Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

HTTPS and HSTS now mandatory for all Dutch public and semi-public bodies' websites

DNSSEC probably the next standard to be mandated

'HTTPS' in address bar of browser screen
  • Tuesday 5 September 2023

Earlier this year, the Dutch parliament passed the Digital Government Act, known as the Wdo. The act (finally) enabled the government to make the use of modern internet standards mandatory for public and semi-public bodies. The Act was soon followed by the Decree on Secure Connections to Government Websites and Web Applications', effective from 1 July. Under the decree, the operators of relevant services are required to implement HTTPS and HSTS support, in line with NCSC guidelines [1, 2].

Too much scope for discretion

Support has been mandated because previous policies and agreements have failed to bring about the universal adoption of the standards in question, or various other security standards. HTTPS en HSTS have been on the Forum for Standardisation's 'use-or-explain' list since May 2017, and TLS has been on the list for even longer. In principle, therefore, government bodies have been more or less obliged to secure their (public) websites with HTTPS and HSTS for several years.

In 2018, the Pan-governmental Digital Government Policy Liaison Forum (OBDO) produced an additional Joint Ambition Statement on HTTPS and HSTS, in line with which all government sites should have adopted those standards by the end of 2018.

Negligible cost

However, the Forum for Standardisation's most recent Information Security Standards Survey, conducted at the start of this year, found that the target had still not been met: roughly a quarter of all TLS and HSTS configurations were not up to scratch.

Bar chart showing government adoption rate by web security standard

Failure to adopt would be more understandable if implementing the standards were expensive. However, the cost of enabling TLS and HSTS is in fact very small, certainly in comparison with implementing some of the other required security standards. The explanatory memorandum accompanying the new decree says that the Forum for Standardisation has previously estimated the cost to be between 0 and 400 euros per website per year, depending on the operator's existing infrastructure, service provider and preferred type of server certificate.

"The move to mandate HTTPS and HSTS support builds on previous policies," said a spokesperson for the responsible directorate of the interior ministry (BZK). "HTTPS and HSTS were added to the 'use-or-explain' list back in 2017, and their use is now required by law. Support for the standards enables private citizens to interact with the government securely online. They were put on the 'use-or-explain' list and included in the Joint Ambition Statement, and have now been mandated, in order to oblige government organisations to provide appropriate levels of security."

Another 10 years

According to the latest Information Security Standards Survey, 40 per cent of governmental domain names don't yet support the necessary website and e-mail security standards. At the current rate of progress (i.e. without further action), the Forum for Standardisation calculates that it will take another 10 years to reach the target levels of adoption. That is clearly unacceptable, especially when one considers all the new standards and best practices that will inevitably be published in the interim.

Extrapolation of 'Apply' in tenders: when will 100% be reached?

More mandates to follow

In the decree's explanatory memorandum, the government says that it intends to regularly seek advice on the need to make additional standards mandatory. Given that feedback provided during the consultation phase will be taken into account in the government's decision-making, it is significant that DNSSEC has been mentioned by respondents more often than any other standard. Furthermore, under the relevant Joint Ambition Statement, DNSSEC should have been implemented by relevant operators by the end of 2017!

"Of course, HTTPS and HSTS are not the only important security standards. Support for various others is required by the 'use or explain' list and the Joint Ambition Statement," the BZK spokesperson said. "The Ministry is therefore considering whether other standards should be legally mandated and, if so, which ones."