Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Old DLV configuration makes BIND resolvers vulnerable

We advise immediate deletion from the configuration file

  • Thursday 16 April 2020

On 25 March, T-Mobile's home internet service went down. For several hours, users couldn't get on the net -- apparently due to problems with the company's DNS resolvers. At the root of the outage was an issue with the dlv.isc.org DNS servers, part of the old DLV infrastructure set up by ISC in the early days of DNSSEC. An update to the primary DNS server failed, resulting in the DNSSEC signatures expiring. Although the DLV service hasn't been in use for years, an empty zone is kept in the air for the benefit of the many BIND resolvers whose configuration files still have the DLV option for this alternative DNS hierarchy enabled. For the prevention of issues like the one that hit T-Mobile, we advise all BIND (named) resolver operators to immediately delete the DLV option from their configurations.

Empty zone

Dynamic Lookaside Validation, to give DLV its full title, is a hangover from the early days of DNSSEC. It provided an alternative DNSSEC tree for linking signed domains to a single trust anchor. That enabled all domain names – including those whose top-level domains hadn't been signed – to be signed and validated even before the root zone was signed in 2010. Standardised in RFC 4431 and 5074, this alternative DNSSEC hierarchy was developed by ISC, developer of BIND named. DLV was implemented in BIND named and a few other resolver software packages, but was never widely adopted. As more and more top-level domains were signed, DLV became redundant and was gradually phased out. Since September 2017, the DLV service has consisted of nothing more than an empty (but signed) zone. Despite the service falling out of use, the corresponding option remains enabled in many resolvers' configuration files (/etc/named.conf):

  /* Enable DLV by default, use built-in ISC DLV key. */
  dnssec-lookaside auto;

Changing your configuration

From BIND version 9.11.3, all references to DLV have been removed from the documentation and configuration. The DLV trust anchor has also gone from the bind.keys file. And, if you do nevertheless have DLV enabled, you get a warning. From version 9.16.0, the 'dnssec-lookaside' option has been designated deprecated and all DLV functionality has been deleted from the source code. Although DLV is no longer used, DNS servers often go on working for years without a problem or even a reboot, and outdated configuration files can remain in use, unaffected by automated software updates. Another factor is that BIND 9.11 remains the current Extended Support Version (ESV) until that status is transferred to version 9.16 . Support for 9.11 will continue to the end of this year, and security patch support for a further year. The configuration of any BIND version earlier than 9.11.3 should therefore be reviewed as a matter of urgency. If the file includes the statement 'dnssec-lookaside auto' or 'dnssec-lookaside yes', it should be deleted or commented out. That goes not only for BIND servers that provide resolver services, but also for all systems where BIND is the default local resolver (e.g. many standalone UNIX-type systems).