Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

CGNAT frustrates all IP address-based technologies

IPv4 is creaking at the seams

Abstract, futuristic cyberspace with a hacked array of binary data
  • Thursday 4 July 2019

CGNAT is a godsend for all internet access providers who have no IPv4 addresses left to assign to customers. At the same time, it's a serious impediment for police services and security tools. Whereas it was once possible to assume that an IP address was linked to a single customer, it can now be linked to thousands. As a result, many IP-based technologies and approaches no longer work properly.

CGNAT

In recent years, major access providers have switched en masse to carrier-grade NAT (CGNAT). In CGNAT, multiple NAT layers are superimposed to give a large number of users access to the internet via a small number of public IPv4 addresses. CGNAT's technical name – NAT444 – alludes to how the technology works: as with traditional NAT (NAT44), the end user is assigned a non-routable address from the private series defined in RFC 1918. However, whereas there used to be a "true" public IPv4 address on the uplink side of the user's modem, there is now an intermediate network operated by the access provider. In RFC 6598, IANA released the address block 100.64.0.0/10 specifically to make that possible. The block can be used by all access providers and is therefore exclusively for local routing. The intermediate network includes not only end users' routers or CPEs (with private addresses on both sides), but also the CGNAT gateways via which the CPE routers access the internet itself. Although, for performance reasons, the procedures for address translation between the various address spaces is not entirely random – CGNAT gateways often assign static external port series to subordinate NAT44 routers – the arrival of CGNAT has made it much harder for anyone on the outside to link a particular address-port combination (connection) to an individual user on the subordinate network. Making such a link requires the provider to combine the translation steps made on the two distinct NAT layers.

Security problems

Although IPv4 is now creaking at the seams, the arrival of CGNAT has delayed the old system's demise still further. And that has significant drawbacks. As well as restricting applications by making users unreachable from the internet – with the result that peer-to-peer connections are hard to establish [1, 2], – CGNAT creates security problems. The reason being that identification, filtering and configuration have traditionally been based on IP addresses, not on address-port combinations. One practical outcome is that government agencies find it harder to identify criminals behind particular IPv4 addresses. According to Europol, access providers are no longer able to meet their legal obligation to provide details of the account holder linked to a given connection. Because, in some cases, a single IPv4 address is shared by thousands of users. As a result, the agency says, investigations often involve examining and tapping the connections of many more people than really necessary.

Interference

Another example of the security problems linked to CGNAT comes from the gaming world. It seems that fanatical gamers will sometimes go as far as to order a DDoS attack to take out an opponent. However, efforts to tackle such practices by blacklisting are frustrated in emerging economies such as Brazil, where IPv4 addresses are extremely scarce, because blacklisting a single address can disable an ISP's entire network. Similar "resolution problems" affect the entire spectrum of systems for blacklisting/whitelisting and reputation management, because almost all such tools use the IP address as the primary identifier. The malicious activities of an individual user or infected device (DDoS attacks, spamming, scanning, etc) can therefore lead to a large number of users who share that individual's IP address all being blocked. Conversely, numerous users accessing an online service from the same shared IP address can be mistaken for an attack, prompting an anti-spam/abuse system to deny them all access. Finally, consider the OpenDNS filtering service. The OpenDNS dashboard allows you to set up filters for the IP address you use to send DNS queries. However, if you are one of multiple users sharing an IPv4 address, the various configurations are liable to interfere with one another. For the simple reason that the DNS resolvers have no way of distinguishing between the users sharing that public address. So, for example, you are liable to see other users' queries on your dashboard and your activities may interfere with their service access.

Government intervention

Clearly, IPv4 is now on its last legs. Although there are many compelling technical and economic reasons for accelerating the transition to IPv6, we expect that it will ultimately be security considerations that persuade governments to intervene. In the EU, the European Commission's cybersecurity strategy is likely to be a significant factor. In a document entitled 'Resilience, Deterrence and Defence: Building strong cybersecurity for the EU', the Commission explains how the EU wants to promote the adoption of IPv6. The ultimate aim is to have one user per IP address to facilitate the investigative activities of the police and security services. Procurement policy, research and project funding, and covenants will be used by the Commission in pursuit of its goals. Here in the Netherlands, the Ministry of Economic Affairs is currently looking at ways of energising the country's tardy migration to IPv6.