What Is IDN Punycode and How International Domain Names Work

When you see a domain name in Arabic, Chinese, or any non-Latin script, your browser converts it to an ASCII-compatible format before making the DNS request. This format is called Punycode, and the domains that use it are called Internationalized Domain Names (IDN). Understanding this matters for developers building multilingual applications and businesses targeting non-English markets.

Convert between Unicode IDN and Punycode instantly with our free IDN Punycode Converter tool. For understanding DNS for any domain, use our WHOIS Lookup. For URL encoding of international characters, our URL Encoder handles query strings and paths.

An Internationalized Domain Name (IDN) is a domain containing characters outside standard ASCII — non-Latin alphabets, accented characters, and characters from Arabic, Chinese, Devanagari, and Cyrillic writing systems. Examples: Chinese domain meaning "example", Russian .rf country code TLD, German münchen.de using the umlaut character.

The DNS system was built on ASCII and cannot natively handle non-ASCII characters. IDNs solve this using Punycode encoding — every non-ASCII IDN has an ASCII-compatible encoding that DNS can handle.

Punycode is a method to represent Unicode strings using only ASCII characters, defined in RFC 3492. For domain names, the encoded result is prefixed with xn-- to indicate Punycode-encoded IDN content.

Examples: münchen encodes to xn--mnchen-3ya. The Chinese characters for Beijing encode to xn--1lq90i. So the domain for Beijing in Chinese is stored and transmitted as xn--1lq90i.com. Your browser converts between the human-readable Unicode form and the xn-- ASCII form transparently — when you type a Chinese domain, the browser sends the DNS request using the xn-- encoded form automatically.

The xn-- prefix is the tell-tale sign of an IDN Punycode encoding. If you see it in a domain, use our IDN Punycode Converter to see what Unicode text it represents.

The biggest security concern with IDNs is the homograph attack. Characters from different Unicode scripts can look visually identical. The Cyrillic letter a (U+0430) looks identical to the Latin letter a (U+0061) in most fonts. An attacker can register a lookalike domain using Cyrillic characters — it appears identical to the target domain but points to a different server.

Browsers defend against this by showing the Punycode form instead of the visually identical Unicode form when domains mix scripts. For verifying a domain before visiting, use our Safe URL Checker and check registration with our WHOIS Lookup.

Email addresses can also use international characters in both the local part (before @) and the domain, standardised as SMTPUTF8 in RFC 6531. However support is inconsistent across email servers and clients. For business email, ASCII addresses remain the most universally compatible. Domain registration for email domains follows the same IDN rules as web domains. Verify your domain DNS with our WHOIS Lookup and check your HTTP headers with our HTTP Headers Lookup to ensure everything is configured correctly.