Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Vote on inclusion of DNS abuse provisions in new ICANN contracts

Registrars and registries opt for self-regulation in response to growing government pressure

  • Thursday 14 December 2023

A vote was recently held to decide whether changes should be made to the contracts between ICANN and the gTLD registries and registrars. Although more specific ICANN policy documents are modified relatively frequently, contractual changes are rare: the existing contracts date from 2013. However, what makes the situation really exceptional is that the changes aren't the product of ICANN's Policy Development Process [1], but have been proposed by the affiliated registries and registrars.

The vote relates to the addition of a DNS abuse clause to the contracts. Until now, registries and registrars have been responsible merely for responding to reports of illegal activities in a general sense. Under the revised contracts, their responsibilities will be defined more tightly, and will cover only the abuse of domain names. In practical terms, it means that they will have to establish a mechanism for processing domain name abuse reports, and will have to respond promptly to such reports by intervening to end abuses and minimise harm. Assuming that the changes go through, as seems likely, the new arrangements are expected to take effect quite soon.

New obligations

The proposed changes are clearly explained in the annotated draft contracts. See sections 4.1 and 4.2 of the Registry Agreement and sections 3.18.1 and 3.18.2 of the Registrar Accreditation Agreement.

In essence, the new provisions mean that:

  • Every registrar/registry will be required to provide a clearly designated and readily accessible portal for DNS abuse and illegal activities to be reported by e-mail or using a web form.

  • DNS abuse is understood to mean malware, botnets, phishing and pharming, or spamming to facilitate one of the other forms of abuse.

  • ICANN's definitions of the various forms of DNS abuse are given in section 2.1 of the SAC115 report.

  • Abuse report recipients must confirm receipt to the reporting party.

  • Registrars/registries must respond promptly by investigating reported abuses and taking appropriate action.

  • If investigation of a report confirms domain name abuse, the registrar/registry must, if reasonably possible, immediately intervene to end or address the abuse, depending on the circumstances and the seriousness of the matter (harm caused).

  • A unique situation

"The idea of amending the contracts came up during a brainstorming session at the Domains & Jurisdiction Policy Program Meeting, which took place in Paris in May 2022," recalls Theo Geurts, Privacy & GRC Officer at Realtime Register and a member of ICANN's GSNO Council. Within ICANN, the GSNO (Generic Names Supporting Organization) is responsible for developing policies on generic top-level domains (gTLDs). "Although the ICANN contract has for a long time said that the requirements can be amended by negotiation, that's never been done, so this is something quite unusual."

Geurts believes that the move to amend the contracts is a response to increasing regulatory pressure from government. "ICANN's compliance team doesn't have the resources to actively address all DNS abuses itself. Under the current arrangements, what usually happens is that the hoster responsible for a domain is mailed, and that's the end of it. When the contractual changes take effect, registrars and registries will have to act on abuse reports, and inform the reporting party if a problem can't be resolved. Any registry or registrar that fails to do so is liable to be sanctioned. In the final resort, accreditation can be withdrawn altogether, but it'll probably never come to that in practice."

Self-regulation

By introducing the self-regulatory measures outlined above, the DNS industry is responding to increasing governmental involvement with the sector. The immediate trigger was the EU's new NIS2 Directive (Network and Information Systems 2 Directive), which classifies major DNS operators as part of the essential digital infrastructure. Although the Directive was drafted without prior consultation with the industry, Geurts is positive about it. "NIS2 raises the bar for all businesses and other organisations in our sector, and that must be a good thing. However, Article 28, clause 4, requires, for example, that all non-personal information about a domain name registrant – explicitly including the registrant's name, phone number and e-mail address if the registrant is a legal entity – must be made available free of charge. Prior to the GDPR, all domain registration data has publicly available, and abuse of that data was consequently commonplace. Such problems have largely disappeared since Whois access was restricted. I'm therefore expecting an upturn in abuse when NIS2 takes effect, unless criminals are denied access to registration data. Clause 3 of the same article also requires that registrant data is verified. However, verification on an international scale is very difficult and costly. We don't yet know how governments will interpret the requirement, but we're hoping it'll come down to implementing a procedure similar to the validation and verification arrangements set out in the Registrar Accreditation Agreement of 2013."

Geurts sees it as no coincidence that the DNS sector has been made responsible, and not the hosting industry, where all the malware can be found. "gTLD registries and registrars all have contracts with ICANN, and can therefore be held to account via that channel. What's more, the ICANN community has various stakeholder groups, support organisations and advisory committees. Everyone is represented, so ICANN is the place for complex DNS-related problems."

Waterbed

Although the great majority of ICANN members voted for the contractual changes, Geurts believes that they did so for contrasting reasons. "On the one hand, you've got registrars who are backing the changes as a matter of principle. They take the view that security will be considerably improved by adopting a collective approach to clamping down on DNS abuse. Then there are other registrars who are thinking mainly about the commercial opportunities."

"I do believe that it's currently too easy to register domain names, but I can't imagine that cybercrime is going to disappear when the changes come in. If we make registration too difficult, malicious actors will simply switch to bulk domain name providers around the world. And modern ransomware-as-a-service providers have in any case given up registering domain names; they simply hack other people's websites and install their malware there. So crime is likely to simply migrate to other fields."

"Fighting cybercrime has become a full-time job," says Geurts. "The landscape is constantly changing, with scams coming and going, even seasonally in some cases. Fortunately, though, more and more registrars are recognising the need for process improvements and closer collaboration with other registrars. Early this year, for example, we had criminals from Vietnam registering a lot of domains, resulting in numerous chargebacks. Loads of registrars were affected, and the losses ran into millions of dollars. Even in that context, though, cooperation and information sharing prevented things getting even worse. The planned contractual changes will enable streamlining of the relevant processes, and as an industry we'll be better off. Some registrars have still got a long way to go, but that's inevitable with developments like this."

Positive response

Geurts says he's pleasantly surprised by how easy it's been to arrange the contractual changes. "The initiative has received a positive response throughout the ICANN community. So we can go on to consider other things that we'd like to change – if, for example, we want to revise or extend the various DNS abuse aspects."

This is the best we can do for now. Before going any further, we need to see how the changes work out in practice. Then we'll need to measure their effects. Once we've shown that this approach works, we can hopefully replicate it in other sectors, such as hosting services and other, non-registry/registrar-related DNS services. However, when I look at the current scale of cybercrime, I think it might take 20 years to get a global approach adopted."

Geurts recognises that things are changing, though. "10 or 15 years ago, registrars took much less interest in cybercrime. But now everyone is setting up anti-abuse processes."

Doing more

Although SIDN has no contract with ICANN in its capacity as operator of the .nl domain (we do operate a number of gTLDs, but .nl is a ccTLD), we wholeheartedly support the gTLD contract changes. "This is the way the domain name industry is going, partly in response to government pressure," says SIDN's Legal and Policy Manager Maarten Simon. "Registries and registrars need to do more to tackle DNS abuse, and it's good to see the industry taking that on board. The moves will mean more prompt and more active intervention. We've been doing that for the .nl domain for some years, and it's encouraging to see more and more actors doing the same."

"The ICANN contracts only cover gTLDs. Where gTLDs are concerned, ICANN plays a similar role to the one we play in relation to the .nl domain. However, cybercrime is a problem that affects the whole industry. We're therefore watching to see how the changes pan out in practice, because of their importance for the internet as a whole. If the effects are positive, we may consider adding similar requirements to our own registrar-registry contracts."