Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Slowdown in government adoption of internet security standards

Legal requirements on the cards

Photo of the parliament buildings of the Dutch government in The Hague
  • Tuesday 25 June 2019

After several years of growth, the implementation of internet security standards by government bodies in the Netherlands has slowed significantly, despite the existence of adoption requirements and agreements. The interior ministry therefore wants to enforce implementation of some standards by using its powers under the Digital Government Act to issue a general administrative order. Where other standards are concerned, organisations and major suppliers will be approached individually. The situation was highlighted by the latest six-monthly Information Security Standards Survey carried out by the Forum for Standardisation.

The survey involved testing the 563 most important governmental domain names to check on their support for the following standards:

  • TLS/HTTPS for the web

  • DNSSEC

  • SPF, DKIM and DMARC (for protection against phishing, spam, viruses and other e-mail distributed malware)

  • TLS/HTTPS and HSTS conforming to the stricter NCSC requirements on the use of particular cryptographic algorithms

  • STARTTLS and DANE (for the encryption of mail transmissions)

The tests were carried out using the bulk test functionality of the Internet.nl portal.

Viewed together, the test results show that growth in the use of the standards has levelled off markedly over the last six months. Adoption of the web-related standards is barely increasing at all, while use of the mail-related standards is growing, but still lags well behind use of the web-related standards.

Bar graph showing the average adoption of web standards
Bar graph showing the average adoption of mail standards

Progress

Bart Knubben, Coordinating Consultant at the Forum for Standardisation, is inclined to see the glass as half full, but acknowledges that much remains to be done. "Many government bodies have achieved tremendous progress. That's reflected in the high adoption rates for various standards, and in the strong growth in the use of other standards that haven't yet been as widely adopted." "Ultimately, we want to see 100 per cent adoption of the relevant standards. We regard adoption of 90 per cent or more as positive, but obviously short of that ultimate goal. Achieving 100 per cent adoption of the web standards will require the last few non-compliant organisations to be approached and supported individually. We are seeing clear growth with the two mail standards: DMARC (with the policy defined as 'quarantine' or 'reject') and DANE. DMARC is up from 28 to 37 per cent and DANE from 25 to 41 per cent, in the space of six months. That's good progress, even if the adoption levels in both cases leave ample room for improvement."

Aspiration agreements

One would expect the rate of growth to reduce as adoption of a standard approaches 100 per cent on an asymptotic path. However, in recent years, a number of aspiration agreements were concluded within the Pan-governmental Digital Government Policy Liaison Forum (OBDO), with the specific intention of accelerating adoption by backing up requirements arising out of the 'use-or-explain' list. Under the aspiration agreements, all government domains should have been using TLS/HTTPS, DNSSEC and SPF/DKIM/DMARC by the end of 2017. And, by the end of 2018, all governmental websites should have had TLS/HTTPS and HSTS implementations that complied with NCSC guidelines. Finally, all mail systems should support STARTTLS/DANE and the strict SPF and DMARC policy settings by the end of this year. From the diagrams above, it will be apparent that the agreements' ultimate goals have not been realised.

Basic level

"The internet standards whose use we monitor contribute to an agreed basic level of security for websites and e-mail," says Knubben. "If you don't use the standards, it's relatively easy for wrongdoers to take advantage of the inherent weaknesses in the protocols underpinning the domain name system, websites and e-mail. Every governmental organisation has a responsibility to get the basics right. Because citizens, businesses and public bodies have a right to expect that electronic communications with and between governmental organisations are secure." "The results of our survey have been distributed to umbrella groups and security officers in the various tiers of government, since responsibility for implementing the information security standards lies with the individual governmental organisations. We are also seeking to help relevant organisations tell their service providers exactly what their requirements are. At the moment, we're focusing mainly on the e-mail standards DANE and DMARC (policy), because adoption rates for those standards are significantly below the rates for other standards, and by the end of this year the aspiration is to achieve 100 per cent implementation of STARTTLS/DANE and strict-policy SPF and DMARC."

Legal requirement

However, on the basis of the survey findings, the Forum for Standardisation believes that full adoption of the internet security standards will not be possible without additional action. First, the intention is to approach governmental organisations and major service providers individually. In addition, non-compliant entities may have to be legally obliged to implement appropriate standards. Where TLS/HTTPS and HSTS conforming to NCSC guidelines are concerned, the interior ministry wants to enforce implementation by using its powers under the Digital Government Act to issue a general administrative order. Whether a similar approach is needed for the other standards will be decided early next year. "There will always be laggards," says Knubben. "It's important that software suppliers and service providers make the standards easy to implement, or -- even better -- make support for the standards the default position. The inclusion of DANE in the SIDN's incentive programme would certainly help. If we're going to make further progress on adoption -- including adoption outside the state sector and beyond our borders -- it's vital to have cooperation along the lines of the Platform for Internet Standards and the Secure E-mail Coalition. We'll continue doing our bit to bring that about."