UCI DNS Registration¶

Type: Standard¶

Version 2025¶

Goal¶

To expedite Security and similar investigations, define how devices connected to UCI controlled networks are registered in the DNS system.

Ownership¶

Direct questions to the Owner: TBD

Resources to comply with this standard should be directed via the Executive sponsor: TBD

Timeline & Enforcement¶

By the end of 2026, all new devices connected to a UCI controlled network MUST comply with this standard.

Exception Process¶

Exceptions to this standard may be granted by the Owner. To request an exception, please contact the Owner with a justification for why the exception is necessary and how it will be mitigated.

Terminology¶

• UCI controlled network: Any network that is controlled by UCI, including but not limited to networks with and without access to the public Internet, UCI Wi-Fi, networks in SDSC, AWS, or other remote locations.
• Public IP space: Any IP address that is routable on the public Internet.
• External view: DNS answers that are provided to queries from the public Internet.
• Internal view: DNS answers that are provided to queries from within UCI controlled networks.
• The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”, “SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be interpreted as described in RFC 2119

Requirements¶

1. Anything with a network connection on a UCI controlled network MUST have a corresponding DNS PTR record registered unless it is in a network segment that is dynamically allocated.
2. If registered, the DNS PTR record MUST contain a subdomain that can be used to identify a Unit or Team to contact about issues with that device.
3. The Hostname portion or other subdomains MAY be provide additional information, but MAY also be generic.
4. IP addresses in public IP space should have the PTR record registered in the External view.

Examples¶

• web.oit.uci.edu. - ACCEPTABLE
• Subdomain: oit indicates the device is managed by OIT.
• dhcp-z032-020.mobile.uci.edu. - ACCEPTABLE
• Subdomain: mobile indicates the device is connected to the mobile network which is managed by OIT, and that mobile connection logs will be needed to correlate who was using the device at a given time.
• Hostname: dhcp-z032-020 is a generic hostname that does not provide additional information but will identify the IP address for correlation with other data sources.