Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Resilience of Dutch public services' DNS infrastructure assessed

Findings and recommendations presented in Strategic Advisory Report for policymakers

Flag of the Netherlands
  • Tuesday 28 March 2023

Last week, the National Cyber Security Centre (NCSC) presented the findings of research into the resilience of the DNS infrastructure underpinning Dutch public services. Undertaken for the NCSC by SIDN Labs and the University of Twente, the research involved a metrics study to establish the extent to which DNS service best practices were followed with Dutch government domains.

Although significant improvements can be made in many individual cases, the researchers concluded that the DNS infrastructure supporting the Dutch public services was essentially resilient. The principal recommendations made were that a central secondary government anycast DNS service should be set up, and that resilience should be regularly reviewed.

Dutch DNS research

Portrait photo of Jeroen van der Ham
Associate Professor of Incident Response at the University of Twente

The initiative for the research was taken by the NCSC, who wanted a better picture of best practice use in the DNS infrastructure underpinning Dutch public services. Following major changes to the DNS system over the last decade, including the deployment of DNSSEC, the technical landscape is now stable enough to take stock.

"We have some excellent DNS researchers in the Netherlands," says Jeroen van der Ham, now working at the University of Twente, but Senior Researcher at the NCSC when the study was carried out. "We wanted to use their expertise for this study. That's why we partnered with SIDN Labs and the University of Twente on this project."

The NCSC has its own research cluster, whose main role is aligning research and practice in the field of cybersecurity. The actual research is usually performed by external partners, such as SIDN Labs and the University of Twente in this case. "We also regarded this as an opportunity to get some experience of partnering with SIDN Labs and the University of Twente, and to build up a good working relationship," adds Van der Ham.

DNS is complex

Giovane Moura
Giovane Moura, Data Scientist at SIDN Labs

"Over the last 6 years, we have done a lot of research into the resilience of the DNS infrastructure and published a lot of material on the topic," says Giovane Moura, Data Scientist at SIDN Labs, Assistant Professor at Delft University of Technology and principal researcher on this project. "That culminated in last year's publication of RFC 9199: 'Considerations for Large Authoritative DNS Server Operators'.

"The DNS is complex: the deeper you dive, the more corner cases you come across. At SIDN Labs, we do all sorts of DNS infrastructure measurements ourselves (mainly for the .nl zone), but in this case the actual measurements were largely developed and performed by the University of Twente. The university has a long track record with DNS measurements; they often make presentations at conferences and possess a wide range of technical skills. Partnering with the university on this project was therefore an obvious move. It's also an advantage to have various perspectives on an assignment like this. It generates ideas and gives you the opportunity to bounce your ideas off other people. Our main contribution was analysing the raw data."

Best practices for the DNS infrastructure

Assistant Professor at the University of Twente

The project started with a survey. "Our first step was to make an inventory of DNS infrastructure best practices," recalls Mattijs Jonker, Assistant Professor at the University of Twente. Mattijs was principal researcher on the project, working in tandem with doctoral researcher Raffaele Sommese.

A comprehensive best practice inventory was compiled for the project, including the recommendations of RFC 9199 and numerous supplementary practices. "We then ran our tests on a large number of Dutch government domains listed for us by Logius.

Good resilience

"What we found was that, where most domains were concerned, the resilience recommendations were being followed," says Jonker. "However, we also came across domains at all levels of government that were exposed to readily avoidable potential risks. One common problem is having the primary and secondary DNS servers hosted by the same service provider. Another issue is having the DNS servers directly or indirectly (via a chain) dependent on a single top-level domain (TLD). Both those situations are critical issues, because they both involve a single point of failure (SPoF). If the service provider or the TLD goes down, your domain is completely unreachable. And we're not talking about theoretical possibilities there; things like that do happen in practice." Back in 2016, for example, a DDoS attack took down DNS service provider Dyn [1, 2], effectively cutting off Twitter, Netflix, Spotify, Reddit and others. Although incidents like that cause great damage, serious outages are very rare events.

"Another 2 issues we identified were configuration errors and a low level of anycast adoption. Configuration errors we encountered included a secondary DNS server that's down, typing errors in domain names, and inconsistencies between the name servers specified at one level and those specified at the next. In those cases, we alerted the domain operators in question individually.

Anycast is a technology that involves assigning the same IP address to multiple servers at different locations. The resulting redundancy enables queries to be answered more quickly, while also increasing the resilience of the infrastructure."

Recommendations

On the basis of the survey findings, the researchers made a number of practical recommendations. Top of the list was that a central secondary anycast DNS service should be established for the government. "It's an inexpensive and straightforward way for government organisations to make their DNS infrastructures much more secure," says Van der Ham. "Once an organisation has registered, all it takes is a single click to assure the availability of their services much more effectively."

Asked whether a central anycast service should be used for the primary DNS as well, Van der Ham explains that, as well as being technically challenging, that would introduce political-administrative difficulties. "Centralising primary DNS services is problematic. For one thing, it could distort the market. Also, ministries and municipalities are individually responsible for their infrastructures. So they can arrange for a separate market player to operate a secondary DNS service any time they like." Indeed, a case can be make for suggesting that the market would be enlarged if all registrants used a second, complementary DNS service provider.

Annual inventories

The second principal recommendation is that similar surveys should be carried out regularly, perhaps annually. The reported study would then serve as the baseline for a series of metrics studies, allowing you to see whether a recommendation and the associated policy actually bring about improvement.

"We're talking to Logius and others to identify ways of implementing improvements," Van der Ham continues. "Government bodies are individually responsible for their infrastructures. However, asking Logius to make a secondary DNS service available, maybe in consultation with the Association of Netherlands Municipalities (VNG), seems like an obvious move.

International benchmark

The researchers followed up the main survey for NCSC by performing similar analyses of 3 other datasets relating to government infrastructures in Sweden (.se), Switzerland (.ch) and the United States (.gov). In those countries too, it seems that many government domains don't follow the recommendations for major operators. Although there are notable differences between the countries – for example, only Sweden makes significant use of Microsoft as a non-local provider of DNS for public services, while the Netherlands tends to use TransIP – the findings are broadly similar. The follow-up therefore provides a comparative international benchmark demonstrating that the situation is not substantively different in the Netherlands from elsewhere.

Full details are provided in this paper, which was presented at the 2022 International Conference on Network and Service Management (CNSM 2022) late last year. This spring, the study will also be presented at 'RIPE 86' in Rotterdam.

Strategic Advisory Report

A Dutch-language Strategic Advisory Report has been prepared specially for policymakers in the Netherlands, setting out the study findings and recommendations in lay terms. A (more comprehensive) English-language version of the Advisory Report is available from the NCSC website.