Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

.nl not affected by global domain hijacking campaign

We will be further extending our DNS monitoring facilities

We have been working with NCSC-NL to investigate if .nl domain names were compromised in a recently unveiled global campaign to hijack domain names, allegedly for state-related purposes. While no .nl domain names appear to have been compromised, we will be further extending our DNS monitoring facilities to more proactively detect signs of such campaigns in the .nl zone in the future and we reiterate the importance of following best practices for secure domain name registration.

Domain hijacks

A domain hijack is “the act of changing the registration of a domain name without the permission of its original registrant” and involves an unauthorised person changing a domain name’s records in the Domain Name System (DNS) so that it maps to a different IP address than that set by the registrant. For example, a miscreant might change the www mapping for the domain example.nl in the DNS so that visitors who log on to www.example.nl unknowingly send their traffic through an intermediate server that the miscreant uses to record their user names and passwords. Similarly, the miscreant could also change example.nl’s mail settings in the DNS so that the intermediate server receives and stores e-mails sent to any_user@example.nl.

Domain hijacks may thus have severe effects in terms of security and privacy compromises as well as reputational and financial damage, both for users and for registrants.

Account compromises

One way for a miscreant to hijack a domain name is to compromise the account through which registrants manage their domain name settings through their registrar, for instance by using user names and passwords obtained from other compromised sites. Similarly, they may also use more advanced techniques, such as spear phishing the staff of a registry to obtain the credentials of more high-value domain names.

Once the miscreant manages to compromise the account, they use the administrative panel that the registrar provides to change example.nl’s records in the DNS. For example, they could change the domain’s name servers, which results in users visiting www.example.nl being redirected to a malicious site through name servers under the miscreant’s control.

The Security and Stability Advisory Committee (SSAC) at ICANN provides an overview of actual compromises of registrant accounts that took place in the past and how they were carried out.

Global hijacking campaign

Security company FireEye recently reported that they had discovered a global domain hijacking campaign that affected “dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America” and suggested the campaign was state-related.

FireEye also published the techniques they found the adversaries had used, which included changing the IP addresses of a domain name (DNS A records). While FireEye did not reveal how they obtained this information, it led the Dutch National Cyber Security Centre (NCSC-NL) to issue a security alert, just like national CERTs in the US and the UK.

Analysing .nl’s DNS records

Prompted by the reports, the team here at SIDN Labs analysed the .nl zone for name server changes and initially identified 623 .nl domain names distributed across 43 registrars that shared characteristics with domains involved in the campaign.

We shared the names with NCSC-NL, who used other (undisclosed) datasets for further analysis. Based on that analysis, they reported that it was unlikely that the names had actually been compromised.

Lessons learned

While that is good news, we also learned that we will need to further extend our DNS monitoring facilities to detect domain hijacks more proactively and thus protect the security of .nl users and registrants, particularly in collaboration with NCSC-NL, our registrars, and the research community.

We were also reminded that the security of domain registration data remains a key part of global internet security and that it requires registries, registrars, and DNS operators to follow best practices such as two-factor authentication (2FA) for logging onto admin panels, domain locks for high-value domain names, carefully designed domain management privileges, and high awareness of staff of potential phishing campaigns that might target them. We and our registrars employ several of those techniques to protect .nl domain registrations, such as 2FA on the portals that our registrars provide to registrants and the registry lock that we offer at SIDN.

I personally recommend everyone working in our industry to read the SSAC advisory on this topic, and in particular the practical check list the SSAC offers in Section 6.

Cristian HesselmanDirector SIDN LabsMember of the Security and Stability Advisory Committee (SSAC)

Article by:

Cristian Hesselman

Cristian Hesselman

Director SIDN Labs