Skip to content
D1
EN

IDN utility

Punycode Converter

Convert internationalized domain names between readable Unicode and ASCII Punycode/IDNA form.

This form calls the relative endpoint: /site-api/tools/punycode

How to use the Punycode converter

  1. Paste a Unicode domain label or an xn-- Punycode string. The converter detects direction and normalizes output for DNS tooling — no manual prefix guessing.
  2. Review both U-label (Unicode) and A-label (ASCII/Punycode) forms side by side. Internationalized domain names must be stored and queried in Punycode even when marketing materials show native scripts.
  3. Copy the encoded hostname into DNS Checker or DIG to confirm the name resolves publicly. Conversion correctness does not imply the domain is registered, benevolent, or correctly delegated.
  4. Use WHOIS on the Punycode form when investigating ownership — registries store A-labels. Recent conversions stay in local browser history only; DN01 does not register domains or validate trademark conflicts.

Punycode conversion modes

Punycode (RFC 3492) represents Unicode in DNS-compatible ASCII. The table summarizes what operators convert before WHOIS, DNS lookups, and abuse triage. Homograph domains can look identical in Unicode while differing in Punycode — conversion is a readability step, not a safety verdict. Pair with WHOIS and SSL Certificate Checker on suspicious hosts.

ModeWhen to useSample
Unicode → PunycodeEncode IDN labels for DNS and WHOISпример.рф → xn--e1afmkfd.xn--p1ai
Punycode → UnicodeDecode xn-- labels for human reviewxn--bcher-kva.example → bücher.example
A-label detectionSpot xn-- prefixes in mixed hostnameswww.xn--80aswg.example
U-label displayShow readable Unicode for registrarsMünchen.de in Unicode form
Mixed scriptsReveal homograph risk in combined alphabetsLatin + Cyrillic lookalikes
Copy actionsPaste encoded form into DNS Checker or DIGOne-click copy of A-label

When Punycode conversion matters

Marketing hands you Cyrillic or diacritic domains while DNS panels require xn-- labels. Convert before pasting into DNS Checker or registrar glue fields — a single wrong character produces NXDOMAIN across the zone.

Security teams decode phishing URLs from mail logs where MTAs display Punycode. Converting to Unicode reveals homograph attacks targeting brand names. Follow with WHOIS for registration age and HTTP header checker on the decoded host — conversion does not block malware.

Developers testing IDN support in apps paste Unicode user input, convert to A-label, then DIG A/AAAA on the result. Browsers apply IDNA2008/UTS46 rules; DN01 converter aligns with standard Punycode encoding for DNS operations.

Documentation and runbooks should store both forms: Unicode for humans, Punycode for machines. Export copy buttons reduce transcription errors in tickets compared to retyping long xn-- strings from PDFs.

ccTLD policies vary — some namespaces restrict scripts. Punycode proves encoding only; registry acceptance is a separate WHOIS/policy question DN01 does not adjudicate.

Localization teams preparing multilingual landing pages verify that hreflang targets use consistent A-labels in href attributes while displaying Unicode in visible anchor text — mismatches break analytics funnels when DNS and marketing disagree on canonical hostnames.

Certificate SAN lists from SSL Certificate Checker may show Punycode while executives read Unicode on slides — convert both ways in the same ticket so renewal CSRs include every label form the CA expects.

Typosquat campaigns register IDN lookalikes minutes after brand news — converter speeds triage but response playbooks still need legal, registrar abuse, and customer comms beyond any DNS tool.

Email punycode display policies differ: some clients show Unicode, others xn-- — train support staff to convert both ways before accusing customers of typos when messages reference internationalized storefront URLs.

Affiliate networks sometimes pass Unicode tracking domains — convert before Blacklist Checker or WHOIS so case systems store consistent Punycode identifiers across ticket updates.

Troubleshooting conversion issues

Invalid input errors usually mean disallowed characters, empty labels, or trailing dots in the wrong field. Strip paths and schemes — convert host labels only (not https://).

Mixed-script labels may be rejected by browsers even when Punycode encodes — policy is client-side. Do not assume encodable equals registrable.

Round-trip Unicode → Punycode → Unicode should match after normalization. If not, check for invisible Unicode joiners or homoglyph normalization differences between tools.

DNS Checker accepts Unicode and normalizes internally — still verify encoded output matches registrar records when debugging delegation disputes.

Punycode labels are case-insensitive in DNS — always compare lowercase xn-- forms when diffing WHOIS exports against converter output to avoid false mismatches.

IDN, homographs, and operator hygiene

Internationalized domain names exist because DNS labels are historically ASCII-limited. Punycode is reversible encoding, not encryption — anyone can decode xn-- strings with this tool or standard libraries.

Homograph attacks exploit visually similar characters across scripts. Convert suspicious URLs, compare to known brand Punycode, and escalate via registrar abuse channels with WHOIS evidence. DN01 does not maintain brand allowlists or automatic phishing scores.

Email and URL parsers sometimes leave IDN in Unicode while your DNS tools need A-labels — standardize on Punycode before DIG MX traces on internationalized mail domains.

API access supports batch conversion in scripts after token registration — browser UI remains best for quick copy actions with localized labels.

Browser vendors maintain confusable character blocklists — encodable in DN01 does not mean renderable in every user agent. Test real customer browsers after DNS goes live.

Search engines index IDN canonicals — SEO teams should align sitemap URLs with the Punycode form crawlers fetch, while marketing microcopy stays Unicode for readability.

Mobile deep links with Unicode hosts must match app IDN handling — convert before testing universal links; iOS and Android normalization rules differ slightly from DNS Punycode strictness.

WHOIS on Punycode remains authoritative for registration disputes — keep converter output attached when escalating lookalike domains to registrars.

Internationalized email (EAI) pushes Unicode into mail headers — DNS for MX still uses Punycode; convert mailbox domains before DIG when debugging SMTP TLS certificates on IDN mail hosts.

Registries publish IDN tables per TLD — characters valid in .com IDN may differ from ccTLD rules; converter encodes Unicode you supply without judging registry policy.

Phishing response runbooks should list DN01 Punycode converter beside WHOIS and DNS Checker — first responders convert URLs before blocking at proxy, reducing false blocks on legitimate IDN merchants.

Unicode domain registration premiums differ by registrar — converter does not quote prices or check availability; WHOIS answers registration after you encode correctly.

Enterprise proxies sometimes block xn-- URLs as suspicious — decoded Unicode may pass policy review while Punycode trips filters; document both forms when requesting firewall exceptions for legitimate IDN partners.

TLS certificates for IDN sites list Punycode in SAN — SSL Certificate Checker output should be converted for executive reports alongside DNS Checker verification of the same A-labels.

DN01 converter is free for manual use; API rate limits apply for bulk conversion pipelines — same honesty as other DN01 network tools without propagation maps.

Five-step IDN rollout workflow

  1. Convert marketing Unicode to Punycode; store both in the change ticket.
  2. WHOIS the A-label — confirm registration and nameserver delegation.
  3. DNS Checker on Punycode hostname — verify A/AAAA/MX/TXT as needed.
  4. DIG single record types for support evidence; SSL Certificate Checker on HTTPS names.
  5. HTTP header checker on live site; archive converter output locally — DN01 does not host your IDN playbook.

Punycode converter vs CLI idn2 and browser IDN

Command-line idn2/idnkit works in scripts but is often missing on Windows corporate images. DN01 provides instant bidirectional conversion with companion DNS and WHOIS links — not a replacement for library integration in your app codebase.

Browsers display Unicode in address bars while copying Punycode — confusing during incident triage. Dedicated converter pages document both forms explicitly for tickets.

We do not register IDNs, screen trademarks, or detect all homograph combos automatically. Honest utility scope: accurate encoding/decoding, eight locales for EN/RU full depth, localized shorter guides in other languages, local history only.

No claim to validate SSL on converted names automatically — run SSL Certificate Checker yourself after DNS Checker confirms resolution.

Unicode normalization forms (NFC vs NFD) can change visual appearance without changing meaning — when round-trip fails, inspect code points in a dedicated Unicode tool; DN01 focuses on DNS Punycode, not full Unicode normalization education.

Registrars sometimes show both forms in invoices — attach converter output to finance tickets so renewal payments match the technical delegation you verify in WHOIS and DIG.

Brand protection services monitor homograph registrations — DN01 converter helps analysts decode suspicious labels quickly before escalating to registries; we do not auto-alert on new registrations or replace commercial brand-monitoring suites.

Developer IDN test matrices should include mixed-script labels your product must reject — converter produces expected A-labels for unit tests without hand-maintaining xn-- fixtures in repo.

Government and banking portals sometimes mandate specific IDN scripts — legal review precedes technical launch; converter does not certify regulatory approval for your industry vertical.

CDN cache keys may use Punycode host headers — when purge fails for Unicode marketing URLs, convert and purge A-label variant; HTTP header checker confirms which Host header edge saw.

Why use DN01 Punycode converter

  • Bidirectional Unicode ↔ Punycode with copy-friendly output for DNS Checker, DIG, and WHOIS.
  • Same site as DNS, WHOIS, and SSL tools — one workflow for IDN onboarding and abuse triage.
  • Localized UI; API for automation — no domain sales, no homograph guarantee.
  • Runs client-side friendly checks with server validation; no storage of your pasted strings beyond local browser history.

FAQ

Punycode converter FAQ

Convert internationalized domain names and spot confusing hostname forms.

What is Punycode used for?

Punycode represents Unicode domain labels in ASCII so DNS can handle IDN domains. The Punycode and IDN guide explains the conversion.

Why does a Cyrillic domain start with xn--?

That prefix marks an encoded IDN label. For Cyrillic examples, see Cyrillic domain Punycode.

Should I check DNS after converting?

Yes. Convert the name here, then open DNS Checker or DIG to confirm the encoded host actually resolves.

Does Punycode prove a domain is safe?

No. It only converts the label. For suspicious domains, also check registration in WHOIS and avoid entering credentials on lookalike hosts.

Tool switcher

Pick the next step in your domain or security workflow.

Full tool catalog

Guides

Practical guides for common Punycode Converter tasks — DNS records, troubleshooting steps, and links to our free tools.

Back to Punycode Converter