Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

New incentives for security standards DNSSEC and DANE

A DNSSEC/DANE medley

Concept of a padlock against a technical background
  • Thursday 11 July 2019

Adoption of DNSSEC could do with a helping hand. Although the Netherlands leads the world in terms of the proportion of .nl domain names signed, the Dutch don't do nearly as well where validation is concerned. However, the new incentive scheme for DANE is expected to give DNSSEC a boost.

CDN provider Cloudflare recently published a blog explaining in accessible language how DNS cache poisoning works. The hack involves getting a caching resolver to retain a falsified domain name-IP address combination in its memory instead of the real combination. When an internet user tries to reach the domain in question, the resolver then directs them to the false address, where they might find themselves looking at a replica of their bank's website, for example.

Secure domain names

DNS spoofing is hard to pull off – certainly a classic Kaminsky attack of the kind described above. However, in view of the growing incidence and the serious implications of an attack, protection is vital to the maintenance of internet security. The answer to the problem is of course DNSSEC, where digital signatures are attached to 'true' DNS records so that resolvers know which data to trust. For a technical explanation of DNSSEC, take a look at the EURid webinar on the topic.

Adoption

Although Cloudflare is correct to say that DNSSEC isn't yet in general use, the Netherlands leads the world in terms of DNSSEC signing. Currently, 3.2 million (54 per cent) of the 5.9 million .nl domain names are signed.

According to Paul Vixie, co-developer of DNS and DNSSEC, there's an increasingly urgent need for widespread DNSSEC implementation. "A lot of people [in the industry] are resisting turning it on because it means more work for them." Earlier this year, ICANN issued a renewed appeal for full implementation of DNSSEC on all domains. Their plea was prompted by a DNSpionage incident [1, 2], where the DNS infrastructures of dozens of public and private entities in the Middle east were compromised.

DNSSEC validation

In recent years, the adoption of DNSSEC in the .nl zone has been strongly promoted by offering registrars a discount on signed domain names. Details of the discount scheme and SIDN's other incentive schemes for registrars are given in section 7 of our earlier IPv6 inventory. When it comes to the validation of DNSSEC, however, a lot remains to be done in the Netherlands. According to the latest APNIC statistics, the country's validation rate of 22 per cent is significantly below the European average of 25 per cent.

Incentive scheme for DANE

This month, we launched an incentive scheme to promote DANE for mail in the .nl zone. Although the scheme doesn't directly address validation, but but focuses on the assurance (server) side, we expect it to give a fresh boost to DNSSEC generally, since DNSSEC is a mandatory feature of the DANE standard. That belief is backed up by Postfix developer Patrick Ben Koetter's observation that DNSSEC validation in Germany has been increasing rapidly since the start of a campaign to promote DANE validation in the spring.

Support from service providers

Published recently by Forum for Standardisation, the results of the latest six-monthly Information Security Standards Survey show that, when it comes to implementing internet security standards, public bodies are dependent on large service providers. And, unfortunately, a lot of those providers don't yet support the standards. Microsoft customers, for example, have been calling for DNSSEC and DANE support to be added to the Azure and Office 365 [1, 2] cloud services for years. However, Microsoft has no plans to implement DNSSEC in the short term, meaning that moderators have the choice of doing without or looking elsewhere. Cloudflare and Google [1, 2] do support DNSSEC.