Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Tidy up your DNS!

Exploitation of 'dangling' DNS records is the latest cybercrime trend

Illustration of blocks with the letters DNS (Domain Name System) on them.
  • Monday 15 July 2024

Big organisations often create special websites and applications to go with projects and campaigns they're running. Many of these resources are only used for a short time, then taken down once the project or campaign is over. However, it's not unusual for the associated DNS records to get overlooked and left in place. Known as 'dangling' DNS records, these neglected references might seem quite harmless, but can pose a serious security risk if crooks later get hold of the domains they point to. How does that happen, and what can you do to stop your organisation getting caught out?

What's a dangling DNS record?

A dangling DNS record is one that points to a non-existent or unusable resource. They arise when an application or website is taken down, but the associated DNS record isn't updated. The existence of these records can create security risks, which vary according to the type of record involved. A simple example is an MX record. That's a record that defines where e-mail for a particular domain should be delivered. If cybercriminals take over the destination specified in a dangling record, they cause a lot of trouble by:

  1. Intercepting e-mail intended for a legitimate organisation

  2. Redirecting traffic that's meant for a legitimate website to a malware distribution site

  3. Hosting a phishing site from a 'trusted' domain

  4. Exploiting the good reputation that an organisation and its primary domain have with Google to get a better search ranking for malicious content

How big is the problem?

A recent study by CSC Global found that 21 per cent of all DNS records are dangling. The published study data doesn't include information about the incidence of abuse. Nevertheless, anecdotal evidence suggests that scammers are mainly interested in organisations that leave DNS records pointing to cloud service providers. The reason being that many such providers, including Cloudflare, allow the re-registration of 'used' host names. By re-registering a used name, a scammer can give a visitor the impression they're dealing with a bona fide organisation's server, when that server hasn't actually been in use for some time.

Preventing dangling DNS records

An organisation can do various things to prevent dangling DNS records. The first and most obvious is DNS housekeeping: regularly go through your DNS records looking for and removing any dangling records. A number of DNS monitoring tools are also available, which can flag up changes to DNS records and suspicious activities. Finally, it's good practice to make sure that proper arrangements for subsequently tidying up DNS records are made whenever a new website or online application is created.

Dangling DNS records are a serious problem that can give rise to major security risks. It's therefore important to be aware of the dangers, and to take a proactive approach to protection. Want to know more? Check out this article.