Skip to Navigation | Skip to Content

Operating DNS Servers on NYU-NET

search the site

Click here to download a print-friendly PDF version of this page (Adobe Reader required).

did you know?

  • The domain name system (DNS) is an essential component of the Internet because it makes it possible to attach easy-to- remember domain names (like "www.nyu.edu/its/") to hard-to-remember IP addresses.

    Source: Wikipedia

These principles and policies address issues related to DNS servers on NYU-NET. They are an expansion of the NYU-NET Operational Principles for the benefit of those operating or interested in Domain Name Service (DNS) and related services.

General Principles

  • The main NYU-NET Network Operations Center (NOC) operates DNS service for all NYU domains including NYU.EDU and everything dependent on that.
  • The central NOC may delegate operation of a DNS server for a section of the NYU name space where there is a compelling programmatic or technical advantage in doing so.
  • The central NOC sets software standards for all nameservers in the greater NYU community.
  • Such nameservers must meet all technical requirements of the central NOC including operational issues such as staff coverage, staff qualification, update timing, and security policy.
  • If a dependent nameserver can not meet these requirements the central NOC will reassume responsibility for that portion of the NYU-NET namespace to insure continuity and quality of service.

Specific Issues

This is a list of some key consequences of the general principles which have come up in past discussions about providing this sort of service on NYU-NET.

  • DNS service requires two full-time production nameservers dedicated for that purpose. Only network management staff may have access to the servers. They cannot be multiuser machines permitting login access to other users.
  • These two machines must be in NYU address space.
  • The DNS server can do DHCP/BOOTP if authorized. It is not expected that the central NOC will authorize that for non-central servers given the state of the protocols in question.
  • A web server to control the DNS server would probably be OK with ACLs and SSL logins.
  • The systems must not have any known security vulnerabilities. Such servers are viewed as critical university infrastructure and must pass security scans during normal operation. They require regular system maintenance, monitoring, and installation of patches and operating system updates.
  • The DNS server software and its host operating system and any other services on that system must keep logs, so that the performance, security, and integrity of the NYU namespace and infrastructure can be observed, managed, and maintained.
  • The DNS server must be keep up to date with the main nameservers run on NYU-NET so that all features and bugs are taken care of.
  • Further delegation of any NYU namespace cannot be made by the authorized DNS server or managers. It must be done by the central NOC.
  • What zones are served are left up to the central NOC to decide. ALL other rules about NYU-NET must be followed (i.e., no DNS service for j.random place, etc.).

Questions or comments? Send email to noc@nyu.edu

All contents copyright
© New York University
All rights reserved
Page last revised: October 1999
Page last reviewed: August 22, 2006