I am looking for a domain name registrant. Where can I look it up?
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
I would like to transfer my domain name to another registrar. What is the procedure?
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
The details registered about me/my company are incorrect or out of date. How can I get them updated?
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
Why is my domain name in quarantine?
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
What conditions do I have to meet as a registrar?
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
SIDN Labs' public NTP service has been upgraded: TimeNL now has an NTS server. NTS stands for Network Time Security, a new standard that's being developed. Only a few NTS systems are currently operating around the world. But we've recently boosted the number by adding our own experimental server (https://nts.time.nl) to the park. We'll be carrying out extensive tests with the new server, and the wider internet community is invited to make use of it as well. This blog post explains the background. If you're new to this field, please note that, while the abbreviations are easily confused, NTP and NTS are very different technologies.
The importance of accurate time measurement and synchronisation
In July 2019, we wrote about the launch of TimeNL, our public NTP service. We explained the importance of good time synchronisation and how our NTP service can contribute. However, as well as being a 'production platform' that's free for everyone to use, TimeNL is a research project.
One line of research involves looking at the new NTS security extension, because the existing NTP (version 4 of the protocol originally introduced in 1981) has certain vulnerabilities. With NTP, a client and a server exchange a series of UDP queries and responses. However, the system can be abused. For example, it's fairly easy to falsify the sender addresses in UDP packets. Packet contents can also be manipulated by a 'man-in-the-middle' (MitM) attack, so that the client receives incorrect information.
Being aware of the issues, the NTP Working Group at the IETF has gradually extended the protocol to include authentication procedures, for example. First came an extension based on symmetrical keys, then one based on the Autokey functionality, utilising public/private certificate pairs. While symmetrical key authentication may be secure, it's also cumbersome. It necessitates the prior exchange of shared keys via a separate channel, and therefore introduces an additional administrative burden. Autokey was therefore developed to get around that problem. Unfortunately, though, Autokey turned out to be less secure than expected and its use was later discouraged.
Network Time Security (NTS)
Any protocol intended for mass use needs to be user-friendly and reliable. And the extensions mentioned above don't tick those boxes. Over the last few years, the IETF's NTP Working Group has therefore been developing a new extension to replace the two earlier extensions. The new extension is now ready, but awaiting ratification. So how, in general terms, does NTS work?
NTS is essentially a two-stage technology. First, the client establishes a TCP connection with the NTS server. A conventional handshake procedure is followed to realise an encrypted TLS connection. Using that connection, parameters (in the form of 'NTS records') are then sent from the server to the client. The exchanged NTS records stipulate which 'AEAD algorithm' the NTP server has to use, for example. As part of the exchange, the server also sends eight unique cookies to the client, for use as key material in the second stage. Because everything is done using TLS, the interaction is secure.
In stage 2, the client accesses the NTP server on a conventional 'stateless' basis using UDP. However, the integrity of the NTP packets is now assured using the AEAD algorithm agreed in stage 1. The single-use cookies are exchanged using the extension fields provided for in the NTP protocol, enabling the server to check that it's dealing with a legitimate client. The NTP server's responses include new cookies, so that stage 1 doesn't constantly have to be repeated.
NTS therefore makes the NTP query-response exchange secure. For more detailed information, see the following blog posts on Webernetz.net:
Although there are now several NTS software implementations, there are relatively few operating NTS servers on the internet. For that and other reasons, we decided to set up our own. The move has been welcomed by, for example, the makers of an NTS client written in the Go programming language.
Our experimental server, which is based on NTPsec, will provide us with a clear understanding of how the NTS protocol is developing. Indeed, it's already delivering results. Following the service launch announcement via our mailing list, Cloudflare contacted us to say that the software used for time.cloudflare.com didn't work with our NTS server. That prompted a detailed analysis by SIDN Labs, leading to the identification of an interoperability problem. A fix was developed and made available to Cloudflare as a simple patch. As a result, Cloudflare's software now works smoothly with NTPsec.
