Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

DNSSEC adoption heavily dependent on incentives and active promotion

Adoption rate tops 50 per cent in some zones, but much lower in most

  • Wednesday 25 March 2020

Schemes that incentivise the signing of domain names with DNSSEC have been very successful at promoting adoption. However, it's clear from the huge differences between TLDs with incentive schemes and TLDs without that little happens when no such scheme is in place.

The graph below shows the progress of DNSSEC signing in the European top-level domains (TLDs) with the best adoption rates. Like our own .nl zone, the Czech, Norwegian and Swedish TLDs all have adoption rates exceeding 50 per cent.

Change in the number of DNSSEC-signed domains in TLDs over time (sources: www.statdns.com, CENTR and individual registries)

It's not by chance that the TLDs in question are doing so well. For some years, SIDN has been a major contributor to development of the DNSSEC standard, as have the Swedish registry Internetstiftelsen and the Czech registry CZ.NIC. We have also supported the development and deployment of DNS(SEC) software by various direct and indirect means. The widely used packages PowerDNS [1, 2], Unbound, NSD and OpenDNSSEC were all developed in the Netherlands, for example. CZ.NIC has pursued similar policies with the development of Knot DNS, Knot Resolver and the DNSSEC/TLSA Validator (the last of which is no longer being updated).

Incentive schemes

However, the main driver of DNSSEC adoption has been incentivisation: schemes where registrars are charged lower fees for signed domain names than for unsigned domain names. The Swedish, Czech and Norwegian registries are all amongst those that operate such schemes. Meanwhile, the sharp rise in DNSSEC use in the .nu zone (now popular here in the Netherlands) is almost certainly down to the fact that it's operated by the Swedish registry. In fact, the DNSSEC incentive scheme that we set up in 2015 was to a significant extent inspired by the Swedish and Czech schemes. "DNSSEC was our first incentive scheme and has been a great success," says SIDN's CEO Roelof Meijer. "It's led to us following up with similar schemes to promote IPv6, e-mail security standards and the sustainable use of domain names. Such initiatives make a vital contribution to the security and resilience of the .nl zone."

Added value

The influence that active registry involvement and incentivisation have on the adoption of DNSSEC is underscored by the extension's use – or lack of it – in the international gTLDs .com, .net, .org and .info. In all those zones and many others, DNSSEC is barely used at all. According to Frederic Cambus, maintainer of the StatDNS portal, the explanation is partly the complexity of DNSSEC and partly the absence of any direct benefit. "The DANE protocol might have provided a direct benefit. But it's increasingly clear that web browsers aren't going to support DANE any time soon." Distinction should be made, however, between DANE for web and DANE for mail. The latter secures mail transmission by using the TLSA record to pin a mail server's TLS certificate in the DNS. Thus, DANE builds on the security infrastructure provided by DNSSEC.

Infrastructure

Although schemes that incentivise the signing of domain names with DNSSEC have been very successful at promoting adoption, it's clear that little happens when no such scheme is in place. "In TLDs that don't have incentives, any growth in adoption appears to be a side-effect of something else," says Marco Davids, Research Engineer at SIDN Labs. "For example, use in .com and .eu went up when TransIP switched on DNSSEC in order to get the .nl incentive." While much remains to be done, Davids stresses that a lot has been achieved in recent years. "There are plenty of validating resolvers in use and DNSSEC is supported by almost all TLDs. Anyone who wants to secure a domain name with DNSSEC can do so, and anyone who wants to do validation can do so. The infrastructure is there. Meanwhile, here in the .nl zone, more than half of all domains are now signed. And, at the start of this month, KPN enabled validation for all its broadband and mobile customers. That meant that validation was enabled at a stroke for 30 or 40 per cent of Dutch internet users."

Norid's approach

Norwegian registry Norid introduced DNSSEC at the end of 2014, when support for the security technology was added to most DNS software. "We chose to do it as an infrastructure upgrade," recalls CEO Hilde Thunem. "So it was not required that registrants were aware of the technology or that they actively requested the security upgrade for their domains. Our main priority was to enable and motivate the registrars to sign the domains they were responsible for. In order to do that:

  • We clarified the registrar agreement to make it clear that they could choose to sign the domains in their registrar accounts without getting consent from the holder first. (We did recommend that registrars that planned to sign all domains in their accounts should inform new and existing customers, and preferably make appropriate provisions in their customer contracts.)

  • We organised and paid for a two-day training course in DNS and DNSSEC for registrars that wanted to attend.

  • We upgraded the free EPP client we provide to the registrars by adding DNSSEC support.

  • We provided a financial incentive for registrars that secured domains in their portfolios in the first two years. We did the discount twice a year for two years (and then added a last 'bonus discount' in December 2017 as well). During the discount period, a domain that was signed throughout a whole year gained the registrar a discount of 10 per cent of the registration/renewal fee.

  • We did a few initiatives directed towards other groups than the registrars:

    • We organised and paid for a full-day training course in DNSSEC validation for ISPs and large name server operators that wanted to attend.

    • We made a video explaining how DNSSEC works, which could be used to explain the technology to registrants."

"However, motivating the registrars was our first priority," emphasises Thunem. "As you will see from the numbers, this was effective in getting a large percentage of the domain names signed within a few months after the introduction of DNSSEC, and the percentage has kept at that level. However, the degree of implementation among registrars varies considerably. In September 2018, the ten registrars with the highest numbers of signed domains accounted for 98.4 per cent of all signed domains. While we do not currently have an updated statistic on this, I do not expect it to have changed significantly."

StatDNS

The graph above is based on historical information provided by StatDNS and data made available by individual registries. Although such information is also recorded by CENTR, the association of European ccTLD registries, CENTR's data is not available to the general public. "StatDNS is a DNS research project that provides statistics, sources and open-source DNS tools (StatZone and RRDA)," explains Cambus. "We issue monthly reports on glue records, domain names, name servers and DNSSEC in the TLDs." "The figures are calculated from the zone files. When I started doing this in 2011, I had to complete a form for each TLD and send it in by fax. Now information on an increasing number of gTLDs is available via ICANN's Centralized Zone Data Service (CZDS)." "It's a very different picture where the ccTLDs are concerned. Internetstiftelsen publishes the zone files for .se and .nu, but none of the other registries do the same. I wish they would!"