Punycode is the encoding defined in RFC 3492 that represents Unicode strings using only the ASCII characters allowed in host names: letters, digits, and hyphen. It lets the Domain Name System, which is ASCII-only, carry internationalised domain names.

Why does the result start with xn--?

The xn-- prefix (the ACE prefix) marks a label as Punycode-encoded. Browsers and resolvers see this prefix, strip it, and decode the rest to recover the original Unicode label. ASCII-only labels never get the prefix.

Does it convert the whole domain or each part?

Each dot-separated label is converted independently. In münchen.de only the münchen label needs encoding, so the .de top-level domain is left untouched and the result is xn--mnchen-3ya.de.

Why does münchen become mnchen-3ya?

Punycode first copies the ASCII letters (mnchen), adds a hyphen delimiter, then appends an encoded suffix (3ya) that records which non-ASCII code point goes where. Decoding reverses the process to restore the ü.

Can Punycode be used for phishing?

Yes — visually similar Unicode letters can mimic a real domain (a homograph attack). Modern browsers display the xn-- form rather than the Unicode when a label mixes confusable scripts, which is one reason this tool shows you exactly what a domain encodes to.

Punycode Encoder/Decoder

Punycode is the encoding that lets the Domain Name System — which understands only ASCII letters, digits, and hyphens — carry domain names written in any language. This tool converts an internationalised domain name (IDN) such as münchen.de to its ASCII-Compatible Encoding xn--mnchen-3ya.de, and decodes xn-- labels back to Unicode, following RFC 3492 exactly.

How it works

Punycode is a specific parameterisation of the more general Bootstring algorithm. Encoding a single label happens in two phases. First, every ASCII (basic) code point is copied straight to the output, followed by a hyphen delimiter if any basic characters were present. Second, the remaining non-ASCII code points are inserted one at a time in code-point order; for each insertion the algorithm emits a variable-length, base-36 number that encodes both which character it is and where it belongs. A self-adjusting bias keeps these numbers compact for typical inputs.

Decoding runs the process in reverse: the basic characters before the final hyphen are read directly, then each base-36 group is parsed back into a code point and its insertion position, rebuilding the original Unicode string.

Per-label processing and the xn— prefix

A domain is split on dots and each label is handled on its own. Labels that are already pure ASCII — including the top-level domain — pass through unchanged. Any label containing non-ASCII characters is Punycode-encoded and given the xn-- ACE prefix so resolvers know to decode it. That is why münchen.de becomes xn--mnchen-3ya.de rather than encoding the whole string at once.

Example

The German word bücher encodes to bcher-kva: the ASCII letters bcher are copied, a hyphen separates them, and kva is the base-36 suffix describing where the ü belongs. As a full domain, bücher.example becomes xn--bcher-kva.example. Note that visually similar characters from different scripts can produce look-alike domains, so always inspect the encoded form when a domain looks suspicious. Everything is computed locally in your browser.