Ten years of SIDN Labs
From weblog to internet security research centre
Chose your color
Frequently visited
Frequently asked questions
The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.
On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.
To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.
To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.
When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.
One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.
Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.
Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.
Domain names
From weblog to internet security research centre
Author: Cristian Hesselman on behalf of the whole SIDN Labs team.
The original blog is in Dutch. This is the English translation.
As well as being .nl's thirty-fifth anniversary and SIDN's twenty-fifth, 2021 is the tenth anniversary of SIDN Labs, set up on 1 December 2011. In this blog we look back on an eventful decade that saw SIDN Labs transformed from a weblog into a centre for applied technical research in the field of internet security. Our key milestones and biggest achievements are highlighted, and we reflect on the approach that's got us where we are today. We end by looking ahead to the next ten years. :-)
SIDN Labs started in early 2011 as a weblog (see Figure 1), with the aim of making SIDN's technical expertise more widely accessible on an informal, interactive basis. Topics addressed in the early days included DNSSEC validation, LDNS, NSEC3 and IETF meeting reports. The blogs were written by colleagues from various SIDN teams, including operations.
Figure 1: SIDN Labs started as a weblog (September 2011).
In December 2011 (hence the timing of this blog ;-)), we shifted the emphasis. SIDN Labs became a programme of collaborative and independent research projects. One of the first was the Privacy & Identity Lab operated with the Radboud University, Tilburg University and TNO, which we helped to kick-start by co-funding three PhD students. Our early independent research projects included '.nl zone profiling' (a pre-Snowden name that we wouldn't choose today), which can now be seen as a precursor to our subsequent data analysis activities. At the same time, we redefined SIDN Labs' purpose. As well as sharing knowledge, we wanted to develop SIDN as an independent authority on internet-related technical and social themes, undertake and participate in research relating to such themes, and contribute to the improvement of SIDN's services. In that period, three colleagues from various SIDN departments devoted some of their time to SIDN Labs projects. We also set up a computer network for experimenting with new technologies and systems. Configured to operate completely separately from SIDN's production systems, the 'lab network' still remains vital to our research. Our decision to draw on various teams for our research personnel was motivated by the desire to promote new knowledge transfer and consolidate project results. Figure 2 lists the research themes we had on our radar at the end of 2011. We continue to work on several of those themes today -- although we weren't able to start work on some until much later, e.g. when new colleagues joined the team, as with the DNS algorithms and visualisations theme that we started on in about 2016 and the future internet theme that we've been researching since late 2018. A few ideas, such as DNS lookalikes and the evolution of user interfaces, have also been discontinued.
Figure 2: SIDN Lab programme themes, as of 1 December 2011.
A further step in SIDN Labs' evolution was taken at the start of 2013, when we became a distinct research team. 'Borrowing' people from other departments proved not to be ideal, because their primary roles inevitably took priority and they struggled to free up enough time for research and experimentation. The first big new topic tackled by the freshly assembled team was DNS big data: promoting the security and resilience of .nl and the internet by analysing large volumes of DNS queries and responses processed by the .nl name servers. That was quite a challenge, because even then the severs were handling about 15,000 queries a second. That's 39 billion queries (and responses) a month, or 60 gigabytes of data per name server, per day. Our solution was to develop an open-source data platform called ENTRADA, for which we simultaneously devised a Privacy Framework. ENTRADA was used to trace domain name abuse (e.g. phishing and botnets) in the .nl zone, and later to help prevent data breaches associated with cancelled domain names and to tackle stability risks in the DNS, for example. We've also used various other measurement tools, such as RIPE Atlas and Verfploeter to identify issues with security and stability in the DNS, as during the DDoS attacks on the DNS root in 2015. Since ENTRADA's creation, the volume of data saved on the system has grown rapidly. The Hadoop cluster we built for ENTRADA now consists of fourteen nodes and records an average of two billion queries and responses a day. Figure 3 shows the 108TB expansion rolled out in December 2016).
At the start of 2017 and the end of 2018, we expanded our activities with two long-haul projects: SPIN and 2STiC.
SPIN is an open-source system for internet edge networks (e.g. home networks), which we developed to increase the security and transparency of the Internet of Things (IoT). The trigger for setting up the project was the major outage that hit DNS operator Dyn in October 2016. Dyn's problems were caused by DDoS attacks mounted using hundreds of thousands of IoT devices infected by the Mirai botnet. SPIN was conceived as a way of preventing such attacks at source by blocking devices that exhibit abnormal network behaviour. SPIN also boosts IoT transparency by enabling users to see what servers their IoT devices communicate with, often invisibly. See the system architecture illustration in Figure 4.
In 2019, router manufacturer Embedd integrated SPIN into its software, and we published a production-grade version for OpenWRT for use by other router manufacturers. We ourselves took SPIN forward as a measurement tool, e.g. for educational use.
At the end of 2018, we teamed up with three universities and four internet operators to start the 2STiC research programme. Our goal was a joint research centre dedicated to the development of new technologies that enhance the reliability of the internet infrastructure. We were motivated by the belief that it is strategically important for the Netherlands and Europe to have expertise in the field, in order to protect the digital autonomy of individuals, organisations and society as a whole. Digital autonomy matters, because the internet is likely to become more and more important to society, for instance by enabling essential services such as smart energy networks, intelligent transport systems, 5G networks and remote-controlled barrages and flood defences. The relevance of the initiative was emphasised by TNO's position paper on Future Network Services, published last month. Using a hands-on approach involving testbeds and experimentation, 2STiC is exploring both internet extensions and clean-slate architectures, such as SCION. Within that model, open programmable networks serve as important enablers. Figure 5 shows the programmable switch in our lab, which is connected to the 2STiC P4 network.
We now have a highly-motivated team of twelve experts dedicated to a single goal: contributing to ongoing improvement of the reliability of the internet's infrastructure, for the benefit of the Netherlands, Europe and the wider world.
We pursue that goal by carrying out pioneering applied technical research in three fields:
Network security: large-scale internet measurements (e.g. using RIPE Atlas and ENTRADA) identify and resolve issues affecting the security and resilience of the internet's core systems (e.g. DNS and NTP).
Domain name and IoT security: developing and evaluating algorithms and tools for detecting and tackling cybercrime that involves the use of domain names and IoT devices, such as phishing, fake webshops, DDoS attacks and data breaches.
Secure future internet: developing and piloting mechanisms for a trustworthy future internet featuring greater digital autonomy for individuals, organisations and society as a whole.
Table 1 lists our main achievements in each field over the last few years. Much of the work in question has been showcased at influential international scientific conferences, such as the Internet Measurement Conference. A full list of publications is available on our website.
Theme | Key-result |
---|---|
Netwerksecurity | DNSSEC roll-over monitor: tools used to monitor .br, .se and .dk during DNSSEC key and algorithm rollovers |
DNS anycast engineering measurements: tools such as Anteater en Anycast2020 and their use by SIDN's operations team | |
Measurements exposing centralisation of the internet infrastructure, including the DNS, NTP, IXP vendors, CAs; | |
Monitoring of security incidents, such as the DDoS attack on the DNS root in 2015 and the tsuNAME vulnerability | |
Time.nl, our NTP service for the internet community, and its use by SIDN and many others | |
Domain name and IoT security | Algorithms for fighting cybercrime, used by SIDN, e.g. for reducing fake webshops, detectiing potential data breaches and SIDN BrandGuard |
Data storage and retrieval systems ENTRADA (passive DNS measurements) and DMAP (crawler) used by SIDN with privacy-by-design approach | |
Tools to help our support team tackle cybercrime, such as DEX and COMAR | |
Large-scale measurement study of cyber crimi in gTLDs, as input for evaluation of ICANNs new gTLD programme | |
Tools for increasing the security and transparency of the IoT, such as SPIN and DRR | |
Secure future internet | The Responsible Internet a vision of the internet of the future, developed jointly with our research partners |
Our P4-implementatie van SCION, a potential architecture for realisation of the Responsible Internet | |
CATRIN, a research project jointly developed with universities and industrial partners, for which an NWO grant of 1.9 million euros was obtained to develop a prototype of the Responsible Internet |
Table 1. Key results from recent years.
With the release of SPIN v1.0 in October 2021, we passed the IoT security baton to the internet community, so that we can focus more on domain name security and the secure future internet. We nevertheless continue to support SPIN, e.g. for educational purposes.
Figure 6 visualises the topics we've blogged about since 2015. Each node represents one of the seven most prominent words in our blogs (as identified using TF-IDF). The size of a node reflects the number of blogs in which the corresponding word was prominent. The thickness of the lines connecting the notes reflects the extent to which the relevant terms were used in conjunction. Popular topics have included DNS, DDoS, anycast, internet, IoT, domain and SCION. It seems we do indeed write a lot about internet infrastructure! :-)
Figure 6: Visualisation of our blogs since 2015 (click through, takes about ten seconds to load).
Our evolution from a weblog to an expertise centre was achieved on the basis of five working principles. We are pleased to share them so that other organisations can make use of them for developing their own research teams (preferably, of course, in line with our first principle ;-))
Open, generic results: we make our results (e.g. software and papers) public and generally applicable, so that they can be used to improve internet security by others as well. For example, ENTRADA is used by the registries for .nz, .be and .ch, while br, .se and .dk use our DNSSEC tools to monitor their key and algorithm rollovers. Our results are also used within SIDN, as with tools such as Anteater (used by our operations team) and DEX (used by our support team). We opted for an open and generic approach because it is consistent with SIDN's public role and the responsibility of a ccTLD operator to serve the community.
Collaboration: we work closely with the academic world and the operational community so that expertise and resources can be combined to maximise impact. For example, the 2STiC programme brings together experts from the academic and operational worlds to undertake research on future internet infrastructures. The universities involved (University of Twente, University of Amsterdam and Delft University of Technology) focus mainly on developing new knowledge in their specialist fields (e.g. internet measurements and open programmable networks), while the operators (SURF, AMS-IX, NDIX, NLnet Labs and SIDN) provide testbeds, operational expertise and so on.
Experimentation: we study internet security and stability by performing large-scale measurements and we experiment with new systems by developing prototypes (e.g. DRR), running focused pilots (e.g. for the detection of fake webshops) and operating testbeds (e.g. the DDoS Clearing House). A lab network that is completely isolated from SIDN's production systems plays a vital part in such work, enabling research and operations to each proceed at their own speed. We focus on the lower technology readiness levels (TRLs), between roughly TRL2 and TRL6, and we accept that projects may fail.
Long-term projects: we're willing to do projects with long time horizons, e.g. because they require major infrastructural changes, as with SPIN for IoT devices and router modifications for the Responsible Internet and SCION. SIDN allocates financial resources to such projects because it believes that contributing to continuity in fields of strategic importance for the Netherlands and Europe, such as digital autonomy, is consistent with its public role. It is often harder for universities to do that, because they typically operate on the basis of a four-year funding cycle.
Intersectoral expertise: while the skillsets of some of our team members have an academic bias, others lean towards the operational or engineering side, or are more intermediate. As a whole, the team therefore occupies a position -- and functions as a bridge -- between the academic and operational communities. Every team member has their own (international) network, and their finger on the pulse of topical social and technical issues in their field. Each of them works on two themes simultaneously, to provide diversity and promote the cross-fertilisation of ideas. We also have a flat organisational structure, with management only facilitating and providing high-level guidance. We encourage students to do their MSc theses with us to our mutual benefit.
While our tenth anniversary is a good moment to look back, it's also a good moment to look ahead. In the coming years, we plan to address topics that increase trust in the internet so that individual, commercial and institutional users can confidently increase their reliance on it, even for safety-critical applications such as intelligent transport systems. In that context, one of the challenges is to increase the internet's 'responsibility', a characteristic that is also relevant for other layers of our digital infrastructure, such as apps, operating systems and storage systems (see Figure 7). We are helping to make the internet more responsible through our work on internet infrastructure security (top two rows in Table 1) and our more recent work on the Responsible Internet, aimed at promoting infrastructural transparency and empowering users (bottom row in Table 1). By doing so, we hope to contribute to turning the tide of waning individual, organisational and social digital autonomy, which is an urgent social problem. Working in tandem with SIDN Fund, we also intend to address major internet-related problems at higher levels of the digital infrastructure, such as black box algorithms, diminishing data autonomy (as with data for user identification) and generic data exchanges (e.g. involving security data), disinformation and the consolidation of public values. SIDN Labs will concentrate mainly on the internet infrastructure, while SIDN Fund tackles end user issues.
Figure 7: Challenges to the digital infrastructure (vertical) and the various layers of that infrastructure (horizontal). From: "Future Computer Systems and Networking Research in the Netherlands: A Manifesto", October 2021.
As indicated in Figure 7, one of the challenges ahead is ensuring that the internet remains manageable despite its increasing size and complexity. Systems that manage networks and services on a semi-automatic basis have great potential in that regard. For example, machine learning algorithms can help operations teams dynamically activate and deactivate virtualised name servers in line with DNS traffic volumes and anycast catchments (see also our vision of the registry of the future). We have already developed a testbed for such algorithms, and we plan to start experimenting next year. On the organisational front, we're planning to start working with an external consultation group to provide additional feedback on our research directions and methods. The idea is for the group to be made up of independent experts from academia and the internet industry.
Finally, the road from weblog to expertise centre could never have been traversed without a close team whose members pull together professionally and enjoy hanging out together, whether it's around the canteen football table or at the ice rink (Figure 8).
The achievements of the last decade also owe much to various former colleagues, MSc students and research partners. We would therefore like to thank the following for their contributions and collaboration:
Former colleagues João Ceron, Joeri de Ruiter, Victor Reijs, Ricardo de Oliveira Schmidt, Antoin Verschuren and Miek Gieben
MSc students Christian Scholten, Thijs van den Hout, Erwin Janssen, Robin de Heer, Joost Prins, Metin Açıkalın, Thijs Brands, Caspar Schutijser, Mick Cox, Sjors Haanen, Jan Harm Kuipers, Maarten Aertsen, Lars Bade, Xander Lammertink, Auke Zwaan and Moritz Müller
Our partners, including AFNIC, AMS-IX, Argeweb, CAIDA, ETH Zürich, Grenoble Alps University, ICANN, InternetNZ, NCSC, NBIP, NDIX, Dutch Payments Association, NLnet Labs, OpenProvider, the Dutch government, Radboud University, Realtime Register, SURF, Delft University of Technology, Thuiswinkel Waarborg, University of Twente, University of Amsterdam, University of California, University of San Diego, University of Southern California, University of Passo Fundo, University of Zurich.
On to 2031! :-)
Article by:
Share this article