VT Hostmaster FAQ (Frequently Asked Questions)

Hostmaster Central

This is the start of an FAQ list for questions that get sent to the hostmaster. Please do not distribute this URL to the general public yet. If you found your way here, you're welcome to look around.


Questions

Click on the question to see its answer.

General

IP Addresses

Domain Names

Data Submission/Nameserver Restarts

Other Stuff


Answers

General

1. What does the hostmaster do?

The hostmaster is responsible for allocating IPv4 addresses and domain names to departments and Network Liasons, and for coordinating use of IPv6 OUIs and prefixes on campus. The hostmaster only interacts with departmental network liaisons. If you are an end-user and need IP addresses or domain names, see your network liaison!

2. How do I contact the hostmaster?

Email hostmaster@vt.edu. It is best to not use 4Help to make requests that the hostmaster must handle, as these are not regularly checked.

3. Who is my network liaison?

Find out here. In general, your network liaison will be for your department. However, in some cases, your domain name or IP addresses will belong to a different department.

4. My department doesn't have a network liaison. What do I do?

Unless your department was recently created, it is likely that your network liaison serves for your whole college or another department. If your department needs a network liaison, contact the hostmaster.

IP Addresses

5. How do I get an IP address?

Faculty/Staff with Ethernet

See your network liaison. Usually they will provide you with an IPv4 address or help you register your host for the DHCP roaming service.

Students with Ethernet

Static IPs are not allocated to students in the dorms. Use DHCP for IPv4 configuration and SLAAC for IPv6 configuration (this is often the default).

Wireless users

Static IPs are not supported on wireless; Use DHCP for IPv4 and SLAAC for IPv6 configuration (this is usually the default).

Network liaisons

Contact the hostmaster with info about your building, ports, and the number of addresses you need, and the hostmaster will allocate IPv4 addresses to you. For IPv6, you may use arbitrary addresses, but we strongly encourage you to use your OUI

6. Is there a charge for IP addresses?

No. The cost of IP addresses is covered in your monthly connection fee.

7. How many IP addresses can I have?

For IPv4, about one per connection.

The number of globally-routable IPv4 addresses assigned to the University is limited and NI&S must conserve them as much as possible. Network Liaisons requesting address allocations significantly larger then the number of connections, or with many unused addresses, will be asked to justify the allocation.

NI&S can supply network liaisons with a list of addresses allocated to their departments and information on how recently those addresses have been used on the network.

For IPv6, about 2^42 per host. We do not explicitly assign IPv6 addresses; network liaisons and system managers are expected to make reasonable decisions in configuring features like IPv6 privacy extensions.

8. What types of IP addresses can I get?

For IPv4, we mostly allocate public addresses. However, certain connections (such as on the RLAN) require use of RFC1918 ("private") IPv4 addresses instead. We can also allocate RFC1918 addresses, including ones that cannot use NAT to reach the rest of the internet, on request.

We do not allocate IPv6 addresses, however we do try to coordinate the IPv6 addresses used by departments through assigning OUIs, and may elect to coordinate use of ULAs (Unique Local Addresses) at some point in the future.

9. How do I get an IPv6 OUI?

On request, the hostmaster allocates Organizationally Unique Identifiers (OUIs) for use in assigning static IPv6 addresses. Rather than explicitly assigning addresses from IPv6, we give departments an OUI that we guarantee to be unique anywhere on-campus. This allows network liaisons to generate consistent IP addresses that they can easily identify as theirs. See this section for more details.

10. Who owns IP address x.y.z.t?

Look at the PTR record for the address (dig -x x.y.z.t) to find out what host it may belong to. If you are a network liaison, you can also check the IPR query tool

If you need to programatically determine this, there is a new API to the IPR available at https://orca-public.caas.nis.vt.edu/ipr/v1/public/ip/x.y.z.t/contacts; e.g. curl https://orca-public.caas.nis.vt.edu/ipr/v1/public/ip/198.82.247.66/contacts. This tool returns a JSON object, and a 404 indicates it is not "owned" by any admin group; the contacts returned are those of the network liasons responsible for the IP

11. Do you have a list of Virginia Tech IP addresses?

IP prefixes are a network routing mechanism and not an authorization mechanism. There is no set of IP prefixes that can define the set of "Virginia Tech users," and, the people who should be included in the set of "Virginia Tech users" varies with the application. If you are entering into some kind of legal licensing agreement, please read the following carefully:

Virginia Tech has been assigned a number of IP address blocks. Some of these addresses are used by non-University organizations and many University organizations are connected to the Internet by other ISPs. This means that an address-based authorization scheme will include some non-University users and exclude many University users.

The set of users who are considered Virginia Tech affiliates varies from application to application as well. "Virginia Tech affiliate" could mean "faculty, staff, or student", "anyone on campus", "anyone on the extended campus", and may or may not include groups like prospective students, alumni, and CRC employees.

Some examples of "outside" people that could have access:

Some examples of "inside" people that could be denied access:

If you wish to restrict access to only Virginia Tech users, we strongly encourage you to contact VT Secure Identity Services (SIS) to set up user authentication, instead.

All of this said, the most up-to-date source of "on-campus" addresses is here on 4help's knowledge base We make no guarantees that this is up-to-date or accurate; remote offices, extension sites, NAT, non-Blacksburg campuses, and research institutes use a wide range of other network addresses, some of which are routed exclusively on-campus. You may also refer to our registration with ARIN for more information about IP resources assigned to us.

12. How do I access services restricted to "VT IP addresses" from remote networks?

For resources at the University Library, you can use the library's proxy server. Go to Library WWW server and select "Get Help", then "Off Campus Access". You will find instructions on this page. You need a Virginia Tech PID and password to use this service.

For other services, you can use the Virginia Tech VPN.

Domain Names

13. How do I get a new 3rd-level domain?

If you are network liaison for your department and the domain is your department name or a common abbreviation for it, it can be allocated by the hostmaster (e.g. ece.vt.edu for the department of Electrical and Computer Engineering).

For all other 3rd-level domains, University Relations (unirel) will have to approve the allocation. Thus, if you want myproject.vt.edu, you'll want to contact the hostmaster in advance, so that they can forward your request and justification for the domain to Unirel. However, generally, campaign-specific domain requests are not approved, especially not if their needs are met by a short URI slug on a well-known page.

Please note: short (2-to-4 letter) abreviations generally will not be approved for non-departmental names as there is a high likelyhood of acronym collision. All non-departmental domain names are allocated on a first-come, first-serve basis, and the hostmaster reserves the right to change them at any time.

14. My department is changing it's name. Can I change my 3rd-level domain?

If your department is changing its name, we will change the name of your "admin group", and allocate your new domain name. We allow the two names to exist concurrently for about 6 months, in which you can change your data files and domain names. After this point, you will no longer be able to make updates to your old domain unless Unirel approves an exception.

15. How do I get a domain name associated with my IP address?

Contact your network liaison with information about your host, specifically IP addresses (on Windows, you can run ipconfig from the command prompt; on OS X and Unix, ifconfig will provide info) and your desired hostname. They will help you figure out what will work best for you.

16. Is there a charge domain name service?

Usually, no. Special configurations and serving external domains occasionally incurs small fees, but these cases aren't handled by the hostmaster.

17. How long can a domain name be?

See RFC-1035 (STD 13) Section 2.3.4

18. What characters are allowed in a domain name?

The following is from RFC-1035 (STD 13) Section 2.3.1

However, when assigning a domain name for an object, the prudent user will select a name which satisfies both the rules of the domain system and any existing rules for the object, whether these rules are published or implied by existing programs.

For example, when naming a mail domain, the user should satisfy both the rules of this memo and those in RFC-822. When creating a new host name, the old rules for HOSTS.TXT should be followed. This avoids problems when old software is converted to use domain names.

[...]

Note that while upper and lower case letters are allowed in domain names, no significance is attached to the case. That is, two names with the same spelling but different case are to be treated as if identical.

The labels must follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen.

Most notably, hostnames should not start with a digit, and must not contain underscores or any non-ascii characters.

While these rules are no longer strictly correct, we will encourage you to follow them.

19. I need a domain name delegated! Will you do this?

If you need a delegated domain name for your Active Directory/Kerberos Domain, or for some cloud services (e.g. using AWS Route53), we will delegate any of YOURDOMAIN.cloud.vt.edu, YOURDOMAIN.ad.vt.edu, cloud.YOURDOMAIN.vt.edu, or ad.YOURDOMAIN.vt.edu, or any subdomain of those. We will not delegate any other names.

Data Submission/Nameserver Restarts

20. When are the name servers restarted?

The nameservers are restarted on Tuesdays and Thursdays sometime between noon and 3pm, and at alternate times by request. Data is staged by 11am; please be sure to submit before then. See here for more info.

21. Who may submit data for the DNS?

Your department's network liaison or any designated secondaries may submit data, in the format described here.

22. What if I need a restart at a special time?

Contact the hostmaster.

Other Stuff

23. What if I need a departmental MX record?

See this. When configuring MX records, we strongly encourage you to also contact the hostmaster to add an SPF (Sender Policy Framework) record to your domain as well. This takes the form of a TXT record stating what hosts can send mail for this domain, and is documented in brief in the Appendix.

24. What about DHCP?

All VT networks have open DHCP, i.e. any host can get an address for that network when connecting. If you would like to not recieve an address issued by VT's DHCP servers, you can set NIS_IGNORE in your dhcp client identifier or vendor class identifier. This would be used, for example, if you run a departmental DHCP server.

25. Do you handle redirects?

No. If you need a redirect for a web host, you should use a CNAME record to point old hostnames to your new hostname, and configure the redirect in your webserver. We can add the CNAME for you, but we do not configure web redirects.


Hostmaster Central

Phil Benchoff, Eric C. Landgraf 2021-09-09