Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

SIDN Labs annual review 2022

A report of our results of the (almost) past year

Authors: SIDN Labs team

The original blog is in Dutch. This is the English translation.

In this end-of-year blog, we present a round-up of the most satisfying results we achieved in 2022 and preview a few of the things we've got planned for 2023. The blog starts with a brief reminder of our research themes. As always, your feedback and collaboration ideas are very welcome.

Our research themes

SIDN Labs' aim is to contribute to ongoing improvement of the security of the internet's infrastructure, thus enabling it to meet the increasing expectations of our digital society. We pursue that aim by undertaking applied technical research that connects the academic and operational worlds. We work with both the short term and the long term in mind, and a particular focus on .nl and the Netherlands.

The 3 themes we cover are:

  • Domain name security: increasing our understanding of domain names used for malicious purposes (e.g. fake webshops and phishing) in order to continue improving anti-abuse activities. In that context, for example, we regularly measure the (security) characteristics of all 6.3 million .nl domain names with our DMAP crawler and use ENTRADA to analyse the DNS queries processed by our .nl name servers. We develop tools and algorithms that enable us to identify potentially malicious domain names, to alert registrants and registrars, and to collaborate with themon countermeasures.

  • Infrastructure security: increasing our understanding of the internet infrastructure, as a basis for improving its development and management. Examples of the work we do in connection with this theme include large-scale measurement studies of the Domain Name System (DNS) and the internet's routing and time systems. We develop systems and best practices for the management and development of DNS infrastructures (e.g. through their partial virtualisation, and new forms of anycast management) and NTP systems. In 2023, we will turn our attention to routing security as well (see Outlook for 2023).

  • Emerging internet technologies: contributing to fundamental improvements to the internet infrastructure, such as alternative routing systems (e.g. based on the security or energy characteristics of networks), new security concepts (e.g. network scopes or the 'agile' adaptation of security algorithms) and new internet properties (e.g. transparency, in-network data processing and the coexistence of multiple addressing and routing systems). Our work on this theme is inspired by, for example, clean-slate systems such as SCION and the Extensible Internet. In connection with such long-term developments, our current focus areas are the verification of inter-domain network paths and the smooth introduction of new (quantum-secure) crypto-algorithms.

Our research themes and the associated projects are defined in close collaboration with universities, other research labs and internet infrastructure operators (e.g. in 2STiC). We also continually assess the quality and relevance of our work through peer-reviewed papers, blogs and presentations, and contributions to internet forums such as the IETF, RIPE and ICANN.

Results in the field of domain name security

Spotting suspect registrations with Registration Checker (RegCheck)

RegCheck is a system that we developed with a view to identifying suspect domain names (e.g. names for phishing sites) at the time of registration. The identification of suspicious registrations enables the SIDN Support team to adopt an even more proactive approach, such as immediately seeking to verify the registrant data. RegCheck also dovetails with the forthcoming European NIS2 Directive, which is likely to require registries to monitor domain name registrations more closely.

Having experimented with various algorithms over the last year, we've been using a prototype since August that calculates a risk score for all new domain name registrations. SIDN's Support team manually investigates registrations with high-risk scores, undertakes appropriate action (e.g. verifying the identity of the registrant or contacting the registrar), and provides us with feedback to facilitate evaluation of the system.

In October, we presented RegCheck to about 100 people in one of the parallel sessions at the ONE Conference, the most important cybersecurity conference in the Netherlands. Plans are also in place for collaboration with our colleagues at DNS Belgium (the registry for Belgium's .be domain).

Flagging up potential data breaches linked to cancelled .nl domain names

LEMMINGS (deLetEd doMain MaIl warNinG System) is our system for alerting former registrants whose recently cancelled .nl domain names appear to still be attracting e-mail traffic. The system has been developed to prevent data breaches that can occur if a domain name is cancelled and then re-registered by someone else, with the result that sensitive mail meant for the old registrant potentially reaches the new registrant. In recent years, that scenario has led to data breaches at both the Utrecht Youth Services Agency and the Dutch police.

In April, we made LEMMINGS available for the entire .nl zone, and the system now protects 97.3 per cent of all .nl domain names (4 registrars opted out of the system). In the period up to and including 7 December, we sent alerts regarding more than 48,000 domain names. We also developed a new version of LEMMINGS, which asks the recipients of alerts to complete a short online questionnaire, to help us monitor the impact and effectiveness of LEMMINGS. The progress made this year built on 2 pilots that we ran in 2021.

LogoMotive in SIDN BrandGuard

LogoMotive is a system that uses machine learning to detect and track the use of authoritative logos (e.g. the Dutch national government logo) on .nl websites. It's employed by SIDN's anti-abuse analysts to facilitate the identification of malicious .nl domain names, such as names linked to phishing sites where official logos are used to mislead people.

This year, we helped our ICT colleagues to integrate LogoMotive into SIDN BrandGuard. The new logo detection functionality was made available to BrandGuard subscribers in the autumn. We had previously developed and evaluated LogoMotive in two pilot projects, one in collaboration with the national government, the other with the operator of a webshop trust mark scheme called Thuiswinkel Waarborg. Our research in this field is now complete.

In a related development, we led a workshop devoted to the operationalisation of machine learning at the Network Traffic Measurement and Analysis (TMA2022) conference. At the workshop, the identification of suspect .nl registrations (one of our research focuses; see RegCheck) was used as an example. The workshop attracted about 50 PhD students.

New statistics

We reorganised our statistics site stats.sidnlabs.nl this year. On the site, we publish continuously updated data on the use and security of .nl domain names and the Dutch part of the internet. Over the last 12 months, we've added a number of new graphs and visualisations, including word clouds showing the popularity of words used in new domain name registrations. The word clouds highlight developments such as the impact of the coronavirus pandemic on .nl registrations.

In 2022, we also published our report The state of .nl, written on the basis of continuous and ad-hoc measurements of the .nl domain.One of the issues highlighted was the potentially problematic effect of centralisation within the .nl domain. Reliance on a small number of public recursive resolvers is growing, for example. In addition, 48 per cent of all active .nl domains are now hosted by just 3 big companies.

Results in the field of infrastructure security

ICANN study: measuring the DNSSEC rollout

In summer 2021, in response to a call for proposals, we teamed up with NLnet Labs to win an ICANN commission to investigate how ICANN could improve monitoring of the DNSSEC rollout.

The research was completed in August 2022, leading to a final report in which we made 3 recommendations regarding DNSSEC rollout measurement. First, we advised measuring DNS requests for DNSSEC-enabled domain names, rather than merely counting signed domain names. Quantifying DNS requests would provide a more realistic picture of how the rollout is progressing. Second, we proposed placing more emphasis on good DNSSEC practices, such as using secure, modern signing algorithms. Our final recommendation was to establish how well prepared various components and players are for migration to cryptographic algorithms capable of resisting attack by future quantum computers.

Hadoop Provisioning Manager deployed

We developed the Hadoop Provisioning Manager (HPM) and started using it for our Hadoop cluster. We had previously been able to use Cloudera Hadoop without paying licence fees. However, Cloudera announced the introduction of a new licensing model with the next upgrade, which would have meant us paying fees of about 150k/year for our relatively small 14-server Hadoop cluster. Preferring to spend that money on research, we decided to develop our own solution.

The source code of the HPM is open , meaning it's available for use by other researchers as well. Since the HPM was first deployed in May, the software has also been refined in line with experience.

Draft accepted as RFC 9199

Within the IETF, the Internet Draft that we wrote making engineering recommendations for DNS operators was given RFC status, as RFC 9199. The document is based on the DNS measurements made and measurement methods we developed over the last 6 years in partnership with the Information Sciences Institute at the University of Southern California.

Measuring the reliability of the Dutch government's DNS infrastructure

At the request of the National Cyber Security Centre (NCSC), we investigated the reliability of the government's DNS infrastructure in partnership with the University of Twente (UT). The project drew on our experience with large-scale internet measurements and methods.

At the conclusion, we collaborated with the NCSC and the UT to produce an academic article, describing the reliability of the Dutch government's DNS infrastructure and comparing it with those of the Swedish, Swiss and US governments. The management report on which the article is based will appear next year.

.nl's anycast service based on the SIDN Labs anycast testbed

At SIDN Labs, we have an anycast testbed for research aimed at maximising the flexibility and effectiveness of anycast network design and management, including the development of tools (e.g. the BGP Tuner) and the optimisation of DNS traffic flows. The testbed makes use of (virtual) DNS machines operated by cloud service providers.

In April, SIDN's DNS operations team deployed its own production DNS anycast service for .nl, .politie, .aw and .amsterdam, based on our testbed. We subsequently redesigned and increased the automation of our testbed to make testing more flexible and uniform. As a result, the testbed is now more suitable for future projects, such as research aimed at providing our DNS team with automated advice on the location of new nodes based on BGP catchment data (see Autocast under Outlook for 2023).

TimeNL version 2 now available

TimeNL is our millisecond-accurate public time service. As well as supporting SIDN's own services (e.g. in connection with DNSSEC), TimeNL fulfils 'internet time' requests from systems that require accurate synchronisation for purposes such as issuing and verifying digital certificates, and time-based login applications such as OAuth. By June 2022, TimeNL had handled 7.2 billion NTP queries from 158 million globally distributed unique clients, across 52,000 different networks.

In April, we released TimeNL version 2 (TimeNLv2), an even more reliable service thanks to the addition of a Rubidium atomic clock. This 'holdover clock' assures the availability of extremely accurate time signals for six to twelve months in the event of an outage affecting the external reference clocks (e.g. GPS and DCF077). Such an outage could occur as a result of radio signal jamming or physical damage to the radio transmitters, for instance due to extreme weather or a geopolitical incident. TimeNLv2 uses the Precision Time Protocol (PTP) for synchronisation between the radio-based clocks, the holdover clocks and 'front-end' clocks that can serve numerous clients simultaneously.

TimeNLv2 also reinforces the security and stability of SIDN's services by providing them with reliable, precise time signals.

DDoS Clearing House

The DDoS Clearing House is a platform for essential and other service providers (e.g. banks, ISPs and government bodies) to share information about incoming DDoS attacks with each other in the form of 'DDoS fingerprints'. Recipients can then use the fingerprint data to inform their own defensive preparations.

In September, we organised a workshop in Utrecht devoted to collective anti-DDoS activities. The aim was to discuss progress and issues in this field and to reinforce the anti-DDoS community. Attended by 35 Dutch and non-Dutch experts from the operational and research worlds, the workshop was very well received.

We also organised an interactive demonstration of the DDoS Clearing House testbed at the CONCORDIA Open Door Event in Munich, attended by about 50 visitors. As part of the demonstration, we showed how the Clearing House interacts with other components of the CONCORDIA Threat Intelligence Platform. We'll also be using the DDoS testbed for small-scale DDoS drills within the Dutch Anti-DDoS Coalition.

Results in the field of emerging internet technologies

How the internet works under the hood: PathVis

In 2022, we developed the Path Visualizer (PathVis), a system that provides visual information about the networks that the user's data passes through as it travels across the internet. Every connection made by the computer on which PathVis is running is visualised. The intention is to provide people from less technical backgrounds with insight into how the internet works 'under the hood' and to suggest what a more transparent internet might look like.

PathVis makes use of traceroute, a measurement tool that forms a standard feature of all internet systems. PathVis enriches the traceroute data with information about the networks on the data path, such as whether they support routing security (RPKI). PathVis also alerts the user when a path changes, which often happens for legitimate reasons, but is sometimes the consequence of a targeted attack (e.g. a routing hijack). That's done using a tool called Router Spaghetti, which we developed to enable a 'spaghetti' of virtual routers to be connected in various ways and dynamically reconfigured. That allows us to simulate the inclusion of a 'new' router or network on a path, which PathVis then detects and visualises.

We demonstrated PathVis at the ICT Open congress, at SIGCOMM and at the ECP Annual Festival to obtain feedback and promote discussion of the concept of a more transparent internet. We made PathVis available on an open-source basis, and will do the same with Router Spaghetti in due course.

Intent-Based Networking demo

In partnership with the University of Amsterdam (UvA), we developed a demo to show how end users can influence the network paths taken by their data as it travels across the internet. The demo utilised the concept of Intent-Based Networking, with an illustrative scenario where the end user was able to specify network path criteria (e.g. network jurisdiction and the type of equipment deployed) via a chatbot.

In November, our UvA colleagues took the demo to the SuperComputing conference. The paper that we and UvA authored together won the best paper award at the workshop Innovating the Network for Data-Intensive Science.

Connecting test networks

We operationalised our fibre-optic connection to the 2STiC testbed and connected the 2STiC P4 testbed to SCIONLab. The connections facilitate experiments that require the use of both testbeds, such as for testing sophisticated multi-domain scenarios. We also collaborated with the UvA on development of a system that makes it easier for researchers to experiment with the 2STiC testbed.

Community service

Contributions to expert bodies

Last year, our colleague Moritz Müller was elected co-chair of the RIPE community's DNS working group, Thymen Wabeke sat on the editorial panel of the journal Privacy & Informatie and Jelte Jansen served as a member of SIDN Fund's Advisory Panel. After more than 5 years' service as a member of ICANN's Security and Stability Advisory Committee (SSAC), Cristian Hesselman stepped down from the role.

Embedded SIDN Labs researchers

Giovane Moura was appointed Assistant Professor at the Delft University of Technology, where he now works 1 day a week on detachment from SIDN. Under similar constructions, Ralph Koning took on the role of guest researcher at the University of Amsterdam, Moritz Müller became guest researcher at the University of Twente and Cristian Hesselman assumed a professorship at the University of Twente. Moritz additionally spent the period March to June working as a guest researcher at the Swedish Internet Foundation (the registry for .se).

Educational contributions

For the fifth successive year, we taught the course Security Services for the IoT (SSI) at the University of Twente. The course introduces technical master's students to the security challenges posed by the Internet of Things (IoT), for example by means of a practical in which they measure the network behaviour of IoT devices (e.g. a smart doorbell). This year's 23 SSI students gave the course a satisfaction score of 8.6 out of 10. We also taught the course Advanced Networking (ANET), which covers topics such as programmable networks (e.g. via P4), routing security and internet architecture. The course attracted only 7 participants this year, who rated it 7.8 out of 10. We additionally gave 4 guest lectures, at the UvA and elsewhere.

MSc thesis supervision

We supervised 4 students who undertook MSc thesis research at SIDN Labs (3 from the University of Twente, 1 from Delft University of Technology). Their reports are published on our website.

Organisation of workshops

We organised this year's Passive and Active Measurement Conference (PAM2022) and the First CONCORDIA Workshop on Collaborative DDoS Mitigation.

Outlook for 2023

Some of our plans for 2023 involve building on this year's results (e.g. 'RegCheck4CENTR'). We will also be starting a number of new projects (e.g. 'Autocast' and 'Quantum-safe DNS'). Our plans for each research theme are outlined below.

Domain name security

  • RegCheck4CENTR. Like various other CENTR members, including Switch and EURid, SIDN Labs and DNS Belgium are each developing their own methods for the detection of malicious domain name registrations. That insular approach to development implies the duplication of work and a missed opportunity to learn from each other's methods and processes. In 2023, we therefore intend to collaborate with DNS Belgium on the development and evaluation of methods for identifying suspect domain name registrations. Our ultimate goal is to define a standardised approach (blueprint) and make it available to the CENTR community in order to help all ccTLD registries in Europe to detect such registrations. The project will also involve internal partnership with SIDN's Support team.

  • Security.txt adoption. Security.txt is a text file detailing an organisation's security contacts (see e.g. https://sidn.nl/.well-known/security.txt). Publication of a security.txt file makes it easier for security investigators to report breaches ('responsible disclosure'), so that organisations are promptly made aware of digital vulnerabilities in their networks and information systems. Having been standardised by the IETF in April 2022 (RFC9116), security.txt is now being strongly promoted by the Dutch government. It has yet to really catch on, however. We are therefore monitoring uptake of the standard with our DMAP crawler, for example with a view to measuring the effect of the government's publicity campaign and the levels of uptake in individual sectors. Partners: DTC/MINEZK.

  • Simplifying the use of DNS data for machine learning. We often use our ENTRADA DNS platform to analyse the DNS queries processed by the .nl name servers. One problem associated with such work is that the huge volume of the data involved (billions of queries from thousands of resolvers), coupled with its complexity in raw form, are obstacles to use of the data in machine learning applications. We therefore conceived this project with a view to lowering the threshold to the use of DNS data in data analyses, so that, for example, the traffic associated with a domain name can easily be used for abuse detection. To that end, we are summarising the DNS queries in ENTRADA to form 'prototype vectors' for each domain name and resolver. The underlying technology (representation learning) has already proven its worth in fields such as text analysis, but its use with DNS data is new.

Infrastructure security

  • Autocast. Anycast boosts the resilience and performance of the DNS, but also increases the number of systems that a DNS operator such as SIDN has to manage and monitor. In the Automating Anycast (Autocast) project, we'll therefore be investigating the scope for automation. Our hypothesis is that automation could be possible by, for example, developing a system that uses machine learning algorithms and measured data on network traffic changes to make recommendations about enabling and disabling anycast nodes. Our initial focus will be on management of SIDN's DNS infrastructure, but we anticipate that the results will be relevant for other DNS operators as well. Our partner is SIDN's OPS team.

  • TimeNET pilot. Time services often rely on time signals from external radio sources (e.g. GPS or Galileo signals), and are consequently vulnerable to signal outages (e.g. due to jamming or physical damage to the sources). Our TimeNET project will therefore focus on development of a European time network that uses time sources such as TimeNLv2, which have built-in atomic clocks that enable them to go on providing an accurate service for a prolonged period even if external radio signals fail. TimeNET sources distribute time signals using PTP over a layer 2 network, enabling network operators to provide NTP ‘as a service’ to their customers, for example. We plan to run a pilot with the NL-ix internet exchange and possibly other interested partners.

  • BGPsec testbed. BGPsec is a technology designed to protect the internet's routing system against routing hijacks and other threats, thus preventing (large-scale) outages. However, BGPsec is still under development, has yet to be deployed in practice, and is clearly more complex than complementary technologies such as RPKI. We will therefore be creating a BGPsec testbed to acquire a better understanding of BGPsec (e.g. performance and adoption possibilities) and to pave the way for further research. BGPsec is an extension to the BGP protocol, which underpins the internet's routing system. Partners: University of Twente, TUCCR.

Emerging internet technologies

  • Autonomous System Information Service (ASIS). Internet users often have no insight into their 'communication supply chains', because the internet offers no reliable way of establishing which networks their data passes through, or the extent to which those networks meet the user's security and privacy requirements. We see that primarily as a problem for future 'cyber-physical' systems such as transport and energy networks. We therefore intend to develop and evaluate the ASIS, which will enable network operators to share verified data about their networks. We envisage the shared information covering matters such as jurisdictions, data legislation conformity, security level and registered operator location. Partners: 2STiC.

  • Quantum-safe DNS. The NCSC estimates that, by between 2030 and 2040, quantum computers will be sufficiently powerful to crack the encryption currently used in internet protocols, fatally undermining the internet's security model. We therefore intend to establish a test network for experimenting with DNSSEC in combination with existing implementations of 'quantum-safe' algorithms (i.e. algorithms resistant to cracking by future quantum computers), such as NIST algorithms. We will also consider how the DNS needs to be adapted in order to work with quantum-safe algorithms and, conversely, what criteria such algorithms must fulfil to be suitable for DNS use. Partners: SIDN's operations Team, University of Twente, Radboud Universiteit and NLnet Labs.

  • Path-aware networking. Users have little control over the paths via which their data is transported across the internet to its destination. In this project, we therefore plan to build a demo showing how control could be exercised in a browser, with the browser confirming use of selected paths. Our hypothesis is that such functionality would be useful for applications such as 'geofencing' (keeping traffic within a given geographical region) or path selection on the basis of network properties. Because the internet does not offer such functionalities, we intend to use the SCION protocol and the experimental SCION extension to the Brave browser.

Got feedback or a collaboration idea? Drop us a line!

As you'll have gathered, 2022 at SIDN Labs has been another year packed with interesting research projects, many of them run in partnership with other researchers. Is there anything you'd like to collaborate with us on? Got any feedback on our work? Fancy doing your MSc thesis at SIDN Labs? We'd love to hear from you! Drop a line to sidnlabs@sidn.nl or DM us at @sidnlabs of @SIDNlabs@mstdn.social.

Best wishes for the festive period from the whole team at SIDN Labs!

Article by:

Cristian Hesselman

Cristian Hesselman

Director SIDN Labs