#What is an IDN domain?

IDNs (Internationalized Domain Names) are also referred to as special character domains. Internationalized domain names contain special characters or non-latin characters.


Examples for IDNs

Special characters from the German alphabet:

  • fußball.tld
  • häuser.tld

Spanish special characters:

  • fútbol.tld

Chinese characters:

  • 足球.tld

Cyrillic characters:

  • Футбольный.tld

#Why do IDNs exist?

IDNs enable billions of people to use the internet in their national script or alphabet. Initially, letters from non-Latin fonts were not included in the Domain Name System. One could only register domains including some of the ASCII characters (a-z, 0-9 & hyphens).


With the rapid growth of the internet in Asia, the adaptation of possible characters in domain names was absolutely necessary.




Top 3 countries by % of total global internet users (source: icann.org):


2000:

  • USA 30%
  • Japan 9%
  • Germany 6%

2014:

  • China 22%
  • USA 10%
  • India 8%

Of all 16.797.696 .de domains approximately 4 % are IDN domains (status: 21.02.2021).

#How do IDNs work?

With IDN domains you can use almost all Unicode characters. In the current version these are 137,929 characters. Nevertheless, not all non-ASCII characters are allowed in all top level domains, as registries themselves can determine which exact characters can be used.


To ensure that IDNs also work for the DNS servers, a suitable procedure was developed when they were introduced. The Unicode character string (IDN notation) is converted into a valid ASCII character string using the Punycode coding process. This converted character string is called ACE-String (ACE = ASCII Compatible Encoding). The ACE string is then stored in the DNS.



Example:
küche.tld is the domain (German word for kitchen).
xn--kche-0ra.tld is the ACE-String (including the top level domain) that is registered in the DNS.




IDN domain conversion




Further examples of what an IDN looks like as an ACE string:


IDNACE-String
fußball.tldfussball.tld
häuser.tldxn--huser-gra.tld
grüße.tldxn--grsse-lva.tld
足球.tldxn--5eyx16c.tld
Футбольный­.tldxn--90aqfi­dwgh3ei­.tld

#How many characters can be used in an IDN?

The ACE string can be up to 63 characters long. The coding characters are involved in the domain length. In the case of "grüße.tld", for example, there are not 5 but 13 characters.



IDNACE-String
grüße.tldxn--grsse-lva.tld

#Problems & risks with IDNs


Problems sending or receiving e-mails

Domains with special characters can cause problems when sending and receiving e-mails in older e-mail programs. If you want to play it safe, it is recommended to also register the domain without special characters. You then use this domain for the e-mail address and the domain with special characters for the website.



Homoglyph phishing attacks

IDNs can be forged with so-called homoglyphs. These are letters that look similar to others, as is the case with 0 and O or I (i) and l (L), for example. Attackers can therefore create "fake pages" that look the same, with the URL also looking very similar. If this page is then used to query login data, great damage can be done.


The domain looks pretty similar to the original. In many cases you can hardly tell the difference:


ACE-StringIDNOriginal
xn--mlka-qpa.tldmìlka.tldmilka.tld
www.xn--le-m1­aa24e­.tldwww.­ɑƿƿle­.tldwww.­apple­.tld
www.xn--80ak­6aa92e­.tldwww.­аррӏе­.tldwww.­apple­.tld
xn--n1afa3fe.tldсіѕсо.tldcisco.tld

Many web browsers have now implemented security precautions against these attacks.