I am looking for a domain name registrant. Where can I look it up?
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
I would like to transfer my domain name to another registrar. What is the procedure?
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
The details registered about me/my company are incorrect or out of date. How can I get them updated?
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
Why is my domain name in quarantine?
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
What conditions do I have to meet as a registrar?
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
BIND named 9.16 includes new DNSSEC Policy functionality
Monday 13 January 2020
The developers of BIND named have completed the last step in the automation of DNSSEC (signing). From version 9.15.6, policies for key management and zone signing can be specified in the configuration file named.conf. The software will then automatically ensure that signatures (RRSIG records) and ZSK/KSK pairs are always up-to-date. As a result, scripts and cron jobs are no longer necessary to keep signed zones updated.
From version 9.15.6 of BIND named, you can specify a 'dnssec-policy' in named.conf. That's done by adding a statement to the zone configuration, as follows:
zone "example.nl." {
type master;
file "db.example.nl";
dnssec-policy "dnssec-policy-1";
};
The DNSSEC policy in turn points to a definition in the global configuration:
The current form of key management was introduced to BIND named in versions 9.7 to 9.11, inclusive, and is described in detail in this hands-on article. It began with the automatic (re-)signing of zones in versions 9.7/9.8 ('auto-dnssec maintain'), which was further incorporated within the code base in versions 9.9/9.10 (Inline-Signing).
From version 9.11, key management was also automated by means of the 'dnssec-keymgr' command and associated policy file. That meant that the entire DNSSEC set-up was confined to the BIND configuration files, with just one final cron job for generating new key pairs (where necessary) using the 'dnssec-keymgr' command.
Much easier
Starting with BIND version 9.11, it was therefore much easier to enable DNSSEC than it had been with pre-9.7 versions, which supported DNSSEC but without any automation. With those earlier versions, you had to write and install your own scripts and cron jobs, or steer away from BIND altogether and use OpenDNSSEC to generate signed zone files. If you went for the latter option, BIND named simply had to (periodically) load and serve the signed zones.
According to Mekking, both methods will remain available for the time being, but the intention is to phase out the 'dnssec-keymgr' command in due course. Auto-DNSSEC and Inline-Signing will ultimately go as well. The associated options 'auto-dnssec maintain;' and 'inline-signing yes;' – which most users will currently have in their configuration files – will not then be compatible with a 'dnssec-policy' configuration (with the result that named-checkconf will give an error message).
"The idea behind DNSSEC Policy is that all DNSSEC (signing) options are included in a single statement, making the configuration much more straightforward," explains Mekking. "The DNSSEC Policy functionality isn't yet complete – it doesn't cover NSEC3, for example – but the missing features will be added to version 9.16 in the course of this year."
