Punycode Converter Online
Free IDN to ASCII & Unicode Decoder 2026
Use our free Punycode converter online to instantly convert Unicode to Punycode for DNS setup, or decode Punycode to Unicode to reveal the real name behind xn-- prefix domains. This IDN to ASCII converter supports internationalized domain name conversion for Arabic, Chinese, Cyrillic, and all non-Latin scripts. Built as a professional online ACE (ASCII Compatible Encoding) tool with batch conversion, homograph phishing attack detection, script identification, and full IDNA2008 / RFC 3492 Bootstring algorithm compliance. The best Punycode converter for developers and sysadmins.
Quick Answer: What Is Punycode?
Punycode converts Unicode domain names (münchen.de, 中文.com) into ASCII-safe strings (xn--mnchen-3ya.de) using the Bootstring algorithm (RFC 3492). DNS only supports the LDH subset (Letters, Digits, Hyphens), so internationalized domain names must be encoded. The xn-- prefix signals a Punycode-encoded label. Our Punycode converter online handles ToASCII and ToUnicode conversion, batch processing, and homograph phishing detection.
IDN to ASCII Converter
Enter a Unicode domain or xn-- Punycode domain. Auto-detects direction.
Robert Harrison
OSINT & Network Utility Expert
Robert specializes in DNS management, domain forensics, internationalized domain names, and network security. He helps organizations detect homograph phishing attacks and configure IDN domains correctly across DNS infrastructure.
View All ArticlesWhat Is Punycode and Why DNS Requires ASCII Compatible Encoding
The Domain Name System (DNS) was built in the 1980s using only the LDH (Letter-Digit-Hyphen) subset — the 26 English letters, digits 0-9, and the hyphen. When the global internet needed support for Arabic (العربية), Chinese (中文), Cyrillic (кириллица), and other scripts, engineers created Punycode — an ASCII Compatible Encoding (ACE) defined in RFC 3492 that converts any Unicode string into a valid DNS label.
Our Punycode converter online performs the ToASCII conversion (Unicode → Punycode) and ToUnicode conversion (Punycode → Unicode) following the IDNA2008 standard. When you enter münchen.de, DNS cannot process the ü character, so Punycode encodes it as xn--mnchen-3ya.de. The xn-- prefix is a permanent marker that tells software: "this label contains encoded Unicode."
RFC 3492: The Bootstring algorithm efficiently encodes Unicode codepoints as ASCII by first isolating all ASCII characters, then appending delta-encoded non-ASCII positions. This keeps Punycode domains short — critical for DNS label length limits (63 characters per label).
How the Bootstring Algorithm Converts Unicode to Punycode
The Bootstring algorithm behind Punycode is mathematically elegant. Unlike Base64 which uniformly expands data by 33%, Bootstring adapts to the input — simple domains with one non-ASCII character produce short output. The process works in three steps:
- Step 1 — ASCII Isolation: Extract all basic ASCII characters and place them first, separated by a hyphen from the encoded portion.
- Step 2 — Delta Encoding: Calculate the "distance" (delta) between non-ASCII codepoints in the Unicode table. Instead of storing absolute codepoints, store differences — far more compact.
- Step 3 — Variable-Length Integers: Convert deltas to base-36 ASCII characters (a-z, 0-9) using an adaptive bias that optimizes for common patterns.
// Punycode conversion example
Input: münchen.de
Step 1: mnchen (ASCII) + separator hyphen
Step 2: ü (U+00FC) → delta encoded
Step 3: mnchen-3ya (Punycode label)
Output: xn--mnchen-3ya.de
Verify DNS records for Punycode domains with our DNS Lookup and check domain registration with WHOIS Lookup.
Internationalized Domain Names: Arabic, Chinese, Cyrillic and Emoji Domains
Our internationalized domain name converter handles every Unicode script supported by DNS. The IDNA2008 standard defines which characters are valid in domain labels. Here are the most common non-Latin script domains and their Punycode equivalents:
| Script | Unicode Domain | Punycode | TLD Support |
|---|---|---|---|
| Arabic | مثال.com | xn--mgbh0fb.com | .com, .sa, .ae |
| Chinese | 中文.com | xn--fiq228c.com | .com, .cn, .中国 |
| Cyrillic | пример.com | xn--e1afmapc.com | .com, .ru, .рф |
| Latin Extended | münchen.de | xn--mnchen-3ya.de | All TLDs |
| Emoji | ❤.ws | xn--qei.ws | .ws, .to, .fm |
Emoji Domains: Only select TLDs (.ws, .to, .fm) support emoji domain registration. Convert your emoji to Punycode first, then register the xn-- version with a compatible registrar. Most browsers display emoji domains in raw Punycode form for security.
Homograph Phishing Attacks: How Look-Alike Domains Steal Credentials
A homograph phishing attack exploits the visual similarity between characters from different scripts. The Cyrillic 'а' (U+0430) looks identical to the Latin 'a' (U+0061) but has a different Unicode codepoint. Attackers register domains like xn--pple-43d.com which renders as аpple.com — visually indistinguishable from the real Apple website.
// Homograph attack example
Real domain: apple.com (all Latin characters)
Fake domain: аpple.com (Cyrillic 'а' + Latin 'pple')
Punycode: xn--pple-43d.com (reveals the deception)
// Our detector flags: Mixed Latin + Cyrillic = HIGH RISK
Our homograph detector checks for mixed-script usage, brand name resemblance, and suspicious patterns. Modern browser rendering behavior in Chrome and Firefox now shows Punycode warnings when domains mix scripts — displaying the raw xn-- string instead of the Unicode rendering. Verify suspicious domains with our IP Fraud Checker and check SSL certificates with our SSL Checker.
Security Alert: Always decode xn-- prefix domains before clicking links in emails. Our free tool to check if a link is a Punycode phishing attack reveals the true Unicode name. If the decoded name mixes scripts, it is likely malicious. Read our IP reputation guide for additional protection.
Why Your Domain Shows xn-- in the Browser and How to Fix It
If your internationalized domain displays as xn--... instead of the Unicode version, the browser's anti-phishing system may be blocking Unicode rendering. Browsers use mixed-script detection: if a domain label contains characters from two different scripts (e.g., Latin + Cyrillic), the browser shows the Punycode form as a security warning.
When Browsers Show Punycode
- Mixed scripts in a single label (Latin + Cyrillic, Latin + Arabic).
- Confusable characters that resemble Latin letters (Cyrillic а, о, р, с, е).
- Unknown or rare scripts not in the browser's safe list.
How to Ensure Unicode Rendering
Use characters from a single script consistently. Register domains using the complete script (e.g., all Cyrillic, all Arabic). Avoid mixing Latin characters with non-Latin ones. Check your domain headers with our Headers Analyzer and verify DNS configuration with our DNS Lookup.
Convert Russian or Arabic Domains to Punycode for DNS Setup
When configuring DNS records, SSL certificates, or firewall rules for internationalized domain names, you must use the Punycode (ASCII) form. DNS servers, BIND zone files, and most CDN configurations do not accept Unicode directly. Our IDN to ASCII converter gives you the exact xn-- string to use.
# DNS zone file: Use Punycode, not Unicode
# WRONG — DNS will reject this:
münchen.de. IN A 93.184.216.34
# CORRECT — Use Punycode form:
xn--mnchen-3ya.de. IN A 93.184.216.34
The same applies to SSL certificate requests — Certificate Authorities require the Punycode domain. Check certificate configuration with our SSL Checker. For email deliverability on IDN domains, verify with our Email Verifier and check for temporary email abuse with our Temp Email Checker.
Sysadmin Tip: When fixing "Invalid Domain Name" errors, the cause is almost always using Unicode instead of Punycode in server configuration. Convert with our tool, use the xn-- form in configs, and the error resolves instantly.
IDNA2008 vs IDNA2003: Standards That Govern Domain Encoding
The IDNA (Internationalized Domain Names in Applications) standard has two major versions. IDNA2003 automatically mapped some characters (e.g., ß → ss in German) which caused confusion. IDNA2008 (current) removed automatic mapping, treats characters more strictly, and improved security against homograph attacks.
Key Differences
- IDNA2003: Auto-mapped ß → ss, allowed more characters, less strict. Now deprecated.
- IDNA2008: No automatic mapping, stricter character tables, better security. Current standard.
- UTS46 Compatibility: Bridges differences between 2003 and 2008. Our tool uses IDNA2008 with UTS46 for maximum compatibility.
Our Punycode converter online uses PHP's intl extension with INTL_IDNA_VARIANT_UTS46 flag, ensuring IDNA2008 compliance with backward compatibility. Verify domain ownership with our WHOIS Lookup. Read our digital footprint guide for privacy.
Browser Punycode Warnings: How Chrome and Firefox Protect Users
After high-profile homograph phishing attacks, major browsers implemented Punycode warnings. When a domain contains characters from multiple scripts, browsers display the raw xn-- form instead of the Unicode rendering. This browser rendering behavior is a key defense against visual spoofing.
Chrome's Mixed-Script Policy
Chrome uses an allowlist of safe script combinations. If a domain mixes Latin with Cyrillic (a common attack vector), Chrome shows Punycode. Single-script domains (all Cyrillic, all Arabic) render normally in Unicode.
Firefox IDN Display Policy
Firefox has a configurable network.IDN_show_punycode flag. Set it to true to always see the raw Punycode — useful for security professionals. Check your browser's security posture with our Browser Info Tool. Scan for open ports on your network with our Port Scanner.
For Security Teams: Configure your organization's browsers to show Punycode for all non-ASCII domains. This eliminates homograph attacks entirely at the display level. Combine with our IP Fraud Checker for comprehensive phishing detection.
Punycode in Email, SSL Certificates and Cloud Infrastructure
IDN domains create compatibility challenges beyond web browsing. Many legacy mail servers cannot handle Unicode email addresses. When sending to addresses on IDN domains, the mail system must use the Punycode form (user@xn--mnchen-3ya.de). Verify email deliverability with our Email Verifier.
SSL/TLS certificates require Punycode in the Common Name (CN) or Subject Alternative Name (SAN) fields. A certificate for münchen.de must list xn--mnchen-3ya.de. Mismatched certificates cause browser security warnings. Audit certificates with our SSL Checker.
In cloud infrastructure (AWS, Azure, GCP), firewall rules, load balancer configs, and CDN origins must use Punycode for IDN domains. Using Unicode directly causes "Invalid Domain Name" errors. Read our guide on fixing 550 RBL errors and IP reputation for bulk email.
Complete Punycode Workflow for Developers and Sysadmins
- Step 1: Enter the Unicode domain into our Punycode converter online.
- Step 2: Copy the
xn--ASCII output for DNS zone files, SSL certificates, and server configs. - Step 3: For unknown
xn--domains, decode with our Punycode to Unicode decoder to see the real name. - Step 4: Use batch mode to convert multiple domains for large migration projects.
- Step 5: Run suspicious links through our homograph detector before clicking.
- Step 6: Verify DNS records with our DNS Lookup using the Punycode form.
- Step 7: Check domain ownership with WHOIS and SSL with our SSL Checker.
- Step 8: Generate strong passwords for domain registrar accounts with our Password Generator. Encode data with our Base64 Encoder and hash with our Hash Generator.
Pro Tip: Bookmark our xn-- prefix lookup tool for daily use. Whenever you encounter an unknown Punycode domain in logs, emails, or security alerts, decode it immediately. Read our cold emailing 2026 guide for domain reputation best practices.
Frequently Asked Questions About Punycode & IDN
Q What is a Punycode converter online?
A Punycode converter online translates internationalized domain names between Unicode (human-readable) and ASCII (xn-- Punycode) formats. Our tool auto-detects direction, supports batch conversion, and includes homograph phishing detection.
Q Why does my domain show xn-- in the browser?
Browsers display the xn-- prefix when a domain mixes scripts (Latin + Cyrillic) as a Punycode warning against homograph phishing. Single-script IDN domains render normally. Use our Punycode to Unicode decoder to see the real name.
Q How to detect homograph phishing attacks?
Our homograph detector checks for mixed scripts (Cyrillic vs Latin), brand name resemblance, and visual spoofing patterns. Always decode xn-- domains before trusting links. Look-alike domains are the #1 vector for credential theft.
Q How to register emoji domains in 2026?
Convert emoji to Punycode with our tool, then register the xn-- form. Only .ws, .to, .fm TLDs support emoji domain registration. Browsers show emoji domains in Punycode. Use our tool to verify the correct encoding.
Q How to fix "Invalid Domain Name" errors?
Fixing Invalid Domain Name errors requires converting the Unicode domain to Punycode. DNS records, SSL configs, and server software need the xn-- ASCII form. Our IDN to ASCII converter gives you the exact string.
Q What is the difference between IDNA2003 and IDNA2008?
IDNA2008 is stricter: no automatic character mapping, better security, and more scripts supported. IDNA2003 (deprecated) auto-mapped characters like ß → ss. Our tool uses IDNA2008 with UTS46 compatibility for accuracy.
Q Can I convert multiple domains at once?
Yes. Our batch tab converts up to 50 domains simultaneously. Enter one domain per line — the tool auto-detects whether each needs encoding or decoding. Essential for migration projects and DNS compatibility audits.
Q Does Punycode apply to IP addresses?
No. IP addresses (IPv4 and IPv6) are numeric. Punycode only applies to domain name labels — the human-readable strings that DNS resolves to IP addresses. IPs never need Punycode conversion.
Related DNS & Security Tools
Complete your domain security audit.
Decode Punycode & Detect Phishing Instantly
Free IDN Converter — No Signup Required
Our Punycode converter online handles Unicode↔ASCII conversion, batch processing, homograph detection, and script identification. IDNA2008 compliant. The best Punycode converter for developers and sysadmins.