Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Access control is the cherry on the RDAP cake

RDAP for .nl is operational, with phase 2 planned for next year

Hand putting a cherry on a cake
  • Monday 16 December 2024

Next year, we'll decide on the best way to proceed with implementation of our RDAP service. Having been developed in house, the existing software is tailored to the situation in the Netherlands, the conditions that apply here and the processes used. We can press ahead with that software, or we can switch to the RDAP software that's part of the Fury RSP platform we're developing in partnership with Canadian registry CIRA. Once we've decided which way to go, we can get to work on RDAP access control.

Numerous users – particularly the big players that are already familiar with the protocol – have already switched to RDAP. Although the old Whois service will remain operational for the time being, we advise Whois users to migrate to RDAP. Whois is an outdated, insecure and cumbersome protocol. By comparison, RDAP has significant advantages, particularly its use of the JSON format, and the access control functionality it offers. "Everyone's got to switch sooner or later. So you might as well do it sooner, and start getting the benefits of RDAP right away."

RDAP v. Whois

The Whois protocol is more than 40 years old and seriously outdated. It has no authentication or security features at all, there are no rules on the formatting or contents of queries and responses, and it doesn't support Internationalized Domain Names (IDNs). Over the years, some of those shortcomings have been addressed by workarounds such as 'domain privacy' services, rate limiting and regular expressions, but these are merely makeshift solutions. The system also lacks a complete, up-to-date overview of all domain name information. What's more, its availability will become an issue once the phase-out of Whois begins in 2025. Any gTLD operators that continue to provide Whois services beyond that date will have to ensure that they continue to meet all ICANN's SLA requirements.

RDAP is a modern protocol designed to resolve the drawbacks of Whois as far as possible. The crucial differences between RDAP and Whois are that RDAP is accessed as a web service, and that its structured output data uses the readily readable and processable JSON format.

Another important feature of RDAP is tiered access control. If you're not logged in, you can only see basic data. When you are logged in, the additional information available to you depends on your status. A police force, for example, has greater access rights than a registrar. The rollout of access control will form phase 2 of our RDAP implementation. That will involve adding support to the software, and in due course registering all users and providing them with logins.

Martijn Sanders
Martijn Sanders, Product Owner at SIDN

Mandatory

We've provided RDAP services for the .amsterdam and .politie domains since 2019, handling the technical administration in house. Because those are generic top-level domains (gTLDs), the services fall under the ICANN regime, in the context of which RDAP was mandatory at that time.

Shortly after introducing those services, we began offering an experimental RDAP service for the .nl zone. Country-code domains (ccTLDs) don't have to follow ICANN's rules, and therefore have much more scope for defining their own policies, guided mainly by RFCs published by the IETF. "Naturally, our implementation was aligned with the relevant RFCs," says Product Owner Martijn Sanders. "We used the leeway allowed by the RFCs to make various adaptations, so that we could also validate our software against ICANN's compliance tool."

RDDS in transition

The current infrastructure of our Registration Data Directory Services (RDDS) clearly illustrates that we're in the midst of a transition. In order to protect confidential information, we previously set up multiple Whois systems, which run in parallel, each protected by its own IP address whitelist. We have in effect created our own tiered access system, where the Whois data accessible to the general public is not the same as that accessible to registrars, for example. We're using the same IP address whitelists to protect our RDAP systems until access control functionality is added.

The RDAP infrastructure also forms the basis for the information currently provided by our Whois systems. The existing Whois servers are merely a Whois front end, which interfaces with the RDAP systems by means of middleware.

"Our main reason for wanting to move ahead with phase 2 of the RDAP implementation is the IP address whitelists," says Sanders. "Reliance on whitelists implies all sorts of restrictions. For example, a user can't log in from any location other than their normal place of work. Keeping the lists up-to-date is also a labour-intensive task, even though we've created a little tool that simplifies the job of updating the firewall settings when an IP address needs to be added or removed."

A million queries a minute

Last spring, the RDAP service for .nl became formally operational, albeit without any access control features. The RDAP services for .politie and .amsterdam have been live since 2019 but will soon be updated with our latest release. "At this stage, our main aim is to see how our RDAP implementation performs," Sanders continues. "That's important because our domain information systems sometimes receive a million queries minute. The high traffic volumes are generated by drop-catchers continually polling existing domain names that are due to be released for re-registration. Drop-catchers are particularly interested in popular names like computer.nl and fietsenwinkel.nl. We try to manage the traffic levels using SLAs and rate limits, but registrars find all sorts of workarounds. One is to send queries from the cloud, and then immediately make a registration from their own system when a domain name is released. However, our firewall will see a flood of queries as a major DDoS attack, and will pull up the drawbridge in response. Unfortunately, when that DDoS filtering mechanism kicks in, the whole service becomes unavailable for a while."

"At the moment, it's very difficult for us to properly control inappropriate use of the systems. Although our RDAP implementation seems capable of handling the high volumes of queries with just the occasional hiccough, the traffic generated by drop-catchers does create problems for other users. With Hello Registry (the new name for Fury), it's possible to set up a separate environment for registering newly released domain names. If we go down that path, drop-catchers won't have any reason to use RDAP to check a domain name's availability, so their activities will have much less impact on our services. Instead of 50 million queries a day, RDAP would have to process no more than 100,000. We're currently considering the best way of realising a set-up like that for .nl domain names."

"The Hello Registry platform has its own RDAP implementation. Next year, we'll decide whether to press ahead with the RDAP software we developed ourselves, or to switch to the Hello Registry RDAP system, and help to refine the functionality of that. Once that decision has been made, we can get to work on RDAP access control."