Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Just 6% of government contracts specify use of all mandatory open standards

Statutory enforcement in prospect

  • Monday 12 October 2020

A study of seventy-two of last year's Dutch government procurement contracts has found that only 6 per cent of them stipulated use of all the open standards whose implementation is mandatory. In 11 per cent of the contracts, use of the standards wasn't stipulated at all. In the remaining 83 per cent, incomplete arrangements were made. Across all the procurement contracts, appropriate provisions were made in 50 per cent of the 736 instances where an open standard should have been stipulated. The Open Standards Monitoring Report 2019 was submitted to the lower house of the Dutch parliament in summer 2020.

Although the figures represent a slight improvement on the previous year, which was in turn better than the year before, progress remains frustratingly slow. As the report itself says, "use of the mandatory open standards has gradually increased in recent years. However, the ultimate goal of getting all government bodies to apply relevant open standards was missed again in 2019, and progress appears to be stagnating."

Internet security standards

Taking the report in combination with the findings of the latest six-monthly Information Security Standards Survey, the stagnation is particularly apparent in relation to the internet security standards TLS/HTTPS, DNSSEC, SPF, DKIM and DMARC, TLS/HTTPS and HSTS compliant with the stricter NCSC requirements, and STARTTLS/DANE for mail. The two diagrams below show that further adoption of those standards by government bodies is progressing at snail's pace. The one exception is the strict DMARC policy, but the level of adoption there remains very low compared with the other security standards.

Consequently, what we wrote last year about the previous survey remains valid: after several years of growth, the implementation of internet security standards by government bodies in the Netherlands has slowed significantly, despite the existence of adoption requirements and agreements. Viewed together, the research results show that growth in the use of the standards has levelled off markedly. Adoption of the web-related standards is barely increasing at all, while use of the mail-related standards is growing, but still lags well behind use of the web-related standards.

Basic infrastructure

Looking back at the Open Standards Monitoring Report 2019, Table 5 shows that the internet security standards were relevant in the context of government procurement contracts much more often than most other open standards. That's not surprising, given that what we are concerned with here is basic infrastructure procurement contracts. Where they were relevant, the security standards were stipulated in roughly 30 to 60 per cent of cases. One (negative) exception was IPv6, which (like WPA2 Enterprise) was stipulated in just 20 per cent of relevant cases.

Causes and implications

We have previously highlighted the great economic [1, 2] and technical importance [1, 2, 3] of IPv6, as well as the Netherlands' tardy adoption of the protocol, and the implications of that tardiness for the nation's innovation and investment climate [1, 2]. However, what we are witnessing is part of a more general problem: the adoption of new internet standards is sluggish across the board. In some cases, it has taken not years but decades to get a new internet standard into widespread use. For example, despite being around since 1998, IPv6 is only now getting firmly established. Similarly, the modern DNSSEC standard was published in 2005, but it has been fully embraced only in a small number of top-level domains. According to Geoff Huston, Chief Scientist at APNIC, postponement of the root KSK rollover held up the adoption of DNSSEC validation by eighteen months. Early this year, KPN did improve the situation in the Netherlands significantly by enabling validation for all landline and mobile customers. However, last year, the Forum for Standardisation had to exert considerable official pressure on Microsoft to get the company to make any commitments regarding the implementation of DNSSEC and DANE, even though customers had been asking for these technologies for years.

Mandatory adoption

Adoption of all the modern internet standards listed above has been mandatory for Dutch government bodies for several years. All the open standards on the Forum for Standardisation's 'use-or-explain' list must be adopted whenever public bodies replace infrastructure, and should therefore be stipulated in any associated procurement contracts. A Joint Ambition Statement that includes implementation deadlines for those modern (security) standards has additionally been agreed with the Pan-governmental Digital Government Policy Forum (OBDO).

However, if we consider the 'explain' requirement that applies whenever the 'use' requirement cannot be met, the survey's findings are quite startling. None of the annual reports of the seven ministries that didn't comply with the 'use' requirement made reference to a single specific procurement project. Of the local government bodies whose procurement contracts were analysed, none mentioned their policy on internet standards at all in their annual report.

Breaking the log jam

"Progress is definitely slowing," says Bart Knubben, Coordinating Consultant at the Forum for Standardisation, "but progress is still being made. That's apparent from the new survey that's currently in progress. Where standards that are already in widespread use are concerned, it's proving difficult to get the last few organisations on board. And there are specific factors behind the slow adoption of DANE (for mail) and the strict DMARC policy. Organisations are reluctant to set their DMARC policies to 'reject' or 'quarantine', in case it turns out that they don't have a proper overview of their mail flows. We really need someone to break the log jam there. The difficulty with DANE is that it isn't yet supported by all software and service providers. For example, Sendmail has only recently enabled DANE validation for outbound mail." Meanwhile, the Forum for Standardisation is in talks with other service providers, including Proofpoint, Forcepoint and Google, with a view to persuading them to support DANE as well. Cisco has already added DANE support and Microsoft has announced that it'll implement full support before the end of 2021, in both cases partly in response to pressure from the Dutch government. Knubben believes that implementation of the relevant standards needs to be made easier. "The software should take care of provisioning: new PKI certificate keys should automatically trigger a DANE record update. Another issue we're observing is that the government has so many different domain names that their management is becoming problematic. The number of government domains in use needs to be cut for reasons of security and recognisability as well. Current circumstances are making action on that front even more important. New domain names have been created for many of the countless pandemic-related initiatives the government is taking, while criminals are busy cashing in on the situation with phishing campaigns." Implementation and use of the standards referred to above (and others) may ultimately be enforced by law. The Digital Government Act currently before the Dutch parliament includes a provision allowing for the use of particular standards to be required by general administrative order. Knubben therefore sees the adoption of standards being pushed through in stages: first by inclusion on the 'use-or-explain' list and in Joint Ambition Statements, and later by statutory order.