (e.g. bad names translated from other languages). UW-IT retains the right to remove or change subdomain names when necessary.

Certain words and wordmarks will require additional approval from University Marketing and Communications.   These words include specific branding messages similar to the following examples and others from existing UW advertisements and promotional materials:

  • boundless, together, w day, for washington, undaunted, campaign, brand, gala, advancement, marketing, possible, foundation, population health

Campus subdomains require an accompanying Contact Group, whether existing or new.  Subdomains and some functions involving them can be accessed from the Networks Portal by Administrator level contacts.

Unlike top level or critical zones which can impact all of the University, authorized contacts may create whatever records within their individual subdomains.

In all cases, UW-IT reserves the right to make changes to or remove any DNS records to protect the DNS system and the University.

 

Last reviewed May 25, 2021