Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Security standards at odds with commercial interests of internet companies

Result: stagnation, increased risk, single points of failure, choke points and dependency

  • Thursday 2 July 2020

Approaching two million domain names now have DANE for e-mail enabled. Adoption of the security standard has been increasing exponentially in recent years. However, although implementation of DANE and other mail security standards is mandatory for government bodies in the Netherlands, public sector adoption has stagnated.

For commercial reasons, large vendors and internet companies are withholding support for the standards for as long as possible, or are pushing their own alternatives. As well as holding up implementation, the heel-dragging is creating single points of failure and choke points in the internet infrastructure, as well as undesirable reliance on big internet companies. According to the latest statistics from Viktor Dukhovni, 1.92 million domain names currently have DANE for mail enabled. As you'll see, Dutch internet providers and domains account for a considerable proportion of the total. In terms of absolute DANE-enabled MX-gateway numbers, the Netherlands is third after the US and Germany. That's bound to be linked to our leading position on the adoption of DNSSEC, which is required for the use of DANE.

Exponential rise

New names in the list include hosting service provider WebReus, who activated DANE for mail for 21,300 domain names last month, and secure mail provider MX-Relay, which enabled the standard for nearly 2,300 domain names. However, the education ministry's Office of Education (DUO) warrants an honourable mention as well.

The following graph shows how the adoption of DANE (for mail) has increased exponentially.

Stagnation

Although government bodies are required to use the e-mail security standards (and various other security and other standards), implementation has been sluggish. The latest Information Security Standards Survey found that the adoption of DKIM, SPF and DMARC has almost ground to a halt. Some progress is being made with the publication of DMARC (policy) records and DANE (certificate pinning) records, but levels of support remain very low compared with the other mail security standards.

Elevated risk

When publishing the survey findings the Forum for Standardisation accordingly expressed concern regarding the risks associated with poorly secured e-mail infrastructures. "Forty-two per cent of the government remains vulnerable to e-mail falsification. Moreover, half of public bodies aren't meeting the security requirements on e-mail confidentiality. The bodies in question aren't complying with government-wide agreements and are at elevated risk." The Forum warned about the potential impact of phishing/spoofing, and the interception and manipulation of government mail traffic. To illustrated the danger, the Forum pointed to the e-mails circulating in April, which purported to come from the National Institute for Public Health and the Environment and from the central government. In the same month, the Court of Audit reported that it was possible to send mail in the name of the Chief of the Armed Forces and other Defence personnel. Where internet security standards on the 'use-or-explain' list are concerned, the Pan-governmental Digital Government Policy Liaison Forum (OBDO) has drawn up Joint Ambition Statements. According to those statements, SPF, DKIM and DMARC should have been implemented by all Dutch government bodies by the end of 2017. By the end of 2019, strict SPF and DMARC policies (records) should have been effective throughout government. The turn of the year was also the target date for implementing DANE/STARTTLS on all MX gateways.

Commercial interests

Adoption of the security standards hasn't been helped by the fact that their development and use is often at odds with the interests of commercial mail service providers such as Microsoft and Google. The Forum for Standardisation had to exert considerable official pressure on Microsoft to get the company to make any commitments regarding the implementation of DNSSEC and DANE, for example. The Forum's intervention followed a downturn in the adoption of DNSSEC (needed for DANE) amongst local authorities last year, caused by migration to Office 365 Exchange Online. In the following tweet thread, Rich Felker (developer of the musl C library) complains about Google's use of its own (less secure) MTA-STS protocol in preference to DANE.

In the most recent edition of its European Cyber Security Perspectives, KPN emphasises the importance of DNSSEC: although the extension has no direct discernible commercial value to KPN (who describe it as a hygiene factor), it is necessary for the use of DANE/STARTTLS.

Big Internet

Our own Research Engineer Maarten Wullink recently expressed his concern regarding dependency on free certificate supplier Let's Encrypt. Google, Facebook and Cisco are all involved with the service, along with the Electronic Frontier Foundation, the Mozilla Foundation and the Internet Society. And nearly three quarters of all TLS-secured websites in the .nl zone now have LE certificates.

According to Wullink, the monoculture makes us vulnerable in the event of a DigiNotar-style hack or temporary outage of the LE infrastructure. "It's undesirable that most certificates are issued by a single (American) Certificate Authority (CA)," says Wullink. "As well as creating a single point of failure, such reliance has privacy implications and raises the question of whether we really should be so dependent on a major foreign service provider." A distributed infrastructure of the kind that could be created on the basis of self-signed certificates and DANE (for web) currently looks a long way off. "DANE for web is virtually unused and, unless you install a plug-in, no browsers support DANE."

E-mail standards checklist

For anyone who wants to get to grips with SPF, DKI, DMARC and DANE/STARTTLS, Research Engineers Marco Davids and Elmer Lastdrager have developed an (Ducth) E-mail standards checklist. The checklist serves as a step-by-step guide to setting up a properly secured e-mail infrastructure. It also has links to various (online) tools for testing that you've got each feature working properly as you progress.

https://assets.ctfassets.net/yj8364fopk6s/7t8wLafwM4iLXCbW1g9dWw/ae6f954d2348e474c51f0a4f5d9866f4/E-mail_standards_checklist.pdf

If you go through the whole procedure and your systems also support IPv6, you'll score full marks in the Internet.nl mail test. In other words, your mail systems will be fully up-to-date and in compliance with the latest requirements and guidance from the Forum for Standardisation [1, 2], the National Cyber Security Centre (NCSC) [1, 2] and others.