Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Half of all Dutch internet users now have DNSSEC-validating resolvers

"Root key rollover delay held up adoption for eighteen months"

  • Wednesday 10 June 2020

After eighteen months of stagnation, adoption of DNSSEC validation is once more on the up. Data from APNIC (the RIR for the Asia-Pacific region) shows that more than 25 per cent of the world's internet users now make use of validating resolvers. According to Geoff Huston, Chief Scientist at APNIC, global growth is mainly down to a small number of major Asian access providers activating validation. He believes that the dip in 2017-2018 was due to postponement of the root key rollover.

Validation has doubled in two years

Over the last two years, the proportion of the world's internet users who make use of validating resolvers has doubled. The figure is now more than 25 per cent. A further 9 per cent of users are with access providers that operate a mixture of validating and non-validating resolvers. As the chart below shows, it's only in the last two years that the growth in validating resolver use has really taken off. In the preceding eighteen months, adoption was actually declining.

Major Asian access providers

In order to understand what's bringing about growth, it's helpful to look at data for individual regions. It turns out that Asia has been the main driver of growth. The region has seen adoption go from 5 per cent to 24.

According to Huston, there has been large-scale consolidation of the internet access market. As a result of restrictions on the number of available frequencies, the typical pattern is now three big telecom operators per country. "Just sixteen service providers provide internet access for one-third of the global internet user population." Consequently, if one of those sixteen companies introduces validation, it has a discernible impact on global adoption. According to Huston, that's what happened when Deutsche Telekom and India's Reliance Jio enabled DNSSEC validation for their customers last year.

Validation by KPN

In the Netherlands, a similar national-level effect was apparent when KPN switched on validation for mobile and landline customers earlier this year. At a stroke, validation was enabled for 30 or 40 per cent of Dutch internet users. As you'll see below, 50 per cent of Dutch users are now served by validating resolvers. Whereas in the past we have often expressed concern about the slow validation-side adoption of DNSSEC in the Netherlands [1, 2], the country is now fairly average compared with neighbouring countries.

Country

Percentage of domain names signed with DNSSEC

Luxembourg

75%

Switserland

62%

Germany

55%

The Netherlands

50%

Belgium

40%

France

36%

Austria

19%

Table 1. DNSSEC validation in Western Europe [source: APNIC].

The .nl zone

As reported on our own DNSSEC stats page, 48 per cent of global queries for the .nl zone now come from validating resolvers. The first graph below shows that, over the last few years, growth has been approximately linear. However, the (absolute) number of validating resolvers querying our name servers has increased exponentially in the last two years. That suggests that smaller resolvers have recently started validating as well.

The boost provided by KPN enabling validation isn't discernible in the first graph because Dutch resolvers account for a relatively small proportion of all the resolvers querying our DNS servers. As you can see below, only 9 per cent of the (validating) resolvers are in the Netherlands. The vast majority of (DNSSEC) queries originate from the 'Big Internet'.

Rollover postponement

Huston argues that postponement of the root key rollover was responsible for the global dip in DNSSEC validation in the period prior to the recent upturn. Although the rollover eventually went through without a hitch, its implementation was put back from September 2017 to September 2018, due to fears that many resolvers hadn't installed the new KSK-2017 trust anchor. As a result, some operators delayed the introduction of DNSSEC validation until after the rollover. Others will have opted to minimise risk by temporarily disabling validation pending successful completion of the rollover. Having been put on hold for a year, necessitating retesting in some cases, the introduction of validation will also have slipped down the priority list in many organisations.

Slow adoption of internet standards

Last year, the international Internet Governance Forum's (IGF's) Multistakeholder Advisory Group (MAG) launched an investigation into the slow adoption of internet standards. The study findings were published recently. Significant contributions to the study were made by various members of the Dutch internet technology community, including ECP, Olaf Kolkman, the Ministry of Economic Affairs, SURFnet, DINL and SIDN. In some cases, it has taken not years but decades to get a new internet standard into widespread use. For example, despite being around since 1998, IPv6 is only now getting firmly established. Similarly, the current DNSSEC standard was published in 2005, but it has been fully embraced only in a small number of top-level domains. One of the main factors influencing adoption is apparently the presence of an incentive scheme, such as the one we have for .nl. The IGF study participants report that the main issue holding up the adoption of new standards is the absence of a persuasive business case. Improved security is hard to quantify and difficult to sell as an add-on. That conclusion fits in with the rationale for and success of incentive schemes. The study report's authors highlight three reasons why there is no market pressure to introduce new standards:

  • Internet standards are not formal (legal) standards; legislation is designed to protect consumers, but consumers are the stakeholder group furthest removed from the standard development process

  • Internet standards are developed by a small technical community whose members have little contact with external stakeholders, while implementation depends on the commitment of people outside that community

  • Internet security and internet architecture are not included on university curriculums

Enabling the validation option

On the adoption of DNSSEC validation, Huston is encouraged by the fact that resolvers are enabling the DO-bit in more than 90 per cent of queries. In other words, they are asking not only for the primary records, but also for the associated digital signatures. The implication is that most resolvers support DNSSEC, and simply need the validation option enabled. Interestingly, Eric Rescorla, the CTO responsible for Firefox, recently said that he was open to the implementation of DNSSEC validation in the browser. That would effectively extend the protection afforded by DNSSEC all the way to the end user, including 'the last mile'. Such a move could also accelerate the introduction of DANE for the web. Anyone wanting to enable DNSSEC validation on their resolver will find plenty of practical help on our DNSSEC page. The available resources include hands-on guides to implementation in Unbound, Infoblox, PowerDNS and BIND.