Punycode (IDN) Encoder/Decoder - Convert Unicode Domains

Punycode Encoder / Decoder

Punycode is the encoding scheme used to represent Internationalized Domain Names (IDNs) in the DNS. Because the Domain Name System was originally designed for ASCII only, non-ASCII characters (Arabic, Chinese, Cyrillic, accented Latin, etc.) must be converted before they can be used as hostnames.

How it works

Each label (dot-separated component) of a domain is encoded independently. If a label contains non-ASCII characters it gets the xn-- prefix followed by the Punycode representation. For example münchen.de becomes xn--mnchen-3ya.de.

Common use-cases

• Checking what a non-Latin domain looks like in the DNS.
• Debugging IDNA-related issues in email or certificate SANs.
• Verifying that a homoglyph-based phishing domain differs from the legitimate one.

Homoglyph phishing

Homoglyph attacks exploit Unicode characters that look visually identical (or nearly identical) to common Latin letters. For example, the Cyrillic small letter “a” (U+0430) is indistinguishable from the Latin “a” (U+0061) in most fonts. A domain like аpple.com (Cyrillic α) encodes to xn--pple-43d.com — clearly different in Punycode form but visually identical in the browser address bar. Always check the Punycode form of unfamiliar Unicode domains before trusting them.

IDNA2003 vs. IDNA2008

Two standards govern internationalized domain names. IDNA2003 (RFC 3490, widely deployed) applies Unicode normalization and case folding before encoding. IDNA2008 (RFC 5891, newer) has stricter rules about which Unicode code points are permitted and does not perform the same normalizations. Some domains valid under one standard are rejected by the other — a source of subtle cross-platform compatibility issues in email and TLS certificates.