Punycode is the encoding behind IDNs. It converts a Unicode string to an ASCII representation that DNS can store and route.
Examples:
| Unicode form | Punycode form |
|---|---|
café.com | xn--caf-dma.com |
москва.рф | xn--80adxhks.xn--p1ai |
北京.中国 | xn--1lq90ic7f1rc.xn--fiqs8s |
The xn-- prefix is the IDNA (Internationalizing Domain Names in Applications) marker that tells software "this label is Punycode-encoded; decode it for display." Software that supports IDNA presents the Unicode form to users; older software that doesn't shows the raw Punycode.
The Punycode form is what actually lives in DNS — A records, MX records, etc. all attach to the Punycode-encoded name. When you register an IDN, the registry stores both forms but DNS resolution uses Punycode.
Security note: homograph attacks abuse IDN/Punycode to register domains that look identical to existing ones (e.g., Cyrillic-letter аррӏе.com vs. Latin apple.com). Modern browsers detect mixed-script domains and force-display the Punycode form to make impersonation visible. Always check the address bar carefully if a domain "looks weird."