Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Web hoster xel implements modern internet security standards

"An unreachable helpdesk leads to security problems"

  • Thursday 22 December 2022

Just over a year ago, web hosting service provider xel implemented DNSSEC security for domain names, followed by the anti-spam standards SPF, DKIM and DMARC. To secure its clients' mail, the company had previously adopted STARTTLS, and has since added DANE support. Xel-hosted websites with Let's Encrypt certificates enjoy DANE protection as well, even though that particular application has yet to catch on more widely.

"Customers that utilise all the security options can get a 100 per cent score on the Internet.nl security testing platform."

Xel is a web service provider whose main line of business is hosting WordPress sites. Domain name registration and mail are also standard elements of the company's service offering. Despite now having more than 11,000 customers, founder Emrah Lacin emphasises that xel isn't a volume player. "I don't believe in running a business from a spreadsheet. Our business model isn't based on discount pricing, or on margin maximisation. Instead, we give back a lot of our income to our customers in the form of support services. They can talk to us on the phone without having to select from a menu, and they can mail us any time. In fact, when the need arises, we call them. Wherever possible, the customer always gets to deal with the same xel team member, so that they don't have to keep explaining their problem again from the start. It's all part of a philosophy based on building long-term relationships."

Less hassle and unpredictability

Many companies that compete on price seek to keep support costs down by erecting barriers to contact. By contrast, xel aims to manage costs through automation, and by proactively focusing on the capabilities of a feature and how best to use it. "It's all about implementation, information and support, in that order," says Lacin. "Getting the implementation and information parts right saves us having to deal with a lot of customer enquiries later. And the money we save can be invested in service and relationship-building. Satisfied customers mean less hassle and unpredictability. It's better to anticipate risks and address them through automation and explanation, than to rush around putting out one fire after another."

A similar philosophy underpins the way xel looks after its personnel. "We prefer to employ specialists, and we try to respond promptly to signals from the service desk, so that our people don't get frustrated. Whenever we introduce a new functionality, we like to organise something so that the developers and operators get a moment in the limelight."

Xel's proactive approach means that security-related problems account for a very small proportion of helpdesk enquiries. "Security is a chain," explains Lacin. "Like any chain, the security chain is as strong as its weakest link, which in practice is often the end user. We therefore place a lot of emphasis on correct use of the available security mechanisms, although we try to confine ourselves to a higher, non-technical level. Security is another reason for keeping the support threshold low: an unreachable helpdesk leads to security problems."

"Conversely, when users log in to the control console, we flag up things that require attention. So they're aware of new features in the control interface."

Modern internet standards

For security, xel follows the standards covered by the Internet.nl testing portal: DNSSEC, HTTPS with the associated security headers/options, security.txt, SPF/DKIM/DMARC, STARTTLS/DANE, RPKI and IPv6 (the latter not being strictly a security standard, but a modern internet standard). "We've implemented all the standards over a period of time," says system analyst Samy Ascha. "Customers that utilise all the options can get a 100 per cent score on the Internet.nl security testing platform."

Implementation of some standards is relatively straightforward, being transparent to the users. DNSSEC is one example: xel manages its customers' zones, and is therefore able to sign them itself. Wherever a standard can be implemented on the customer's behalf, as with DNSSEC, xel takes responsibility.

However, some standards are more challenging, because implementation requires certain information from the customer. SPF comes under that heading: with SPF enabled, mail servers that aren't explicitly authorised are prevented from sending mail for the protected domain. In practice, that creates issues mainly where a domain owner uses an outside service provider to send marketing mail, for example.

Problematic standards

Xel facilitates the use of such 'problematic' standards partly by automating as much as possible, and partly by giving customers base-level access to their settings. With SPF, for example, the configuration screen shows the user a suggestion list of third-party mail service providers whose servers can be automatically authorised for their domain. The suggestion list is automatically compiled by analysis of the relevant domain's inbound and outbound mail traffic. In addition, users have the option of manually creating and editing their DNS records.

A special interface has also been developed for incoming DMARC reports. "We believe in working towards the strictest possible policies," says Ascha. "For DMARC that's 'reject', and for SPF it's '-all'. The user starts with a 'safe' configuration that isn't going to result in any messages being lost. Then, over a period of a few weeks, they work towards the strictest policy. If that enables us to reduce the amount of inbound spam, that ultimately yields a further cost saving."

While DNSSEC support is provided as a free feature with a domain name – xel regards DNSSEC as a basic security standard – DKIM is currently offered as a paid add-on service. "We validate all inbound mail received by our MX portals," continues Ascha, "and we attach DKIM signatures to all outbound mail from the SMTP gateway (relay) and the customer's website."

Once a service becomes established as the norm, xel incorporates it into the standard package instead of offering it as an add-on. "When a new feature is introduced, our more demanding users – with whom we generally have more support contact – often act as testers. Once the feature is working well for them, we can roll it out for the entire customer base."

Always more work to do

The approach implies regular internal discussions at xel about whether a service should be offered as, or should remain, a paid add-on. "When Let's Encrypt TLS certificates became free, that was quite a step," recalls Ascha. "However, that's now fully implemented, including automatic rollovers."

"Discussions like that are healthy," Lacin emphasises. "It's no good waiting until the market decides that you can't go on charging for something. We prefer to leverage added value at the front end, by implementing new features. So there's always more work to do. But it's been that way for 23 years now, so we're used to it."