I am looking for a domain name registrant. Where can I look it up?
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
I would like to transfer my domain name to another registrar. What is the procedure?
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
The details registered about me/my company are incorrect or out of date. How can I get them updated?
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
Why is my domain name in quarantine?
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
What conditions do I have to meet as a registrar?
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
We do all we can to keep our systems secure. But it's always possible that you'll spot a weakness we've missed. If you do, please let us know, so that we can do something about it quickly. Reporting problems you come across is known as vulnerability disclosure (also known as coordinated vulnerability disclosure and responsible disclosure).
Please mail details to cvd@sidn.nl. You can also use our file transfer for this: https://fileshare.sidn.nl/. If you need help with that, call us on +31 26 352 5555.
Include as much information as possible, because that will help us reproduce the problem and put it right. We'd ideally like to have a description of what you discovered, complete with IP addresses, logs, screenshots and so on.
Please include your contact details (phone number or e-mail address), so that we can get in touch if we need to know more.
Other important points
Don't tell anyone what you found.
Destroy any data you've stumbled on.
Don't go deeper into our systems than you need to in order to show that there's a problem.
Don't abuse a vulnerability you've discovered. If you do, we'll inform the police.
What you do not need to report:
Social Engineering.
Resource exhaustion / (Distributed) Denial of Service.
Physical Access Testing
Situations that cannot be reproduced;Exploits that are not validated with a second tool/method, i.e. wrong result in tool A, right result in tool B
Cosmetical level issues, i.e. this does not look good in browser A
(You can drop us a line at communicatie@sidn.nl)
Situations where the problem lies on user (awareness) level, i.e. can be exploited when the workplace is left unprotected, click or keypress combo's.
Simple fingerprinting or version listings on OS, services or ports.
Reporting of publicly available files that contain public information
Secure/HTTP-only flag missing on cookies containing public information only
TLS misconfiguration without a proof of concept to exploit the weakness
Incomplete or missing SPF, DKIM or DMARC records
Services running at thirdparty service providers (verify their responsible disclosure statement on beforehand)
E-mail addresses found at a third party data breach
Publicly disclosed vulnerabilities, patched within the last 2 weeks
URL redirection (to a valid webpage)
Local content spoofing / clickjacking
Registered public IP addresses
Public files and information leakage through metadata
Missing security headers, options and flags
Outdated versions without proof-of-concept or working exploit.
Known issues
There are also problems that are already aware of and that we are working on or that we recognise as accepted risks. These problems are not mentioned on the website. Our support team is aware of them and will report them. As a result, the issue will not be dealt with.
What we'll do
We'll e-mail you within one working day, confirming receipt of your report.
Within five working days, we'll respond to the substance of your report and tell you when the issue will be resolved. Weaknesses are fixed as soon as possible and certainly within three months.
We'll keep you updated about progress with fixing the issue.
With your help, we'll decide whether information about the issue should be published. We'll name you as the person who discovered the problem only if you want us to.
Security.txt
RFC 9116 sets out a straightforward mechanism for organisations to publish their vulnerability disclosure policies and contacts details. The system involves publication of a file called security.txt on the organisation's website, written in a special legible and machine-readable text format. We follow this internet standard ourselves. Our security.txt file is available here: https://www.sidn.nl/.well-known/security.txt.
