Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

DNSSEC-validating DNS service: successful pilot completed

  • Monday 3 September 2018

For the last two years, we've been piloting a DNSSEC-validating DNS service. The main aim was to build up our own picture of the problems caused by validation errors. Five years ago, the number of DNSSEC configuration errors in the .nl zone represented a problem for validating resolvers. We therefore implemented a raft of measures to remove errors from the zone. However, access providers continued highlighting the errors as a reason for not enabling DNSSEC validation on their resolvers.

The pilot's second aim was to assess the viability of us making a validation service more widely available. Offering a service would plug the gap left by the access providers and create a non-commercial alternative to Google's Public DNS. With the added benefit of fully assuring users' privacy.

In the period 2013-2014, validation errors were a major obstacle to the further development of DNSSEC in the Netherlands. The .nl domain's pioneering role in promoting the signing of domain names deflected the focus away from validation. The outcome was an imbalance between the two sides of DNSSEC: signing and validation.

At that time, there were too many domains whose key material, as registered with us, didn't match the information on their authoritative servers. That created issues for supportive access providers. They were confronted by problems and costs, for which other people's configuration errors were to blame. And they were powerless to put those errors right. So, for example, T-Mobile disabled validation for its mobile users in 2013, after previously supporting DNSSEC.

Cutting out the errors

Against that background, we put various measures in place to cut out validation errors. We called the registrars responsible for the most errors (2013), after which the situation rapidly began to improve (2014). A little later (in 2015) we rolled out Validation Monitor XXL: a tool that enabled us to identify and remove the remaining few DNSSEC configuration errors from the .nl zone. It also meant that we had a basis for offering registrars a financial incentive for getting their DNSSEC configurations right."There's now no reason why access providers shouldn't enable DNSSEC validation on their caching resolvers," said Technical Advisor Marco Davids at the time. "They don't need to worry any more about getting lots of helpline calls from customers who can't reach websites. It's now up to the country's big providers to press the firms that manage their network infrastructures to start supporting validation."

Pilot

Although validation errors haven't been a real issue since 2015, access providers still point to the errors to defend not enabling validation on their resolvers. At the moment, XS4ALLBIT and Edutel are among the few access providers who do perform validation for their customers.With access providers so reluctant to support DNSSEC, we decided to start a pilot DNS service of our own in July 2015. Fibre broadband company OpenFiber set up two (redundant) DNS resolvers to operate the service, one in Arnhem and the other in Amsterdam. Initially, the servers were used by a thousand-plus students at a secondary school in The Hague (Haags Montessori Lyceum, or HML). Later, OpenFiber made the service available to all its FttH (Fiber to the Home) customers.The pilot came to an end in November 2017. Service users were transferred back to OpenFiber's own resolvers, which now support DNSSEC validation.

Almost no errors

"The main thing we've learnt from the pilot is that you hardly ever see validation errors nowadays," says SIDN's Key Account Manager Sebastiaan Assink. Over a period of about eighteen months, a total of 849,182,522 queries yielded 25,160 unintended validation errors involving 4,778 unique domain names. That's about thirty per million, five orders of magnitude less than in 2013. In practical terms, validations errors are all but non-existent."During the two years that the project was running, we didn't get a single support call about a website that didn't work via our connection, but was accessible by mobile," recalls Kasper Schoonman, OpenFiber's co-owner.

Another outcome of the pilot is that it's been decided that the validating DNS service won't be developed into a full-scale public service. "The pilot was a success, but it's now been brought to a close. We're glad to see that the number of providers doing DNSSEC validation is increasing, albeit slowly," says Sebastiaan.

Brake on innovation

"Although validation errors haven't been a problem for years, access providers are sitting on their hands," sums up Sebastiaan. "The biggest of them, including KPN and Ziggo, still don't do DNSSEC validation. It's a brake on innovation. New DNS/DNSSEC-based applications, such as DANE, DKIM, DMARC and SPF are being held back.""We don't have a direct commercial relationship with the access providers, so unfortunately it's hard for us to exert any leverage. Nevertheless, we'll keep promoting awareness and keep lobbying for change."