Internationalized Domain Name (IDN)

What Are Internationalized Domain Names?

Internationalized Domain Names (IDNs) allow domain names to contain non-ASCII characters — letters from Arabic, Chinese, Cyrillic, Devanagari, Hebrew, Japanese, Korean, Thai, and hundreds of other scripts. Before IDNs, domain names were restricted to ASCII letters, digits, and hyphens (LDH characters).

IDNs let users register and navigate to domain names written entirely in their native scripts: 例え.jp, مثال.إختبار, пример.испытание. This dramatically improves accessibility for the billions of internet users whose primary scripts are not Latin.

How IDNs Work Technically

The DNS infrastructure only understands ASCII. IDNs bridge this gap using Punycode encoding: non-ASCII domain labels are converted to an ASCII-compatible encoding (ACE) prefixed with xn--. The Punycode-encoded forms travel through DNS; the original Unicode forms are displayed to users.

User sees:    例え.jp
DNS query:    xn--r8jz45g.jp

The conversion is handled by the operating system's DNS resolver or the browser's IDN processing layer. Applications interact with the human-readable Unicode form; the network sees only ASCII.

IDNA Standards

Two versions of the IDNA (Internationalizing Domain Names in Applications) protocol exist:

• IDNA2003 (RFC 3490): First standard. Uses NAMEPREP profile of Stringprep for normalization.
• IDNA2008 (RFC 5891/5892): Stricter. Removes some characters IDNA2003 allowed (like ß → ss mapping). More conservative and consistent.

Most modern systems use IDNA2008. Some compatibility issues exist between the versions for a small set of characters.

Security Considerations

IDNs introduce homograph attacks: characters from different scripts can look identical to Latin letters. For example, Cyrillic а (U+0430) looks like Latin a (U+0061). A malicious domain pаypal.com might use Cyrillic а to impersonate paypal.com.

Browsers defend against this by: - Displaying the Punycode form (xn--...) when a domain mixes scripts or contains confusable characters. - Restricting which labels show as Unicode (typically: all characters from a single script, using registered scripts for the TLD).

# This URL shows as Punycode in Chrome (mixed scripts)
http://xn--80ak6aa92e.com/

Using IDNs in Python

import idna  # pip install idna

# Encode: Unicode → Punycode
idna.encode("例え.jp")              # b"xn--r8jz45g.jp"
idna.encode("münchen.de")          # b"xn--mnchen-3ya.de"
idna.encode("пример.испытание")    # b"xn--e1afmapc.xn--80akhbyknj4f"

# Decode: Punycode → Unicode
idna.decode("xn--r8jz45g.jp")      # "例え.jp"
idna.decode("xn--mnchen-3ya.de")   # "münchen.de"

# Standard library (limited to IDNA2003)
"例え.jp".encode("idna")           # b"xn--r8jz45g.jp"
b"xn--r8jz45g.jp".decode("idna")   # "例え.jp"

IDN Email Addresses

Email also supports international addresses (EAI — Email Address Internationalization, RFC 6531). A full internationalized email address can use Unicode in both the local part and the domain:

用户@例子.广告    (Chinese)
उपयोगकर्ता@उदाहरण.भारत    (Hindi)

Support for EAI in mail clients and servers is still growing.

Quick Facts