Free Tool

Free Punycode & IDN Converter

Convert internationalized domain names to and from Punycode (xn--). Decode Unicode domains, encode IDNs for DNS, and spot lookalike phishing names. Free, browser-only, no signup.

Domain or hostname

Enter a Unicode domain (münchen.de, 例え.jp, café.com) or a Punycode domain (starts with xn--). The tool converts both ways automatically.

Punycode (the xn-- prefix) is how internationalized domain names are encoded into ASCII for DNS. Convert either way to read a domain, register an IDN, or spot a lookalike phishing name.

No signup required

Free forever

GDPR compliant

Quick Answer

A Punycode converter translates internationalized domain names (IDNs) between their human-readable Unicode form (münchen.de) and their ASCII Punycode form (xn--mnchen-3ya.de). Paste either form and the tool shows both. The U2L Punycode Converter implements the RFC 3492 algorithm entirely in your browser, so it works in both directions. Free, no signup.

Quick Facts

Punycode encodes Unicode domain labels into ASCII so DNS, which only allows ASCII, can carry internationalized names.
Punycode labels always start with the xn-- prefix, for example xn--mnchen-3ya.de for münchen.de.
Defined by RFC 3492, with the IDNA standards governing how full domains are converted.
The tool converts both ways automatically and decodes per-label, so mixed domains are handled correctly.
Useful for spotting homograph (lookalike) phishing domains that use Unicode characters resembling ASCII ones.
Browsers display the Unicode form but transmit the Punycode form - the two always refer to the same domain.
Browser-only and instant - conversion runs locally and your input is never sent to U2L servers.

How to convert Punycode

Paste a domain in either form.

1
Paste the domain
Enter a Unicode domain (münchen.de, café.com, 例え.jp) or a Punycode domain that starts with xn--. The tool auto-detects the direction.
2
Read both forms
See the Unicode (IDN) form and the Punycode (ASCII) form side by side, each with a copy button, so you have whichever you need.
3
Copy the form you need
Copy the ASCII Punycode for DNS records and configuration, or the Unicode form for display and documentation.

What is a Punycode Converter?

Punycode Converter is a tool that converts internationalized domain names between their Unicode form and their Punycode (ASCII) form. Because the DNS only understands ASCII, a domain with non-English characters like münchen.de must be encoded as xn--mnchen-3ya.de to work on the internet; a Punycode converter translates between the readable name and that encoded form.

Punycode is the encoding defined by RFC 3492 that represents Unicode characters using only the ASCII letters, digits, and hyphen that DNS allows. When a domain label contains non-ASCII characters, it is encoded into a string prefixed with xn--. The broader IDNA (Internationalized Domain Names in Applications) standards describe how whole domains are converted so browsers and resolvers handle them consistently.

This matters for two big reasons. First, internationalization: people register and use domains in their own scripts - Arabic, Chinese, Cyrillic, accented Latin - and Punycode is how those names travel through DNS, certificates, and email. Second, security: attackers exploit homograph attacks, registering domains with Unicode characters that look identical to ASCII ones (a Cyrillic 'а' for a Latin 'a') to impersonate trusted brands. Decoding the Punycode reveals the real domain.

Developers configuring DNS and TLS, security analysts investigating suspicious links, domain registrants working with IDNs, and anyone who has seen a baffling xn-- domain use a converter to move between the two forms and understand what a domain really is.

How does a Punycode Converter work?

The tool implements the RFC 3492 Punycode algorithm directly, in both directions, because browsers expose ASCII encoding through the URL API but provide no way to decode an xn-- label back to Unicode. Shipping the full encode and decode means the converter is reliable both ways without any server round-trip.

When you paste a domain, it is split into labels at each dot, because conversion happens per label. For decoding, any label beginning with xn-- has that prefix stripped and the remainder run through the Punycode decoder to recover the original Unicode characters. For encoding, any label containing non-ASCII characters is run through the Punycode encoder and given the xn-- prefix; pure-ASCII labels are left untouched.

The algorithm itself is a generalized variable-length integer scheme: it lists the basic ASCII characters first, then encodes the non-ASCII code points as a series of deltas with an adapting bias, which is what produces the compact strings after the xn-- prefix. Decoding reverses the process exactly, so the round trip is lossless - encode then decode returns the original name.

Everything runs in your browser. The domain you enter is never transmitted to U2L, which matters when you are investigating a potentially malicious link. The converter first normalizes the input - stripping any scheme, path, or trailing slash - so you can paste a full URL and still get a clean domain conversion.

Use Cases

How marketers, businesses, and developers use punycode converter.

Decoding a mysterious xn-- domain

Turn an unreadable xn--80ak6aa92e.com style domain back into its real Unicode name so you can tell what it actually is.

Spotting homograph phishing domains

Decode a domain that looks like a trusted brand to reveal Unicode lookalike characters hiding an impostor - a key check before clicking or trusting a link.

Configuring DNS for an IDN

Get the exact ASCII Punycode form to enter in DNS records, registrar panels, and zone files, which require the xn-- encoding rather than Unicode.

Issuing TLS certificates for IDNs

Certificate authorities and configs expect the Punycode form. Convert your Unicode domain to ASCII to request and install the right certificate.

Registering internationalized domains

Confirm how your brand or name encodes into Punycode before registering an IDN, so you know the exact ASCII domain you are buying.

Investigating suspicious links

Security teams decode the host of a reported URL to expose disguised Unicode characters and confirm whether a domain is impersonating another.

Debugging email and SMTP issues

Email systems use Punycode for internationalized domains. Convert to diagnose delivery problems tied to how an IDN was encoded.

Reading IDNs in logs and tools

Server logs, WHOIS, and security tools often show Punycode. Decode it to understand which real-world domain a log entry refers to.

Teaching how IDNs and DNS work

Demonstrate the relationship between a readable domain and its DNS-safe encoding by converting examples and watching the xn-- form appear.

Punycode Converter vs Alternatives

Side-by-side feature and pricing comparison with the top alternatives.

Feature	Browser URL bar	Node punycode	Manual
Free, no signup			N/A
Converts both directions
No code or terminal needed
Shows Unicode and ASCII together		Manual
Safe for investigating bad links	Risky		N/A
Browser-only (no data sent)			N/A

Punycode Converter vs Reading it in the browser address bar

Browsers convert between Unicode and Punycode internally, and sometimes show one or the other in the address bar depending on the characters and your settings. It is convenient for a quick glance.

Relying on the address bar means actually navigating to the domain - risky if it is a phishing site - and browsers deliberately hide or show forms inconsistently for safety. This converter shows both forms without visiting the site, which is exactly what you want when investigating a suspicious link.

Punycode Converter vs The Node.js punycode module

Developers can use Node's punycode module (or the npm package) to convert in a script. It is accurate and scriptable for automation.

That requires a terminal, Node, and writing code. This tool gives the same RFC 3492 conversion in the browser with no setup, and shows both forms at once for non-developers - faster for a one-off lookup and usable by security or marketing teammates.

Best Practices

Decode unfamiliar xn-- domains before trusting them

If a link's host starts with xn--, decode it to see the real characters. A name that looks like a brand may hide lookalike Unicode letters.

Use the ASCII form for DNS and certificates

DNS records, registrar fields, and TLS certificates require the Punycode (xn--) form. Copy the ASCII output for any configuration, not the Unicode display name.

Use the Unicode form for display only

Show the readable Unicode name to humans in content and UI, but never store it where an ASCII domain is expected - keep the two forms in their right places.

Investigate links without visiting them

Paste a suspicious URL here rather than opening it. You see the real domain safely, in your browser, without giving the site a hit.

Watch for mixed-script labels

Domains mixing scripts (Latin plus Cyrillic) are a homograph red flag. Decoding reveals the mix even when the rendered name looks like plain English.

Convert per label, not the whole string

Only the labels with non-ASCII characters get xn-- encoded. The tool handles this automatically, so a partially internationalized domain converts correctly.

Verify a round trip when registering

Encode your Unicode name, then decode the result to confirm it returns the original. A clean round trip means the encoding is correct before you register.

Keep the full domain in mind

Each label converts independently, so example.café.com encodes only the café label. Check every label of a domain you are validating.

Common Mistakes to Avoid

Trusting an xn-- domain by its rendered name

A domain can render as a familiar brand while its Punycode hides lookalike characters. Always decode to verify the real name before trusting it.

Entering the Unicode form into DNS

DNS records need the ASCII Punycode form. Pasting the Unicode name into a zone file or registrar field fails or misconfigures the domain.

Assuming the address bar always shows Unicode

Browsers sometimes display Punycode for safety, especially mixed-script domains. Do not assume what you see in the bar is the readable name.

Visiting a suspicious domain to decode it

Navigating to a possibly malicious site just to read its name is risky. Decode it offline in a converter instead of opening it.

Converting the whole domain as one label

Punycode works per label between dots. Treating the entire domain as a single string to encode produces an invalid result.

Forgetting the xn-- prefix

An encoded label is only valid with the xn-- prefix. Copying just the encoded suffix without it yields a domain that does not resolve.

Technical Specifications

Standard	RFC 3492 (Punycode), IDNA for full domains
Prefix	xn-- marks a Punycode-encoded label
Direction	Both ways - encode (Unicode to ASCII) and decode
Granularity	Per domain label (split on dots)
Round trip	Lossless - encode then decode returns the original
Use cases	DNS, TLS, email, anti-phishing analysis
Input	Domain or full URL (scheme/path stripped automatically)
Privacy	Converted in your browser. No data sent to U2L.

Frequently Asked Questions

What is Punycode?

Punycode is an encoding (RFC 3492) that represents Unicode domain characters using only ASCII letters, digits, and hyphens, so the DNS - which is ASCII-only - can carry internationalized domain names. Encoded labels start with the xn-- prefix.

What does xn-- mean in a domain?

The xn-- prefix marks a domain label that has been Punycode-encoded from Unicode. For example, xn--mnchen-3ya.de is the encoded form of münchen.de. Decoding it reveals the readable internationalized name.

What is an internationalized domain name (IDN)?

An IDN is a domain containing non-ASCII characters - accented Latin letters, or scripts like Arabic, Chinese, or Cyrillic. To function in DNS, its non-ASCII labels are encoded into Punycode, which this tool converts to and from.

How do I convert a domain to Punycode?

Paste the Unicode domain (for example café.com) into the tool. It encodes each non-ASCII label and shows the ASCII Punycode form (xn--caf-dma.com) that you use in DNS, certificates, and configuration.

How do I decode a Punycode domain?

Paste the xn-- domain into the tool. It strips the prefix from each encoded label and runs the Punycode decoder to recover the original Unicode characters, showing you the readable domain name.

What is a homograph attack?

A homograph (or homoglyph) attack registers a domain using Unicode characters that look identical to ASCII ones - like a Cyrillic 'а' instead of Latin 'a' - to impersonate a trusted site. Decoding the Punycode exposes the deception.

Why does my browser show xn-- instead of the real name?

Browsers display Punycode rather than Unicode in certain cases - especially mixed-script domains - as an anti-phishing safeguard, so a lookalike cannot masquerade as a familiar brand. Decoding it here shows the underlying characters.

Is converting to Punycode reversible?

Yes, exactly. The encoding is lossless: encode a Unicode domain to Punycode, then decode it, and you get the original name back. This round-trip property is built into the RFC 3492 algorithm.

Do I use the Unicode or the Punycode form in DNS?

Use the Punycode (xn--) form in DNS records, registrar fields, and TLS certificates, because those systems are ASCII-only. Use the Unicode form for display to people in content and interfaces.

Is it safe to convert a suspicious domain here?

Yes. The conversion runs entirely in your browser and never visits the domain or sends it anywhere. That makes it a safe way to inspect a potentially malicious xn-- link without opening it.

Does each part of the domain convert separately?

Yes. Punycode operates per label, the parts between dots. Only labels with non-ASCII characters are encoded with xn--; ASCII labels are left as-is. The tool handles each label independently.

Can emoji be in a domain via Punycode?

Technically Punycode can encode emoji, and some registries historically allowed emoji domains, but most TLDs disallow them now under IDNA rules. The encoder will still show the Punycode form if you enter one.

What standards govern this?

Punycode itself is RFC 3492. How full domains are processed - which characters are allowed and how labels are prepared - is covered by the IDNA standards. Together they define how IDNs work across the internet.

Why does the converter strip the http:// and path?

Punycode applies to the domain, not the scheme or path. The tool normalizes a pasted URL down to its hostname so you can drop in a full link and still get a clean domain conversion.

Is the tool free?

Yes - completely free, no signup, no limits. It implements the conversion in your browser, so there is nothing to install and no cost to use it as often as you need.

Will an all-ASCII domain change when converted?

No. A domain with only standard ASCII characters has no internationalized labels to encode, so its Unicode and Punycode forms are identical. The tool tells you when that is the case.

Related Free Tools

Whois Lookup

Look up registrar, owner, creation date, expiry, and DNS for any domain. Free Whois data, no API key.

Free QR Code API

REST API for generating SVG and GIF QR codes. WiFi, vCard, URL, and text. Free, no API key, edge-cached.

DNS / CNAME Checker

Look up A, AAAA, CNAME, MX, TXT, NS records for any domain. Verify global DNS propagation in seconds.

SSL Certificate Checker

Inspect any SSL certificate: validity, issuer, chain, expiry, and protocol. Spot issues before users do.

HTTP Header Inspector

Inspect HTTP request and response headers for any URL. Cache, security, CORS, and server details.

URL Shortener Speed Test

Compare redirect response times across 10+ URL shorteners. Real measurements in your browser.

See all 50 free tools

Key Terms

Punycode: The RFC 3492 encoding that represents Unicode domain labels using only ASCII characters, marked with the xn-- prefix.
IDN: Internationalized Domain Name - a domain containing non-ASCII characters, encoded into Punycode to function in DNS.
IDNA: Internationalized Domain Names in Applications - the standards defining how applications convert and validate IDNs.
Homograph attack: A phishing technique using Unicode characters that look like ASCII ones to register a deceptive lookalike domain.
Label: A single part of a domain between dots. Punycode encoding is applied per label, only to those with non-ASCII characters.

Checking links for safety?

Pair Punycode decoding with U2L's URL Expander and Redirect Checker to reveal where any link really goes before you click. Sign up free for link tools, analytics, and branded short links.