Allowed Characters in DNS names in unbound's local data: IDN

Patrik Fältström paf at
Thu Nov 28 13:18:15 UTC 2019

On 28 Nov 2019, at 13:22, Ron Varburg via Unbound-users wrote:

>  I think, though I haven't checked, that:
> 1. IDN is designed so that each byte, on 8 bit boundaries, would look like a printable ASCII character.

Correct, and this is called A-Label which can be converted to and from a U-Label without any loss.

> 2. Therefore, any DNS software would support it out of the box, without being aware of it.


> So just meet IDN restrictions in your plans to your org DNS Names/CNAME, unbound local data, whatever.

That is exactly how it works. You do place the A-Label in the DNS config, and things will work just fine. Not the U-Label.


> On Wednesday, November 27, 2019, 9:33:42 PM GMT, Patrik Fältström <paf at> wrote:
>  What is called "IDNA2008" is in use "all over the place" and is the way of encoding Unicode so that the encoded strings can be used as domain names.
>   Patrik Fältström
> On 27 Nov 2019, at 8:51, Ron Varburg via Unbound-users wrote:
>>   Does related
>> to your question? Even if it does, I wonder myself how much it is used.    On Tuesday, November 26, 2019, 3:04:31 PM GMT, Shanmuga Rao via Unbound-users <unbound-users at> wrote:
>>   Hello, 
>> We are planning to use unbound to perform DNS overrides for traffic  redirection in certain locations within our org.  I was wondering if there are any restrictions imposed on the DNS Names/CNAMEs we would add in the unbound.conf under local zone and data? 
>> For example, AD DNS contains a list of characters that are not allowed, list of characters/digits a record should not start with etc. Do the same rule apply to unbound as well or can we go a bit crazy with our naming conventions ?
>> I apologize in advance If there is already some documentation on this.  Please redirect me to them if available. 
>> Thanks!! 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Unbound-users mailing list