Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Check your resolvers: KSK-2010 trust anchor phased out

  • Tuesday 12 March 2019

Following the successful rollover of the root KSK pair last year, all that remains is to phase out the old trust anchor. ICANN, the administrator of the root zone, is currently making the final preparations for deletion of the old key pair. Validating resolver operators should therefore verify that the old trust anchor has in fact been deleted from their systems.

Rollover

The actual rollover of the KSK pair for the root zone took place last autumn. Since 11 October 2018, the old digital signature (KSK-2010) has not been used to validate the DNSSEC chain, and the new signature (KSK-2017) has been used instead.

The switch to the new signature was the most critical point in the entire process, because validating resolvers needed to have a (guaranteed identical) copy of the new signature installed as a trust anchor in order to continue validating the signatures linked to DNS records after 11 October. It was due to fears that not all resolvers might be ready that the switch was postponed for a year. And it was with good reason that, during the actual rollover, SIDN Labs monitored the performance of DNSSEC on a minute-by-minute basis through the Root Canary project. The initial evaluation by ICANN, the administrator of the zone, was published earlier this month.

Phase-out

Following the successful rollover, what remains is the phase-out of the old KSK-2010 trust anchor. The old key was officially revoked on 11 January 2019. Validating resolvers that support RFC 5011 should by now have automatically deleted the revoked trust anchor. On 22 March 2019, KSK-2010 will be completely removed from the root zone. That is unlikely to cause any problems, since the key pair has not been used to sign DNS records since 11 October last year. In the months since, the KSK-2010 will have been completely removed from ICANN's HSMs, enabling completion of the entire rollover process after three years.

For validating resolver operators, it is therefore important to verify that the old trust anchor has indeed been deleted from their systems. Although the KSK-2010 private key has never left the HSMs and has not been compromised (as far as anyone can tell), the presence of old key material is inevitably liable to be a source of future insecurity and confusion.

Deleted?

For advice on checking the trust anchors currently in use, tailored to the various DNS resolvers, refer to the article that we published in the weeks prior to the actual rollover. If the old KSK-2010 (key ID 19036) is still present and active as a trust anchor, it will need to be deleted manually. For guidance on how to do that, refer to our article on installation of the new trust anchor.