Registry locks: great potential but little current demand

About 150 .nl domain names now secured with .nl Control

Last month, European registrars and registries met in Brussels at the annual CENTR Registrar Day to discuss a number of topical issues. One was development of the domain name 'registry lock', which we offer under the product name .nl Control. Within the world of domain names, opinion on registry locks differs sharply. At the Registrar Day, there was considerable comment on the subject, which has a very low profile in the wider community, despite the fact that locks are potentially vital for securing valuable domain names.

What is a registry lock?

A domain name is a small but essential part of many (online) business operations. Without domain names, big webshops would be unfindable and business e-mail wouldn't function. If a domain name isn't working -- because, say, cybercrooks are trying to hijack it -- the cost to its owner can be huge. That's why the domain name world has for many years used 'locks': software rules that prevent changes to a domain name's registration unless certain criteria are met. The most restrictive form of lock is a registry lock, where a zone's operator (e.g. SIDN for .nl) places a limitation on a domain name. With a registry lock in place, a registration can't be changed unless the registrant gives the registry approval. Otherwise, even the hoster or registrar can't make updates independently.

When is a registry lock appropriate?

It follows that a registry lock isn't desirable for all domain names. In fact, it's often positively undesirable. The administrative workload and the delay getting updates made mean that, for most domain names, the drawbacks outweigh the benefits. However, some domain names are so crucial to a business operation that even a brief hijack could cost millions. Just imagine the implications of a hacker grabbing control of a domain belonging to, say, a bank, government department or search engine. Back in 2015, for example, Google's Vietnamese domain name was seized, meaning that millions of people were briefly unable to use the search engine. Google is an exceptional case, you might think. But globally there are millions of domain names whose registrants can't afford to be without them. About 1 per cent of all names are estimated to come under that heading. That means tens of thousands in the Netherlands. Another situation where a registry lock is desirable is where a domain name is itself very valuable. A domain name matching a common generic search term for example. Names like that are often targeted by hijackers too.

Registry locks are controversial

Despite the arguments in favour, registry locks aren't popular within the domain name industry. Even though they're offered by nearly all big registries, including SIDN, Affilias and Verisign. The reason being that a registry lock protects against all hacks, including the hacking of a hoster or registrar. By offering registry locks to customers, a registrar is effectively implying that its own systems are not entirely secure against hacking. Another problem is the lack of good (international) e-IDs. We have eHerkenning in the Netherlands, but that's only just starting to gather momentum as a business eID . And, without an e-ID system that everyone's at home with, old-fashioned paperwork is the only way of verifying a customer's identify in order to set up a registry lock. Paperwork obviously creates work and takes time, with inevitable cost implications. Lack of standardisation is an issue for the industry as well. A .com lock doesn't work the same as a .nl lock, so things can get complex for an international company with multiple domains. Standardisation was a particular point of debate between registries and registrars at the CENTR Registrar Day: why can't the national registries get together and agree on a uniform registry lock?

Demand is growing slowly

Although only about 150 .nl domain names are currently secured using .nl Control, demand for registry locks is rising, especially amongst big businesses. As cybersecurity awareness grows and the value of a domain name is recognised more widely, the business community is coming to see an unprotected name as a vulnerability. It's also increasingly common for a domain name to be pledged as collateral for a business loan. And the desire to make sure that a pledged domain name is completely secure is understandably strong. The rise of electronic IDs, such as eHerkenning, is also significant. By reducing the administrative burden associated with a registry lock, e-IDs are lowering the threshold to getting a name locked. It comes as no surprise, therefore, that various national registries represented in Brussels announced plans to introduce locks or to expand their existing services. Read more about our registry lock, .nl Control.


  • Monday 25 February 2019


    Programming careers for refugees


    HackYourFuture gives new arrivals the tools to enter the labour market

    Read more
  • Friday 19 April 2019

    Internet security

    Major data breach at youth services organisation could have been prevented


    Others warned about the risk posed by cancelled domain names

    Read more
  • Monday 17 December 2018


    IDnext and SIDN intensify collaboration


    Joint IDnext event will promote innovation in the field of digital identification

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.