IDN and punycode support in IIS

  • Article

Over the past few days I have working with investigating IDN and punycode  and have come across some common questions around the scenario that we are trying to enable. So in this post I am trying to explain these terms and what do application developers care about.

What is IDN?

IDN stands for Internationalized Doman Name. These domain contain non ASCII chars. egs of such domain names are “café”,”bücher” etc.
For more details on the history of IDN and its formation please refer to the following wikipedia article.https://en.wikipedia.org/wiki/Internationalized_domain_name 

What is punycode?

Punycode is an encoding syntax to convert the IDN to an ASCII representation. The way the conversion works is if the domain name has non ascii characters then the coverter starts the encoded string with “xn—“, copies all the ascii characters and adds a “-“ followed by the encoded value of all the non ASCII characters. For more details on the algorithm please refer to https://tools.ietf.org/html/rfc3492

Why do we care about these?

Imagine a scenario where you built your website in Brazil and called it “www.café.br”. For your website to be discovered on the internet it has to be registered with a DNS system. DNS systems have a limitation where non ASCII characters are not allowed as host name. So the DNS system will store the punycode representation of the host. eg. the punycode representation for the above name is “www.xn--caf-dma.br”

How does it all work?

When you build a site with a host name that has non ASCII characters eg. “www.café.br”, you will register the site with a DNS. The DNS entry will be something like “<IP address > www.xn--caf-dma.br

A user would make the request to the site by typing in “www.café.br”. The browser would convert this url to its punycode representation and make a request with “www.xn--caf-dma.br” to the server.

Enabling IDN and punycode support on your IIS server

These steps are based off on Win Server 2008 R2 with IIS enabled

    • Open inetmgr
    • Remove the default binding
    • Add a binding to café.br on port 80
    • Open %windir%\system32\drivers\etc\hosts and enter the punycode representation of the servername. Add the following to the file
      • 127.0.0.1 xn--caf-dma.br
    • Turn off any proxy settings so the request goes against the local DNS only.
    • Make a request to  https://café.br  and https://xn--caf-dma.br  and you should see the default page

Hopefully this would help understand the end to end scenarios around IDN and punycode and what it means for an application developer.

Resources:

https://charset.org/punycode.php

https://demo.icu-project.org/icu-bin/idnbrowser