Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Could DNSSEC have protected the DNS against recent attacks?

ICANN called for the adoption of DNSSEC

Green key in a digital background
  • Tuesday 5 March 2019

It was recently revealed that cybercriminals had attacked the Domain Name System (DNS) with the aim of intercepting commercial and governmental internet traffic. Following the attacks, ICANN called for the adoption of DNSSEC, saying it would effectively frustrate any similar assaults in the future. The call received a mixed response, with some people questioning DNSSEC's ability to provide protection when – as in the reported cases – the attacker has the DNS provider's log-in details.

DNSSEC validates a responding name server

DNSSEC is a protocol that uses asymmetric cryptography to validate the data provided by a DNS server. Ordinarily, a computer will accept the first reply it receives, without checking that the sender is trustworthy. That's obviously a security issue, which is why DNSSEC was developed.

DNSSEC doesn't identify the server

DNSSEC doesn't confirm a server's identity, as an EV TLS certificate does. If a DNS server is hacked, the hacker can ultimately negate the benefit of DNSSEC by replacing the 'real' DNSSEC data with data that appears to be valid, but doesn't really belong to the DNS record in question. Under such circumstances, DNSSEC is merely a fire retardant: the hacker has to change a lot more data in order to redirect the traffic. What's more, the hacker's changes will soon be picked up, because the falsified data won't match the data in the zone file (e.g. the .nl zone file managed by SIDN).

Validation necessary

DNSSEC is effective only if internet users whose machines send DNS queries do actually validate the DNSSEC data that they get in response. That can be done using a service such as Google Public DNS, CloudFlare DNS or Quad9. However, many internet service providers don't yet support validation. That's down to them being unfamiliar with the standard and/or seeing validation as a low priority.

DNSSEC isn't a panacea

Conclusion: DNSSEC can certainly help to frustrate attacks on the DNS when it's used as part of a raft of measures including TLS. ICANN recognises that DNSSEC isn't an answer on its own, and describes it as part of a package of protection measures.