Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

PowerDNS Recursor version 4 supports DNSSEC validation

23 September 2016

With the launch of version 4, the PowerDNS Recursor now also supports DNSSEC validation. The new feature is currently still experimental, but the developers say it works well. "The underlying design philosophy is that legitimate look-ups shouldn't be refused, since that results in sites and services being unavailable to end users."

Validation by the Recursor has been on the agenda for some time, but has had to wait for refinement of the DNSSEC implementation on the PowerDNS authoritative server. Protection against DDoS/amplification attacks has also been a high priority in recent years, leading to development of the dnsdist load balancer, for example.

Because the Netherlands leads the way on the signing of its domain names, but lags behind in terms of validation by internet access providers, SIDN has provided financial support for the implementation of validation on the Recursor. For the same reason, the registry is also working on its own (validating) DNS service, along the lines of Google Public DNS and OpenDNS (now under the Cisco umbrella).

Users

The PowerDNS Recursor is used in the Netherlands by a handful of large ISPs. So, for example, XS4All — which recently switched from BIND named to the PowerDNS server for their authoritative DNS service — is experimenting with the validating PowerDNS Recursor. That is in addition to using Unbound for validation on some of their existing resolvers. Outside the Netherlands, the PowerDNS Recursor is being used by a major telecom service provider in a neighbouring country and by a pan-European cable service provider.

PowerDNS versus Unbound and BIND named

Compared with Unbound and BIND named, the main thing that distinguishes the PowerDNS Recursor is that its developers have taken a very pragmatic approach. "The underlying design philosophy is that legitimate look-ups shouldn't be refused, since that results in sites and services being unavailable to end users", says Senior Engineer Peter van Dijk. "We see avoiding issues as the priority, even if that means that the occasional query gets through despite the DNSSEC chain not being entirely in order."

Such thinking has led the PowerDNS team to different design decisions from those made by the developers of Unbound and BIND. A more academic approach was chosen for Unbound and BIND, following the RFCs as closely as possible. However, all three software packages provide very effective tools. The user can therefore choose the solution that suits them best.

Negative Trust Anchors

In the light of experience, a certain pragmatism has been forced upon Unbound as well. For example, records whose signatures have expired can now be forwarded, as long as the signatures have not exceeded their lifetimes by more than 10 per cent (see the 'val-sig-skew-min' and 'val-sig-skew-max' options).

The PowerDNS Recursor now supports the whitelisting of problematic/bogus addresses — in DNSSEC terms, the addition of Negative Trust Anchors (NTAs, as defined in RFC 7646) — both permanently in the configuration file and temporarily in run-time. The latter option means that, for example, an end user who calls about an unreachable site can be given immediate assistance. A few years ago, when there were far more DNSSEC configuration errors in the .nl zone than now, the cost of handling complaint calls prompted T-Mobile to disable validation for mobile users, after previously supporting it.

RPZ, Lua and Curve25519

Another new feature in version 4 of the PowerDNS Recursor is support for RPZ (Response Policy Zone). The mechanism resembles the DNSBL/RBL protocol, which is used to query Spamhaus Project blacklists, for example. However, whereas DNSBL/RBL returns only a 'yes' or a 'no', RPZ responses can include more detailed information about reputation and policies. Both mechanisms are based on the DNS infrastructure.

In addition, the Recursor's Lua scripting facility now utilises LuaWrapper.

Finally, the makers of PowerDNS hope to enable support for the elliptic curve crypto-algorithm Curve25519 in a future version. That protocol is the basis for DNSCurve, an alternative to DNSSEC devised by Daniel J. Bernstein, which didn't take off. Curve25519 cryptography is currently being standardised by the IETF for use in DNSSEC. Once standardisation is complete, Curve25519 can be added to IANA's DNSSEC algorithm list.

Traditional Dutch product

"We've built up considerable DNS expertise in the Netherlands", says Marco Davids, Research Engineer at SIDN, and we can be proud of that. PowerDNS is a traditional Dutch product that's achieved global prominence purely on the basis of quality: their authoritative name server is a byword. With new developments, such as dnsdist and the new (DNSSEC) features in the Recursor, they are reinforcing their position. We're very happy with the good relations and the popularity of PowerDNS amongst registrars and DNS operators. A lot of them are major, global players. "