Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Abuse of the internet

In the modern world, the internet is the global medium for communication, information exchange, social interaction, collaboration and commerce. However, the internet's success has a down side. Precisely because it is so important to society and the economy, it is increasingly a medium for regimes, criminals and terrorists to pursue their own ends. Some of the most common forms of internet abuse are briefly outlined here.

(D)DoS attacks

More about SIDN BrandGuard > DNSSEC .nl Control

(D)DoS stands for (distributed) denial of service. A denial-of-service attack is ‘distributed’ if it involves a number of computers (sometimes millions) simultaneously bombarding a single target with traffic. The target may be a computer, a computer network or an internet service, and the aim of the bombardment is to render the target unavailable to ordinary users. An attack will typically entail so many computers trying to visit a particular website or use a particular service that the server cannot cope. As a result, the site or service is made unavailable to genuine users. Attackers will often use botnets to launch their assaults. A

botnet is a network of computers that have been infected with malicious software (malware). When activated by the attackers’ central command and control servers, the malware makes all the computers in the botnet send requests to the target at the same time. Botnet malware usually works in the background, without the people who own the infected computers being aware of it.

Reducing the risk

There are various ways of reducing the risk:

  • To prevent your computer becoming part of a botnet, it’s important to keep the software on your computer(s) up to date and to be selective about the links you click on. We recommend using anti-virus software as well.

  • Network administrators can protect their infrastructures with Intrusion Detection Systems (IDS) and/or Intrusion Protection Systems (IPS) or even honeypots. NetFlow is a very useful infrastructure protection tool. There are also services, some of which are free, which can alert you if your network is infected. Your internet service provider may well already use such services.

  • SIDN is protected in various ways against (D)DoS attacks that might otherwise disrupt its services and affect the availability of the .nl domain. For example, we have a network of (local) anycast nodes.

  • SIDN has also taken steps to prevent its DNS infrastructure being abused for ‘amplification’ attacks against third parties.

  • SIDN actively scans for command and control servers associated with .nl domains. When we detect such servers, we work with our partners to take them down.

General information about protection is available from the website of the National Cyber Security Centre.

Typosquatting

Typosquatting is a form of abuse that takes advantage of the fact that people sometimes make slips when typing web and e-mail addresses. For example, a user may get one or two letters wrong when typing the address of a website, and consequently find themselves looking at a site that is full of adverts or that offers a rival service. In other words, typosquatters cash in on the reputation and success of popular sites and services. Even worse, many typosquatters’ sites are used for criminal purposes. They may infect visitors’ computers with malware, for example. Or the squatter site may look just like the site of a trusted organisation, in order to trick visitors into parting with money or disclosing confidential information. Typosquatting is often closely linked with phishing. As a result, it undermines users’ confidence in the ‘genuine’ companies and institutions whose sites and services they want to use.

Reducing the risk

SIDN BrandGuard alerts you whenever a domain name is registered that is very similar to your domain name or company name.

Phishing

Phishing is a form of internet-based fraud, also known as website spoofing. The victim typically receives an e-mail that looks as if it comes from a bank, a social medium or another familiar service provider. In the mail there will normally be a link. However, the link takes the user to a fraudulent or ‘spoofed’ website. The spoof website will usually have a URL very like the genuine site that the user thinks they are visiting. What’s more, the spoof site may be very hard to tell apart from the genuine one. Consequently, the user is liable to think they are on the genuine site and, when prompted, to confirm their account details and/or provide other confidential information. So the phishers trick people into parting with personal details and passwords, which are then used to steal money from the victim or to obtain goods and services at the victim’s expense.

Reducing the risk

Look out for anything unusual or suspicious in e-mails you receive or websites you are directed to. The design might not be quite what you are familiar with, for example. Or the wording may not be what you would expect from your bank or service provider. Never give confidential information, such as your bank account details, your PIN or your Public Service

Number in an e-mail. Your bank will never ask you for that kind of information. - You can reduce the risk of phishing by protecting your computer or computer network with a virus scanner and making sure that you always have the latest browser version installed.

E-mail spoofing

E-mail spoofing is a common form of abuse. With e-mail, it is very easy to falsify a ‘from’ address, so that a message appears to come from, for example, a familiar organisation, when the real sender is a fraudster. Email spoofing is often used for sending spam. Web addresses given in spoofed e-mails are typically linked to fraudulent websites. Such sites may exist to trick visitors into giving confidential information (phishing) or to offer commercial or other services, often of dubious value. It isn’t always institutional mail addresses that are spoofed, however. Sometimes, a message will appear to come from someone you know – a form of attack known as ‘social engineering’.

Reducing the risk

Be on the lookout for suspect senders. Pay close attention to the contents of incoming messages: are there typing errors and grammatical mistakes of the kind you wouldn’t expect from a large institution? If the message starts ‘Dear…’ without giving your name, ask yourself whether that is normal.

  • You can protect your domain (or get it protected) with relatively new technologies, such as DKIM/DMARC and DNSSEC. Those technologies allow for sender verification, thus reducing the risk of abuse.

  • You can also protect your domain through the Sender Policy Framework (SPF). SPF enables receiving mail servers to check whether the sending mail server is allowed to send mail for the relevant domain.

  • You can give your messages a digital signature, e.g. using S/MIME. A digital signature is a form of authentication that the recipient can check.

  • Naturally all confidential e-mail should be encrypted, e.g. using S/MIME, PGP or by means of inter-server secure SMTP (StartTLS).