Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Advice on securing your IPv6 network

Without (CG)NAT, firewall configurations require review

Concept of a padlock in a digital environment
  • Tuesday 11 January 2022

IPv6 is very like IPv4, but with a much bigger address space. Although the two protocols are fundamentally similar, it's important to consider certain network security aspects when implementing IPv6. One key difference between an IPv4 network and an IPv6 network is that with IPv6 you probably won't be using Network Address Translation (NAT): each device will have its own unique, routable address. What's more, IPv6 addresses are, as far as possible, assigned automatically. That means paying more attention to IP Address Management (IPAM) solutions, reviewing the configurations of firewalls, screening routers, proxies and demilitarized zones (DMZ), and filtering on the basis of domain name (reputation) rather than IP address. As well as addressing generic problems, RFC 9099 tackles an enormous laundry list of more detailed, operational aspects of IPv6 network security.

Automatic address assignment

While automatic address assignment for IPv4 is usually based on DHCP, for IPv6 the function is performed primarily by means of Stateless Address Autoconfiguration (SLAAC) and the Neighbor Discovery Protocol (NDP). That involves routers publishing the network prefixes for connected network segments in Router Advertisements, with each individual device generating a unique interface identifier to complete the IPv6 address. Duplicate Address Detection (DAD) ensures that an interface identifier isn't already in use by another device on the same network segment: before adopting a new IPv6 address, an interface has to check whether other hosts are using or intend to use it, by sending round a special multicast message. Note that, by using Privacy Extensions for example, interfaces can simultaneously have multiple IPv6 addresses with the same prefix. It is recommended that an interface at least has distinct IPv6 addresses (identifiers) for distinct functions (applications) on a given system. The basic principle is that routers are responsible for network prefixes. A router can delegate some of that responsibility to hierarchically subordinate routers (prefix delegation). Individual devices then generate their own unique interface identifiers. Thus, address assignment is largely automated, and the renumbering of an entire network is simplified. The security and privacy considerations associated with IPv6 address generation are discussed in RFC 7721.

DHCPv6

DNS resolver publication is also handled by the routers in line with the NDP. However, the later DHCPv6 protocol can be used for the same purpose. DHCPv6 is used for various other purposes as well, such as generating additional IPv6 addresses for multicasting, and setting various parameters for IPv4-IPv6 transition mechanisms.

No NAT

Because every device has its own unique, routable address, NAT is not required with IPv6. The implication is that, when IPv6 is used, each individual device is accessible from the internet. Firewalls therefore have a more important role in preventing systems being scanned and attacked: a function that is often inappropriately left at least partly to NAT on an IPv4-based network. The same applies to screening routers, proxies and the DMZ: all security measures that were standard practice when individual computers could still obtain routable IPv4 addresses. The universal use of routable addresses also makes it important to ensure that internal traffic is not unintentionally routed externally, via the public internet. Other points to note are that, because of their length, IPv6 addresses are difficult to read; network prefixes consist of three levels, for the organisation, its branches and subnetworks within the branches; and filtering on the basis of individual addresses (blacklisting/whitelisting) is no longer possible (prefix-based filtering is the only option). The formulation of a number plan is therefore a vital element of any IPv6 implementation.

RFC 9099

RFC 9099 discusses the practical, operational security aspects of IPv6, mainly in relation to business networks and service providers. As such, it supplements RFC 4942, which deals with the security elements of the IPv6 protocol itself and the transition mechanisms. It's worth noting that many of the issues covered by RFC 9099 are particularly important for software developers and hardware vendors. Examples include tackling illegal DHCPv6 servers and spoofed NDP messages designed to inject false information into a network (or network segment) or mount a Denial-of-Service (DoS) attack. Interestingly, RFC 8273 includes an address scheme where each end user is assigned a unique prefix, so that they can communicate with each other only indirectly, via a router.

Relevant sections

RFC 9099 deals with dozens of topics and includes references to the numerous corresponding RFCs. When you have opportunity, we advise going through the entire document to see which sections are relevant to your particular situation. For example, the section on logging/monitoring/auditing is likely to be relevant to most readers, but where the sections about transition mechanisms are concerned, you probably need to read only the parts that deal with technologies you actually (intend to) use.

The operational security aspects for dual-stack and the IPv4-IPv6 transition and translation mechanisms (for business networks) were considered in RFC 7123. RFC 6169 plays a similar role in relation to the general topic of IP tunnelling. And RFC 3964 addresses security aspects specific to 6to4, with supplementary operational guidance in RFC 6343.

Light at the end of the tunnel

With its automatic address assignment, IPv6 is designed to simplify network management. Furthermore, the adoption of IPv6(-only) enables operators to do away with workarounds such as NAT, CGNAT and SNI. Nevertheless, because we're currently transitioning from IPv4 to IPv6, the temporary implementation of various rather complex transition mechanisms on our networks is unavoidable. Unfortunately, the complexity of those mechanisms brings its own administrative burden and security challenges. However, there is light at the end of the tunnel: IPv6 is now in widespread use all around the world. Roughly a third of Google visits are IPv6-enabled, and the proportion is increasing by about 5 percentage points a year.