Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

New DNSSEC KSK pair generated for the root zone

Latest rollover is formally under way

Concept of a padlock in a digital environment
  • Monday 17 July 2023

IANA has recently generated a new KSK pair for the root zone. The rollover from KSK-2017 to what's now known as KSK-2023 is therefore formally under way.

The next step will take place in the autumn, when the new key pair is copied to a second data centre. Then, early next year, the KSK-2023 public key will actually be published in the root zone.

The switch to a new KSK pair is significant mainly for DNSSEC-validating resolver operators, because every validating resolver will have to instal the new public key as a trust anchor.

During 'Root KSK Ceremony 49' the new KSK-2023 key pair was generated. [source: IANA].

The switch to KSK-2023 now in progress will be the second ever root KSK rollover. The first took place between 2017 and 2019. Although that rollover was ultimately successful, the actual adoption of KSK-2017 was put back a year part way through the process. A delay was thought to be wise in light of evidence that not all validating resolvers had installed the new trust anchor in time. However, after careful analysis of the observational data, and extensive consultation with the DNS community, ICANN decided to press ahead with the rollover.

Algorithm rollover

In parallel with the KSK rollover, another project has started, involving migration to a more modern cryptographic algorithm for signing the root zone. That too implies a rollover process, but the algorithm rollover is entirely separate from the KSK rollover.

Our own Moritz Müller, Research Engineer at SIDN Labs, is a member of the Root Zone Algorithm Rollover Study Design Team that is developing the plans for the migration process. "We're currently working on an advisory report to IANA on the best way to switch from one algorithm to another," he explains. "However, the report won't make recommendations about when the rollover should take place, or which algorithm should be adopted. A draft of the report will soon be published for feedback from the internet community."

.nl zone

A similar algorithm rollover process is already in progress for the .nl zone: we're switching from algorithm 8 to algorithm 13 later this month. The .nl zone will then be aligned with all the latest recommendations in this field. Our rollover formally got started on 4 July, and, all being well, the old keys should be deleted from the zone 2 weeks later, completing the process.

Because the verification of digital signatures – the .nl zone contains 20 million RRSIG records – generated using the new ECDSA algorithm takes more time and processing power, we upgraded the Hardware Security Modules (HSMs) that do the calculations back in May. Use of faster HSMs means that the total processing time remains less than half an hour (the .nl zone's refresh interval). The reward for all this effort will be a DNSSEC-enabled zone that's fully up to date, much more efficient and considerably more secure.

Update 28 August 2023

Because the hardware security modules (HSMs) currently used for the root KSKs are being withdrawn from production, new equipment was acquired this summer. The new KSK2023 key pair is therefore likely to be regenerated on the new hardware.

Consequently, although the KSK2023 key pair has been copied to the second data centre, publication of the public key in a DNSKEY record (originally scheduled for early next year) has been put on hold pending the HSM upgrade.

Replacement of the HSMs necessitates the generation of a new key pair because the equipment is so strongly secured that it's almost impossible to transfer private key material from one system to another. It's both easier and more secure to generate a new key pair on the new equipment.