Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

SIDN's policy on taking down domain names (part 2)

SIDN tries to operate in a way that helps make the internet better for everyone. We want the internet to be free and open, but also secure and reliable. The security and reliability of the .nl zone is part of that. We've made a deliberate policy choice to do what we can in that regard, rather than just what we're required to do.

Taking down domain names as a sanction of last resort (part 1)

In my previous blog, I explained why SIDN has a Notice-and-Take-Down Policy and described the safeguards associated with it. In the last resort, SIDN will remove a domain name from the zone if it's being used to publish content that's clearly illegal or unlawful. Our Notice-and-Take-Down Policy covers the way we respond to third-party takedown requests. However, we sometimes take down domain names of our own accord as well. And we're thinking of adopting even more proactive policies.

SIDN takedowns as part of Abuse204.nl

We recently announced that we were going to take down domain names of our own accord [link] in the context of the programme called Abuse204.nl ('abuse to zero for .nl'). Within Abuse204.nl, we receive information from a specialist abuse detection organisation. If malware or phishing is detected, we warn the registrant, registrar and hoster, and ask them to take appropriate action.

Average up time of malicious sites cut significantly

With the help of several partners, we started Abuse204.nl in 2014. Since then, we've seen the average up time of phishing and malware sites in the .nl domain fall from about two hundred hours to twenty-four. About 70 per cent of the notices we send out get a cooperative response, and the malicious content is removed within twenty-four hours. Removal sometimes involves cleaning up 'innocent' websites that have been infected, and sometimes it involves the whole site being taken off line or the domain name being deleted.

If stakeholders closer to the source don't act, we do

Although we quickly notify the various stakeholders whenever an issue is detected, and they usually take prompt action, a small percentage of abuse sites are still on line several days after detection. That's highly undesirable, because the sites can be claiming victims all that time. So we've adopted the policy of taking action ourselves if no one closer to the source does anything within 114 hours* of the initial alert. The only useful course of action open to us is to remove the domain name from the zone. Since December 2016, we've had to do that forty times.

Careful approach

As I said, we never disable a domain name lightly. We take a very careful approach. In every case, multiple messages are sent to the abuse notification address and the other contact addresses we have for the registrant, the hoster and the registrar, asking them to take action. Where possible, we follow up those messages with phone calls. And, before we actually take the name off line, we check via another source whether the malware or the phishing content is still live. An impact assessment is made as well, so that we can be sure that intervention won't have any disproportionate negative consequences. Fortunately, we haven't yet come across a case where there was cause for concern in that regard. So, wherever the notification process doesn't result in the offending content being taken off line, our intervention does.

Shorter lead times

For the time being, we're sticking with the cautious intervention trip-time of 114 hours*. That decision is informed by the knowledge that most phishing victims are hooked in the first few hours after the site goes live. Nevertheless, we believe that our programme will be more effective if in due course we start intervening sooner. We want intervention to remain a last resort, but we think that the programme's effectiveness would be enhanced if we could encourage stakeholders to respond to our notices sooner and take ownership of the problem.

On the horizon: faster detection of phishing domains

Our team at SIDN Labs (www.sidnlabs.nl) is working on a smart aggregated detection method, which will use a set of parameters to quickly define registration risk profiles. The method will make use of data that we process in our registry role. When it comes into service, we'll be able to tell registrants, registrars and hosters more quickly and more fully about suspect registrations and take action ourselves when we need to.

Trend detection

One thing we see quite often is domain names being registered specifically for phishing or the propagation of malware (including ransomware). Not long ago, for example, there was a rash of registrations for fake transport companies, aimed at spreading ransomware. A trend like that can come to light at any moment. Once we detect a trend, we look particularly closely at any registration containing the suspect key word (in the case described, 'transport'). With a trend like that, the detection methodology is fairly simple. However, SIDN Labs is also able to pick up much more subtle patterns. Using Labs' sophisticated detection algorithms, we can predict with a reasonable degree of confidence when a registration has an abusive purpose. For instance, our nDEWS-systeem analyses DNS traffic data to flag up suspect domain names immediately after registration. Then there's the JTIE system, under which we exchange threat information with the Fraudehelpdesk.

Intervening before damage is done

We haven't yet decided exactly how we're going to use the information provided by the system. After all, the incoming data relates only to suspicions, and no one wants to see honest registrants unfairly prevented from using their domain names. On the other hand, it's undesirable to stand by while suspicions are confirmed, or to intervene only once the harm has been done. One option is that, if malpractice is suspected, a domain name shouldn't be added to the zone until the registrant data has gone through additional checks. The drawback of that approach is that some honest registrants would inevitably be inconvenienced. Another possibility is to put a close watch on any suspect domain name. But there are issues with that approach too: if the watch confirms abuse, the effect of intervention will be delayed because many servers will already have cached the DNS data. We can have much more effect on malpractice if we can prevent abusive domain names being added to the zone in the first place.

Coming soon

Our smart detection systems are as yet in the research phase, although preliminary testing by SIDN Labs has yielded some promising results. An nDEWS pilot is currently running, with about thirty participating registrars. Other registrars who would like to be involved can still join the programme. For details, see ndews.sidnlabs.nl.

*Update December 2022: the intervention trip-time has been brought down to 66 hours.

Article by:

Maarten Simon

Maarten Simon

Legal & Policy Advisor