Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

New-look DNS Workbench

Quickly and effectively test multiple (authoritative) name server implementations

We've comprehensively upgraded and freshened up our DNS Workbench. It had started to look a little jaded, but is now ready for another spell of active service. We've also made the code open source. So this seems like a good time to remind people what the DNS Workbench is and why it remains popular with a select group of (advanced) users.

What is the DNS Workbench?

Several years ago, we were looking for a way of quickly and effectively testing and comparing multiple (authoritative) name server implementations. We didn't only have conventional, obvious settings in mind. After all, they have usually been well implemented and tested by software developers. We were thinking more of 'corner cases' and less commonplace test scenarios. That led to creation of the DNS Workbench, which soon attracted the interest of people outside SIDN. We therefore decided to make the Workbench available as a free on-line service.

The DNS Workbench is an integration of five open-source name server products: BIND9, PowerDNS, Knot, YADIFA and NSD. Each of the name servers acts as primary (master) server for no fewer than 421 zone files automatically generated specifically for the purpose. The zone files can be divided into the following groups:

RR types

Zone files with various RR types, including types that have been declared obsolete and various exotic types, which are rarely encountered in the field, but which name servers may still support. You might like to try the following test:

dig GPOS gpos.types.wb.sidnlabs.nl [@knot.sidnlabs.nl]

The query above concerns the rare GPOS type, and is addressed to the Knot server. To request the much more commonplace AAAA type, the syntax would be:

dig AAAA aaaa.types.wb.sidnlabs.nl [@bind9.sidnlabs.nl]

(to the BIND9-server)

One thing that the experiment shows is that not all name servers support all RR types by default. For example, YADIFA requires conversion to RFC3597 format before it will load the zone file. PowerDNS loads the zone, but the AXFR (zone transfer) process proves problematic. In other words, our tests brought certain bugs to light. YADIFA even crashed with:

dig +tcp ANY delegations.wb.sidnlabs.nl @yadifa.sidnlabs.nl

The bug that caused that crash has now been fixed and we're running an improved version on the Workbench, compiled from the YADIFA source code. Where the other name server software is concerned, we're running the packages supplied with Ubuntu 18.04 for as long as we can.

We offer the zone file with the special RR types in both signed and unsigned form.

Validation tests

This group consists of an extensive 'DNS tree' (called 'bad-dnssec') of zones that feature various types of signing error, which can be used for purposes such as testing DNSSEC validation software.

Illustration: 'ok.ok.ok.bad-dnssec.wb.sidnlabs.nl' is (the only) faultlessly delegated and signed zone in the group. However, the zone 'signotincepted.ok.ok.bad-dnssec.wb.sidnlabs.nl' ends (with the leftmost label) in a delegation that is signed in the future, meaning that the digital signature is not yet valid.

Combinations are also possible. For example, 'signotincepted.nods.ok.bad-dnssec.wb.sidnlabs.nl' is similarly signed in the future, but additionally lacks a parent-zone DS record. The differences can be identified by using DNSviz to examine the latter zone. DNSviz is a very handy debug tool, which can also be tested using the DNS Workbench. The first of the above zones is 'bogus', while the second is actually 'insecure', because its parent zone doesn't contain a DS for it. This experiment provides a range of variations for testing with validating resolvers. From it, we know that most resolvers validate top-down, while some also operate bottom-up, which may have direct consequences for the test scenario described above, for example.

Other errors deliberately included in the 'bad-dnssec' tree are: a digital signature with bogus data, a digital signature that has expired, and a signature set using an unknown, fictitious algorithm.

Delegations

This experiment is intended to test the various (signed) delegation combinations. For example, the zone 'bind9.powerdns.knot.delegations.wb.sidnlabs.nl' is delegated to Knot, which redelegates it to PowerDNS, which in turn redelegates it to BIND9. In other words, the zone is actually held on a BIND9 name server, but a resolver has to go via a Knot server and a PowerDNS server to resolve a domain name. That yields this complex DNSviz visualisation.

Transfers and TSIGs

All the Workbench zone files are publicly available by means of a DNS zone transfer (AXFR). The transfer can be performed with or without TSIG keys (various algorithms), e.g.:

dig axfr ok.bad-dnssec.wb.sidnlabs.nl @nsd4.sidnlabs.nl

or

dig -y "wb_md5:Wu/utSasZUkoeCNku152Zw==" \
axfr ok.bad-dnssec.wb.sidnlabs.nl  @bind9.sidnlabs.nl

Other experiments

Finally, at our users' request, we have added three further zone files. One is a zone file with a CNAME under the APEX, which is not permitted by the standard. Another of the new zone files is designed for NSEC3 opt-out testing.

Suggestions welcome!

Together, the experiments described above enable a wide variety of tests for observing software behaviour and establishing how different tooling handles the various errors deliberately introduced to the DNS zone files.

If you'd like to suggest further refinements, please get in touch! We've already got a few ideas of our own. For example, we'd like to add some more modern signing algorithms such as ECDSA to the test set, plus experiments that focus on IDNs.

If you're already using the Workbench, we'd like to hear from you too. We'd love to know what you use it for, and whether you can think of any improvements that would make it more useful to you.

The Workbench is available from https://workbench.sidnlabs.nl/ and the source code from https://github.com/SIDN/workbench.

Article by:

Marco Davids

Marco Davids

Research engineer