UPPS 04.01.08 - Texas State Domain Name and URL Policy
Texas State Domain Name and URL Policy
UPPS No. 04.01.08
Issue No. 5
Effective Date: 4/01/2022
Next Review Date: 4/01/2025 (E3Y)
Sr. Reviewer: Chief Information Security Officer
Texas State University is committed to maintaining domain names and URLs according to rules and regulations.
This policy directs the assignment and administration of domain names, domain name services, and Uniform Resource Locator (URL) values at Texas State University. Adherence to this policy:
assures that all Texas State domain names and URLs are consistent with the rules, regulations, standards, and practices of EDUCAUSE (the registrar of the .edu internet domain) and the Domain Name System (DNS) employed by the global internet community;
facilitates accurate and efficient resolution of Texas State domain names and URLs to their corresponding numeric Internet Protocol (IP) addresses;
promotes institutional consistency in the selection and naming of domains and other URL components;
assures that domain names associated with Texas State are a positive reflection on the university; and
maintains clarity and reduces ambiguity for users of Texas State’s information resources.
For additional information regarding this policy see Answers to Frequently Asked Questions and Best Practices for Managing External Domain Names.
Like the global DNS, the domain naming convention described in this policy aligns domain names and URLs with the university’s organizational structure to eliminate duplicates, avoid conflicts, and minimize ambiguity. Consequently, a third-level domain or top-level folder must reflect the identity of the responsible university organizational unit (e.g., division, college, school, or department), unless an exception is authorized under criteria described in Section 03.04.
Texas State has registered official university domains. All official university websites and services must be registered within official university domains (e.g., txst.edu), including those of:
divisions, colleges, schools, departments, and other university operating units;
recognized university organizations that host content on any server within the txst.edu domain; and
individual faculty or staff in the performance of official university functions.
As an institution of higher learning, the university values and encourages the open exchange of information. To that end, university entities (individuals, groups, or organizational units) may register a website or service under an official university domain if that site or service:
is consistent with the entity’s role at the university;
does not detract from or impede the university’s mission; and
complies with all university policies, most notably the following:
UPPS No. 04.01.01, Security of Texas State Information Resources;
UPPS No. 04.01.02, Information Resources Identity and Access Management;
UPPS No. 04.01.07, Appropriate Use of Information Resources; and
UPPS No. 04.01.11, Risk Management of Information Resources.
Sites that fail to meet all these criteria may be inappropriate for inclusion within official university domains.
The Web Governance Committee is responsible for implementing this policy and will work with individual resource owners to ensure the assignment of URLs and domain names that are both effective labels for the referenced resources and consistent with the provisions in this policy.
The Web Governance Committee will review and authorize each new third-level domain and top-level folder for official university domains prior to its activation in the Texas State domain name service.
Matters pertaining to the assessment, mitigation, and management of risks presented to the university, its information resources, and many of the subjects outlined in this policy remain the responsibility of respective resource owners and the university’s chief information security officer, as detailed in UPPS No. 04.01.01, Security of Texas State Information Resources and in UPPS No. 04.01.11, Risk Management of Information Resources.
Resource owners may not publish a new third-level domain or top-level folder in any form or media without such authorization. Resource owners may appeal denied URL requests to the vice president for Information Technology, whose decision is final.
Domain Name System (DNS) – the internet’s address resolution system. The DNS makes it possible to locate computers on the internet by textual name, rather than by the harder-to-remember strings of numbers that form an IP address. The DNS consists of a network of specialized servers that resolve (translate) textual domain names into their corresponding numeric IP addresses.
Internet Protocol (IP) Address – under IP version 4 (IPv4), a string of four numbers separated by periods (such as 126.96.36.1994) used to represent a computer on the internet. The format of the address is specified by the IP in RFC 791. Most people use domain names instead, and the resolution between domain names and IP addresses is handled by the DNS.
Official University Domains – second-level domains registered by the university under the .edu generic top-level domain (gTLD) through the EDUCAUSE domain registrar (e.g., txst.edu). The designation of official university domains are subject to authorization by the institution head.
Resource – any website or network service offered through the university and denoted by a Texas State URL or domain name.
Resource Owner – an organizational unit or individual constituent of Texas State that has established or wishes to establish a website or network service denoted by a Texas State URL or domain name (see also “information owner” in the Information Security Glossary).
Uniform Resource Locator (URL) – an identifier that specifies the internet location of an existing resource or service and the mechanism for accessing it. The syntax is:
aaa://bbb.ccc.ddd/eee, as in the example https://library.txst.edu/my-library, where:
aaa is the protocol (e.g., https);
bbb is the third-level domain or hostname (e.g., library);
ccc is the second-level domain (e.g., txst);
ddd is the top-level domain (e.g., edu); and
eee is the top-level folder (e.g., my-library).
Web Governance Committee – this term refers to the committee established in UPPS No. 04.01.06, University Websites.
PROCEDURES FOR DOMAIN NAMES INSIDE OFFICIAL UNIVERSITY DOMAINS
Information systems connected to the university network are nodes within the Texas State internet domain. Resources hosted by these information systems shall be identified in Texas State’s DNS services using “edu” as the top-level domain and “txst” as the second-level domain.
However, under some circumstances the university may choose to contract with a third party to host and administer an information system. The university may choose to reference the external service by assigning an official university domain name that points to the external service. The following are some examples:
Resource txst.edu Domain Name Actual Domain Name Texas State Athletics Website athletics.txst.edu www.txstbobcats.com Human Resources Jobs Portal jobs.hr.txst.edu txst.peopleadmin.com
In such situations, the outsourcing department should ensure that prior to their entering or registering with the outsourced resource:
the resource is hosted or managed by an authorized university provider, especially if the resource reflects Texas State branding, logos, or trademarks; and
users of the resource are afforded access to the provider’s privacy and security policies and encouraged to review them before proceeding.
The university’s domain naming convention is designed to align with its organizational structure to eliminate duplicates, avoid conflicts, and minimize ambiguity. Consequently, a URL’s third-level domain (or top-level folder, if applicable) should reflect the name of the responsible university organizational unit (e.g., division, college, school, or department) and should be generally recognizable to visitors to the university website. Information Technology and University Marketing will follow this convention when working with organizational units to determine their third-level domain names and top-level folders. Examples of URLs conforming to this convention include: finearts.txst.edu, library.txst.edu, and txst.edu/liberalarts.
The Web Governance Committee may authorize exceptions for third-level domain names and top-level folders within official university domains only if:
the proposed name does not require additional organizational qualification to prevent confusion with other university sites or services (e.g., for a site depicting only the internship opportunities available through the McCoy College of Business, “internships.mccoy.txst.edu” would be acceptable whereas “internships.txst.edu” would not);
the proposed name is unlikely to cause confusion with future university sites or services that can reasonably be anticipated (e.g., “research.txst.edu” is acceptable as the hostname for a “gateway” site for information related to the breadth of research activities at Texas State, but it would not be acceptable as the hostname for the research activities of a single department or college, or for the departmental website of the Office of Sponsored Programs); or
the proposed name is unlikely to change in the foreseeable future.
Texas State domain names are intended to be relatively stable so that hyperlinked references to them remain reliable without the need for multiple redirecting entries or frequent updates to the university’s DNS servers. Because of this at least one of the following additional conditions must also be true:
the proposed name identifies a consortium of many different organizations from inside or outside the university;
the proposed name identifies a center or institute that is not a department or housed within a department or other university organizational unit; or
the proposed name identifies a specific resource that is not clearly associated with any single department or unit (e.g., brand.txst.edu, mycatalog.txst.edu, hb2504.txst.edu, txst.edu/about).
All such exceptions may be subject to periodic review by the Web Governance Committee to determine if the exception is still warranted.
With some exceptions, most txst.edu websites are registered under two domain names, one that includes the “www” prefix and one that does not. Either can be designated as the primary with the other provided by Information Technology via a redirection service. For example, https://catsweb.txst.edu is the primary URL for CatsWeb services, but those services are also reachable via https://www.catsweb.txst.edu.
Third-level domain names and top-level folder names may not exceed 63 characters in length and should be comprised of letters, numbers, and hyphens (i.e., no spaces or special characters).
Domain names must not be controversial or offensive. Domain names and other components of URLs must not misrepresent their purpose or contain confidential information.
Information Technology will contact the registered owner or custodian of any resource that does not respond appropriately to network connection requests. If the inappropriate condition persists, Information Technology may block or redirect connection requests to the offending resource until the situation is resolved.
Information Technology or the Web Governance Committee may revoke or deny DNS service at any time for any resource found to be in violation of legal statutes or university policies.
University affiliates (e.g., alumni association, booster clubs, etc.) that are sponsored by an existing university office, department, or faculty or staff representative may register resources within an official university domain consistent with other provisions of this policy.
PROCEDURES FOR DOMAIN NAMES OUTSIDE OFFICIAL UNIVERSITY DOMAIN
Information Technology operates the university’s DNS service primarily to resolve the domain names of university information systems to their corresponding IP addresses. The Web Governance Committee, in consultation with Information Technology, may elect to provide DNS services (e.g., address translations, re-directs, etc.) for external information systems, including those hosted outside the txst.edu domain if, in the committee’s judgment, all of the following conditions are met:
the proposed resource significantly supports university-related organizations or functions;
the proposed resource will likely be used by a significant number of faculty, staff, or students;
the proposed domain name of the resource is unlikely to be confused with that of a Texas State organizational unit or with any existing resource within the txst.edu domain; and
the administrator (e.g., vice president, dean, director, chair) of any organizational unit with which the hostname might otherwise be associated has explicitly authorized the use of the hostname on a host outside of txst.edu.
All such requests will be considered on a case-by-case basis (see Section 03.02 for examples of previously-authorized requests).
The Web Governance Committee and Information Technology may refuse to provide domain name services for any resource hosted outside the txst.edu domain if the resource signifies or represents:
a legitimate or significant risk to the confidentiality, integrity, or availability of the university’s information resources;
a risk to the reputational standing of the university;
an organization or venture, commercial or noncommercial, that is not an explicit part of the university; or
a project or activity that is funded primarily by non-university resources.
University affiliates (e.g., alumni association, booster clubs, etc.) that are sponsored by an existing university office, department, or faculty or staff representative may register resources outside of an official university domain, consistent with other provisions of this policy.
External domain names registered by internal and external university affiliates (i.e., any party subject to other provisions in this or other applicable policies) must use a domain registrar based in the United States that has been authorized by the Information Security Office. Information about current, authorized domain registrars may be requested from the Information Security Office. New or additional domain registrars may be vetted by the Information Security Office by request with adequate business justification (e.g., a compelling need to register a name at a top-level domain not provided by an already authorized registrar).
To host a publicly accessible resource on an information system with a Texas State IP address, the resource owner must use an official university domain as the resource’s top- and second-level domain names. Such resources can be registered under other, additional domain names (e.g., “.com” or “.net”) with external domain registrars, but those externally-registered domain names must ultimately resolve to the same IP address as the university URL assigned to that resource. Such “vanity URLs” are subject to review and authorization consistent with this policy. Additionally, external domain names should be registered through reputable, authorized domain name registrars authorized by the Information Security Office.
The above notwithstanding, Information Technology cannot guarantee and is not responsible for the accessibility of any resource registered under a domain other than an official university domain. The information resource owner, under the advisement of the Information Security Office, will be ultimately responsible for ensuring the security of externally registered domain names.
To facilitate compliance with this requirement, the administrator of the resource should contact Information Technology and the Web Governance Committee to coordinate associated domain name services and IP routing configurations prior to requesting the domain name and prior to configuring any services related to the domain name and its IP address.
Third-party domain name registrars may offer additional services and products to their customers. Additionally, registration of an external domain name often allows the registrant access to DNS features normally managed by Information Technology. The registration and authorized use of an external domain name as outlined in this policy (e.g., “vanity” URLs) does not grant authorization to use or procure additional services, products, or features. Each type of additional product or feature will require a context-dependent security assessment prior to authorization, consistent with typical IT procurement practices (see Best Practices for Managing External Domain Names for guidance and additional background regarding this policy).
REVIEWERS OF THIS UPPS
Reviewers of this UPPS include the following:
Position Date Chief Information Security Officer April 1 E3Y Associate Vice President for Technology Resources April 1 E3Y Associate Vice President for Information Technology Assistance Center April 1 E3Y Assistant Vice President for University Marketing April 1 E3Y Vice President for Information Technology April 1 E3Y
This UPPS has been approved by the following individuals in their official capacities and represents Texas State policy and procedure from the date of this document until superseded.
Chief Information Security Officer; senior reviewer of this UPPS
Vice President for Information Technology