Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Hosting service providers have an important role in the security chain

A hacker's perspective

2 men in a data center
  • Tuesday 28 September 2021

Richard Klein has a background as an ethical hacker. As a security expert, he specialised in penetration testing and other techniques for probing an organisation's resilience to cybercrime. In 2014, together with René van Etten and an old schoolfriend, Richard started ThreadStone Cyber Security. One of their focus fields is testing the security of hosting infrastructures. ThreadStone Cyber Security is the developer of the Hosting Infrascan, a service that SIDN and the Registrars' Association make available to registrars.

How does someone become an ethical hacker?

Portrait of Richard Klein, Information Security Consultant at ThreadStone Cyber Security
Richard Klein, Information Security Consultant at ThreadStone Cyber Security

"I started in the banking industry, which had to develop a mature approach to cybersecurity at an early stage. In that environment, I learned a lot about the need for good security and how to test other companies' websites and business networks for vulnerabilities. I got the qualifications needed to work in that role, becoming a Certified Ethical Hacker (CEH) and Penetration Tester (LPT), and I started to focus more on the SME sector. I was drawn to the sector mainly because SMEs are apt to simply assume that their security is in order. And, if they do get hacked, they often don't know what to do. Prevention is better than cure, so what you really want is to make it easy for any organisation to periodically check their systems for vulnerabilities. So, at ThreadStone, we are always looking to enable system scanning with the lowest possible threshold. We also think carefully about how a hacker views a potential target's systems."

In your work, have you come across any cases that stand out for you?

"We did a project with TNO, where we swept the internet to build a picture of system vulnerabilities. I came across an estate agent's website where copies of clients' passports, purchase deeds and all sorts of highly sensitive data were just out there on the internet with no protection whatsoever. As well as illustrating how little security some firms have, the incident is a good example of the challenges you face as an ethical hacker: when we alerted the estate agent to the situation, they reported us to the police for computer intrusion. Fortunately, the police didn't take any action against us. They took the view that the estate agent needed to put their own house in order. I also remember coming across an employment agency and a dating site that had databases full of personal data with very little security. All sorts of sensitive information was readily accessible. We still come across things like that all too often."

What would you say is the biggest risk facing the business community?

"The risk landscape changes very quickly. Cybercriminals also differ in terms of their priorities and attack methods, and there's constant change there too. Nevertheless, I'd say that the biggest risk is not having a clear, up-to-date picture of your vulnerabilities. Many organisations rarely check their systems, if at all. But the fact is that your systems can be secure today, but vulnerable tomorrow. You really need continuous insight into your security status. As well as preventing problems by picking up vulnerabilities, system monitoring is very important for early issue detection. Every year, one in five organisations is now affected by some form of cybercrime. So it's very dangerous to think that it can't happen to you. You need to make sure that security breaches are picked up early in order to minimise the impact."

Are the risks faced by hosting service providers different from those faced by other firms?

"Yes and no. Technically speaking, the risks are the same. But hosting service providers occupy a special position. They look after numerous other organisations' operational systems and data. So, if a hosting firm gets hacked, there will often be direct implications for all the businesses whose websites and systems they host. Vulnerabilities in a hosting platform threaten not only the continuity of the hosting firm, but also the continuity of all that firm's clients. That might make a hosting service provider more attractive to hackers and other malicious actors than the average SME."

Do you have any advice for hosting service providers?

"Perhaps it's stating the obvious, but basically what's needed is to pay proper attention to security, including regular scanning for vulnerabilities. With the SIDN/RA Hosting Infrascan, the financial and time investments involved are very small. I would recommend focusing on the delta: the most useful insights come from the differences between the two latest scans. Comparison also shows you which measures are effective. Even scanning your systems just twice a year can provide a huge amount of valuable information. Information that enables you to define your priorities better, identify the easiest ways to reduce your risks and assess the effectiveness of the measures you take. One thing that we've noticed is that some firms opt to have some of their servers scanned, but not all. That's a risky strategy in my view, because security always depends on human input. If one individual forgets to patch one server, that's a weak link that could have serious implications for the entire set-up. Be very careful about assuming that, because all your servers are configured the same way, if one's fine they all are."

You take a keen interest in the psychology behind security strategies. Can you explain a little more?

"For years, I've been struck by the seeming absence of any sense of urgency within the business community. Large amounts are spent on securing business premises with alarm systems, CCTV and the like. But there's a reluctance to invest even relatively small amounts in protecting against cybercrime, even though the risks are as great or greater. After our webinars, we always do an anonymous survey. We ask respondents things like whether they are planning to check for vulnerabilities. By far the majority say that they intend to address their security. Even allowing for the fact that there's always a mismatch between what people intend to do and what they get round to doing, it's striking how few of those good security intentions are translated into action. I find that remarkable and worrying." "Another thing that strikes me is that businesses that have been attacked don't tend to share information about their experiences, or about how they responded. I think a lot of people are embarrassed to talk about incidents. But no one is going to hold it against you if you get hacked. People just want to know what you did about it. They generally appreciate transparency. If businesses shared more information, it would make it much easier to see where improvements can be made. We could all learn from each other."

Hosting Infrascan report

SIDN, the Registrars' Association and ThreadStone Cyber Security linked up to launch the Hosting Infrascan in June 2020. The service makes it easy for hosting service providers to regularly scan their servers for vulnerabilities. In May 2021, we published a report describing the main results achieved up to that point. The (Dutch) report is available from https://publications.sidn.nl/hostinginfrascan, and outlines:

  • The average security scores for the scanned businesses

  • The scope for improving security at businesses that had performed two scans

  • The main types of vulnerability detected

  • Feedback from scanned businesses