Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

"A cyber-attack is an attack on the nervous system of modern society"

Onus is on potential victims to look after themselves

A pop-up on computer screen, notifying you that the system has been hacked

The central conclusion of the latest national cybersecurity survey is less than encouraging. Cyber Security Beeld Nederland ('Dutch Cybersecurity Survey', CSBN for short) is an annual report by the National Coordinator for Security and Counterterrorism (NCTV) and the National Cyber Security Centre (NCSC). It covers cybersecurity threats to the Netherlands, the nation's digital resilience and the potential for problems arising from a mismatch between the two.

And, so far, the central conclusion of every edition has taken the form of a strong warning about lack of preparedness. Indeed, the tone of the warnings has recently become increasingly urgent and the description of the threats increasingly substantive. This year, however, the CSBN has gone from warning us about threats we might face to telling us about threats that have actually materialised.

Are they smart, or are we stupid?

The cyberthreats facing the Netherlands are increasingly serious and extensive. What's more, the NCTV and NCSC believe that we're inadequately prepared to meet those threats. Indeed, my own impression is that the 'preparedness gap' is growing. "Cybercriminals are getting smarter," we're often told. Perhaps it's more a question of smarter people (or more smart people) turning to cybercrime. And a question of them having access to, and making use of, increasingly advanced technologies and increasingly professional support processes. However, it sometimes seems that the bad guys don't have to be very sophisticated at all: ransomware-as-a-service and systems that support untraceable ransom payments in cryptocurrencies can give a beginner a flying start in the world of internet crime. The AIVD and NCTV have previously pointed out that unscrupulous state actors are increasingly willing to take advantage of our vital services' dependency on the digital infrastructure. Digital espionage and sabotage are attractive options for any nation inclined to target a strategically located, knowledge-based society like ours. Surely by now none of that is news to boardroom-level decision-makers? Yet decision-makers at companies of all sizes seem to remain persistently ignorant about and uninterested in cyberthreats and cybersecurity. Although chief financial and risk officers are more influential than ever on company boards, digital threat awareness rarely appears to influence corporate thinking.

Flirting with disaster

The combination of growing cyberthreats and a widening preparedness gap is, like the conclusion of CSBN '21, nothing short of alarming. For evidence that we are flirting with disaster by failing to act, look no further than the "wide range of cyber-incidents" regularly reported in the news and by various formal enquiries. Only a few weeks ago, for example, just as we were digesting headlines about one of the biggest international ransomware attacks ever, in which the Russian REvil gang targeted the Kaseya VSA system to demand a total of 70 million from their victims, we also learned that a quarter of hospitals and municipal health services in the Netherlands don't even have basic security in place. "Websites and e-mails are not properly secured and care providers are using outdated, insecure technologies to send and receive files," we are told. Very basic shortcomings such as easily guessed passwords or the complete absence of password protection are not unusual, it seems.

Smart crime pays

Without the internet and the vast array of online services now available to us, the consequences of the COVID-19 pandemic would have been even more far-reaching. The positive aspects of 2020's hyper-digitisation, which has continued into 2021, have been a blessing for our economy and our society, I believe. However, hyper-digitisation clearly has a downside as well: our flight to online tools and services makes us vulnerable in ways that malicious actors have been pleased to take advantage of. And they will continue to do so. Because, sadly, smart crime often does pay. "Never pay a ransom if you're the victim of a hack," is sound advice. Because, if you do pay up, you're strengthening the 'business case' for crime, and some of your money will be invested in even more, even bigger attacks. But what are you supposed to do if following that advice will put you out of business and your staff out of work?

It really is high time to act

Anyone who allows themselves to think "it won't ever happen to us" is sooner or later (and probably sooner) destined to find that it does happen. Imagining that all cybercriminals will soon be locked up, or that the AIVD/NCTV/NCSC/THTC will protect us all, is self-evident folly. The authorities and anti-abuse organisations do their utmost to thwart internet criminals, but many inevitably elude justice. It's therefore high time that businesses of all sizes smartened up. It's vital to work with internal cybersecurity staff and/or outside experts to stay one step ahead of the crooks. Every company really does need to get their security in order. Starting with the basics and progressing to a considerably higher level. If we don't substantially upgrade our cyber-resilience, and soon, it's simply a matter of time before there is a hack whose consequences make those of the US Colonial Pipeline hack look like child's play; a hack whose impact – transmitted via global supply chains – extends far beyond our borders. And no one will be able to say that they weren't warned.

Cybersecurity isn't an inconvenient cost item

The government is certainly trying to improve things with regulations and supervision, but we should see that less as a desirable development and more as a reflection of our collective failure to find a better way forward. The onus is on potential victims to look after themselves. Cybersecurity should be high on the agenda of every company board and management team, and seen as a vital contributor to business operations and continuity, not as an inconvenient cost item. A company's cybersecurity specialist shouldn't be regarded as a humble ICT functionary; they should be reporting directly to the board. The first task is to get the basics in order by addressing issues such as those flagged up by the NCSC (see the link below) and by adopting secure internet standards. Risks should be identified and mitigating action taken. Awareness is also needed throughout the organisation, so that everyone understands the risks and the need for – and the value of – countermeasures. And every organisation should be ready to learn from and share knowledge with others. Sector-wide associations have an important role to play in that context.

Easier said than done?

As the operator of the .nl internet domain, we provide a service whose failure would be disruptive to the Dutch economy and Dutch society. Cybersecurity is therefore a subject that occupies us literally day and night. We invest substantial amounts of money, time and expertise in our digital resilience, and our investment is increasing year on year. That's not all we do, however. Our mission is to promote problem-free, opportunity-rich digital living for everyone. Fulfilment of that mission requires, first and foremost, that the .nl domain is one of the securest domains in the world. But it also means performing research, aiding the fight against cybercrime, actively promoting the use of secure internet standards, and running and funding a wide range of projects that contribute to safe and convenient digital living. And every contribution is very much needed, because there's a long way to go before digital living really is safe and convenient.

Roelof Meijer SIDN

Article by:

Portrait Roelof Meijer, CEO SIDN

Roelof Meijer

CEO