REGEXVAULTv2.0
Web & Network/Domain
Verified Safe

Punycode / Internationalized Domain Name Regex for Python

/^(?:(?:xn--[a-zA-Z0-9]{1,59}|[a-zA-Z0-9](?:[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?)?\.)*(?:xn--[a-zA-Z0-9]{1,59}|[a-zA-Z0-9](?:[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?)$/i

What this pattern does

This page provides a comprehensive, battle-tested regular expression for matching punycode / internationalized domain name, ported and verified for Python. A rigorously tested regex reduces debugging time and protects your application from edge-case failures. The snippet below is ready to drop into your Python project — whether you're validating in a Django view, a FastAPI endpoint, or a standalone data processing script.

Python Implementation

Python
# Punycode / Internationalized Domain Name
# ReDoS-safe | RegexVault — Web & Network > Domain

import re

punycode_internationalized_domain_name_pattern = re.compile(r'^(?:(?:xn--[a-zA-Z0-9]{1,59}|[a-zA-Z0-9](?:[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?)?\.)*(?:xn--[a-zA-Z0-9]{1,59}|[a-zA-Z0-9](?:[a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])?)$')

def validate_punycode_internationalized_domain_name(value: str) -> bool:
    return bool(punycode_internationalized_domain_name_pattern.fullmatch(value))

# Example
print(validate_punycode_internationalized_domain_name("xn--nxasmq6b.com"))  # True

Test Cases

Matches (Valid)
Rejects (Invalid)
xn--nxasmq6b.comxn--.com
xn--p1aixn--toolongnamethatexceedsthemaximumlabellengthofsixtythreecharacters.com
xn--xkc2al3hye2a.xn--nxasmq6b-example.com
example.xn--nxasmq6bxn--invalid-.com
www.xn--fsq.jp

When to use this pattern

This pattern is drawn from the Web & Network > Domain category and carries a ReDoS-safe certification. That matters for Python developers because particularly important in Python web servers where CPU-bound regex operations can stall concurrent request handling. RegexVault audits patterns against known backtracking attack vectors, ensuring you have the necessary context before using this regex in a high-stakes production environment.

Common Pitfalls

Unicode homograph attacks use visually similar characters in IDNs — display Punycode form to users for any domain involving sensitive operations.

Technical Notes

IDN TLDs also use Punycode (e.g., .xn--p1ai for .рф). Always normalize and validate IDN using a dedicated library (e.g., idna in Python) rather than relying solely on regex.

Have a pattern that belongs in the vault?

Submit it for review — community-verified patterns get credited to your GitHub handle. Free submissions join the queue. Priority review available for $15.

Submit a Pattern