Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

DDoS Clearing House now in use by National Anti-DDoS Coalition

Collective anti-DDoS initiative: from lab project to production service

Digital icon of a padlock.

The original blog post is in Dutch, this is the English translation.

Authors: Thijs van den Hout (SIDN Labs), Remco Poortinga – van Wijnen (SURF), Ramin Yazdani (University of Twente), Cristian Hesselman (SIDN Labs and University of Twente)

It's 6 years ago this month since we put forward the idea of a DDoS Clearing House: a system for sharing data about DDoS attacks. The concept was subsequently developed in partnership with research centres and companies in Germany, Italy and Switzerland, under the umbrella of the EU-funded CONCORDIA project. And, last month, the Dutch National Anti-DDoS Coalition began operational use of the Clearing House, bringing our work to a successful conclusion. In this blog, we look back on the Clearing House's journey from a vision for collective DDoS defence, through the research phase, and ultimately to an operational system, and we consider the lessons learnt along the way.

Fighting DDoS attacks together

In 2018, the Dutch banking industry was frequently being targeted by DDoS attackers, disrupting the flow of transaction traffic for ABN AMRO Bank, ING and others. Companies in other sectors and government bodies were increasingly finding themselves under fire as well, partly because DDoS attacks were becoming easier to carry out, due to the use of so-called 'booters'. DDoS attacks continue to threaten a variety of organisations, including hospitals and enterprises.

The problem in 2018 was that potential victims had their own anti-DDoS arrangements (e.g. based on the NBIP's DDoS protection service or commercial services such as those provided by Akamai), but there was very little collaboration on such matters. As a result, one organisation would often have data on the attacks it had suffered, such as the attack systems and network protocols used, but knew nothing about the attacks mounted against other organisations. That was compromising IT teams' ability to prepare for attacks similar to those encountered by their colleagues in other organisations. So, if they too were targeted, they could only learn about an attack on a reactive basis, and work out how to respond while actually under fire.

Start of the National Anti-DDoS Coalition

Against that background, SIDN, SURF, and the University of Twente published an open letter to the operators of the Netherlands' critical infrastructure in April 2018, calling for the development of a system that we initially called the 'DDoS radar'. The idea was to supplement existing anti-DDoS arrangements by providing a mechanism for potential victims to exchange data about DDoS sources and attacks.

The letter was one of the triggers for an initial anti-DDoS working session at the NCSC on 22 May 2018. The session was attended by people from various organisations with an interest in the Netherlands' vital infrastructure, including the Ministry of Economic Affairs, SIDN, the Dutch Payments Association, AMS-IX, NL-ix NBIP, VNO-NCW, NoMoreDDoS and the University of Twente. At the session, it was concluded that there was a lack of inter-initiative coordination and knowledge-sharing. The participants also acknowledged that DDoS attacks were a shared problem of national importance, and that experts with relevant experience should collaborate and not view each other as rivals.

It was agreed that a Clearing House Working Group should be established. The group would go on to play an important role in the development of the DDoS Clearing House (the new name for the DDoS radar). The session was also the starting point for the National Anti-DDoS Coalition (NL ADC), which 17 organisations from various sectors joined in the 2 years following the initial gathering. At that time, we published a three-part blog series setting out our vision and timeline for establishing a collective approach to anti-DDoS activities and a DDoS Clearing House.

CONCORDIA: research into the sharing of DDoS data

In 2018, SIDN, SURF and the University of Twente were also involved in development of the CONCORDIA project, which became the umbrella for research and development work on the DDoS Clearing House. That led to collaboration with researchers from Telecom Italia, the University of Zurich and FORTH.

The European Commission agreed to fund CONCORDIA, which accordingly got started on 1 January 2019. Work on the Clearing House began in March 2020.

Our approach: parallel research and practice

Once CONCORDIA got started, we were in the unique position of being able to maintain continuous dialogue between the CONCORDIA research team and a prospective Clearing House user group (the NL ADC). We were able to provide the NL ADC with a service that offered added value for its members, and the dialogue meant that the CONCORDIA team was able to develop and pilot the Clearing House on the basis of the industry's requirements.

We developed the Clearing House in stages, in close consultation with the NL ADC's Clearing House Working Group and Legal Working Group. It became a modular application broadly consisting of 3 elements. The dissector compiles a 'DDoS fingerprint' summarising the key characteristics of an incoming DDoS attack, such as the source IP addresses, and the protocols and internet ports used. DDoS-DB is the database in which fingerprints are saved and potentially shared with other coalition members. The extensions are add-ons for the Clearing House that, for example, provide geographical information or visualise the attack traffic. We also developed a testbed to enable us to see how the Clearing House worked with small volumes of DDoS traffic.

We subsequently worked with the NL ADC to thoroughly test the Clearing House in a pilot in 2022, with the NBIP playing a key role. During the pilot, DDoS fingerprints of more than 250 DDoS attacks were generated, enabling us to try out the Clearing House in a semi-operational environment. During the pilot phase, we also refined the dissector to improve the accuracy of the fingerprints it generated. After the pilot, we began technical and legal preparations for the system's production rollout.

We're now live!

Since March 2024, the DDoS Clearing House has been in production use at the NL ADC, whose members are able to use it free of charge. We are very proud that we've been able to translate our vision into a production system. It wasn't for nothing that the DDoS Clearing House was designated a high-potential innovation in the European Commission's Innovation Radar!

What have we learnt?

During our 6-year journey from conceptualisation, through software development, research and practical collaboration, we have learnt 3 important lessons:

  • It's not a purely technical challenge Collective DDoS mitigation requires more than a technically functional DDoS Clearing House. Before and during the development of the technical system, it's necessary to establish a governance structure and draw up simple data sharing agreements. Like the members of a musical ensemble, the various technical, organisational and legal components have to be in harmony in order to collectively 'make music'. An orchestra is more than the sum of its parts.

  • Multidisciplinary teams are needed Collective DDoS mitigation is based on multiple distinct disciplines, such as network management, privacy and security operations, and therefore requires multidisciplinary teams. For example, the lawyers within the National Anti-DDoS Coalition needed to be familiar with the technical concepts associated with DDoS attacks, fingerprint sharing and why they are important. Conversely, the technical teams needed to have a grasp of the legal and privacy considerations. By enabling different disciplines to understand one another, we were able to collectively simplify and relax the data sharing agreements.

  • Start small and grow By starting with a pilot version of the DDoS Clearing House and a small user group, we were able to rapidly iterate software versions and adapt to new NL ADC requirements. That helped us build trust within the Coalition and develop DDoS fingerprint sharing agreements relatively quickly. As a result, translating the concept into a production-ready service was a much smaller step.

Open source all the way

We developed the DDoS Clearing House on a fully open-source basis. The software for both the Clearing House itself and the testbed are accordingly available from our GitHub page.

We also published templates of the agreements we used for the NL ADC, so that other EU member states and interested parties have access to a 'cookbook' on setting up their own DDoS clearing houses. The agreements cover the technology of the DDoS Clearing House, and the organisational and legal requirements that such a system has to meet. The cookbook is summarised in an article that we published in the peer-reviewed academic journal IEEE Communications Magazine.

What next?

Although the Clearing House is now in production use and the CONCORDIA project was concluded in May 2023, work on the Clearing House continues under the banner of the NL ADC.

For example, the NL ADC recently established an Intel and Attribution Working Group. Within the group, we will use the DDoS Clearing House to identify DDoS attack sources, compare fingerprints for trend analysis purposes, and simplify the process of sharing threat information.

The Clearing House Working Group will also use feedback from Coalition members to make further technical improvements to the system. In addition, fingerprints generated by the DDoS Clearing House will be used to develop attack scenarios for the NL ADC's annual large-scale DDoS drills. That should help coalition members to prepare more effectively for the challenges they are liable to face in practice.

Join the Coalition!

Are you interested in the National Anti-DDoS Coalition and its activities? Or do you have a question? Please mail info@nomoreddos.org. Because together we're able to defend ourselves better.

Acknowledgements

We wish to thank all the organisations that belong to the National Anti-DDoS Coalition. They are the basis for all the Coalition's activities and for collaborations within the Coalition. We additionally want to thank the other CONCORDIA members for their contributions to the technical system: Telecom Italia, FORTH and the University of Zurich.

Would you like to read more about this topic?

Together with this blog post, we also published a more technical blog on the RIPE Labs website: Collaborative DDoS Mitigation: From Research to Operational Practice.

Article by:

Portrait of Thijs van den Hout

Thijs van den Hout

Research Engineer

Cristian Hesselman

Cristian Hesselman

Director SIDN Labs