The Infoblox Grid supports IDNs (Internationalized Domain Names) for DNS zones and resource records to provide the flexibility of specifying domain names in non-English characters.
An IDN is a domain name that contains a language-specific script or alphabet, such as Arabic, Chinese, Russian, Devanagari, or the Latin alphabet-based characters with diacritics, such as French. IDNs are encoded in multi-byte Unicode and are decoded into ASCII strings using a standardized mechanism known as Punycode transcription. For example, DNS Zone 'инфоблокс.рф' (IDN in Russian) can be written as ‘xn--90anhdigczv.xn--p1ai’ in the punycode representation. In addition, the appliance has a built-in conversion tool to assist you in identifying and troubleshooting an IDN or the punycode representation of an IDN. For information about how to decode IDNs, see Decoding IDNs and Encoding Punycode.
The appliance supports IDNs in certain fields. For more information, see IDN Supported Fields. There are certain guidelines and limitations about IDN support. For more information, see IDN Support Limitations.
Decoding IDNs and Encoding Punycode
You can encode non-English characters into punycode and decode punycode to obtain a domain name in its original character set. You can encode IDNs and decode punycode simultaneously. You can use special characters.
To encode non-English character set into punycode and decode punycode:
- Select any tab in Grid Manager, and then click IDN Converter from the Toolbar.
- In the IDN Converter wizard, complete the following:
3. Click Close.
IDN Supported Fields
The NIOS appliance supports IDNs in all domain name fields. For information, see IDN Support For DNS Zones. You can enter non-English characters in the domain name fields through Grid Manager and the Infoblox API. The NIOS appliance does not support IDNs for data that is configurable through the Infoblox CLI commands. You can use the punycode representation to configure data through the CLI commands.
The appliance supports IDNs in the following:
- You can use UTF-8 characters when defining your own hostname checking policy. For information, see Specifying Hostname Policies.
- You can use both IDNs and punycode to search for IDN data through Global Search. For information, see Using Global Search.
- Use smart folders to organize and monitor IDN data. However, if the content in a smart folder contains IDNs, then the punycode representation is not available. For information, see Smart Folders.
- You can import data that contains IDNs in CSV format for the supported fields and objects using CSV import. For more information, see Importing and Exporting Data using CSV Import. For a list of supported record types and specific guidelines for creating a data file, refer to the Infoblox CSV Import Reference.
- The IPAM tab displays IDNs for DNS resource records associated with IP addresses, such as A records, AAAA records, hosts, and PTR records. For information, see About IP Address Management.
- The audit log entries are displayed in their original characters. The audit log contains IDN data as received by the appliance and as specified by the administrators. Note that the punycode representation generated by NIOS is not displayed in the audit log.
- When you upgrade from a previous NIOS release, the appliance converts all punycode to IDNs. If the conversion fails, the appliance retains the punycode representation to avoid upgrade failure. For information about upgrades, see Guidelines for Upgrading, Backing Up, and Restoring Data.
- When you restore a backup file from a previous NIOS release, the appliance converts all punycode to IDNs. If the conversion fails, the appliance retains the punycode representation to avoid failure to restore the database. For information, see Guidelines for Upgrading, Backing Up, and Restoring Data.
- If synchronized data between the appliance and Microsoft servers contains IDNs, the IDNs are preserved. For information, see Managing Microsoft DNS Services.
IDN Support Limitations
The appliance has the following IDN support limitations:
- F5® load balancers does not support IDNs. The NIOS appliance does not encode punycode to IDNs for F5 load balancer related objects. Only the punycode representation is available.
- Multi-Grid configuration does not support IDNs.
- The Infoblox CLI does not support IDNs.
- If a resource record containing an IDN is added to the Infoblox Grid through DDNS updates, the domain name field displays the record name in UTF-8 encoded format. For more information, see Managing Resource Records.
- The following FQDNs does not support IDNs:
- FQDN of an external DNS Server (direct or via name server group)
- FQDN of a DNS root server
- FQDN of a Microsoft server
- FQDN of an Infoblox Grid Member
- FQDN of an external authentication source (Active Directory, LDAP, OCSP, RADIUS, TACACS+)
- FQDN of an NTP server
- FQDN of a HSM SafeNet Module
- FQDN of an email relay server
- FQDN of a vSphere/ESX server
- FQDN of a Kerberos Key Distribution Center
Using IDNs for Unsupported Objects
The appliance accepts only punycode entries for objects that do not support IDNs. To use IDNs for these objects, manually convert IDNs to punycode and use the punycode representation.
Use the punycode representation of IDNs for the following:
- When you configure domain names in forwarder servers, NXDOMAIN rulesets, blacklist rules, and DNS resolver search lists.
- When you configure domain names for DHCP and DHCPv6 services, including DDNS domain name, any DHCP options that accept domain names (host-name (12) string) or lists of domain names (domain-search (119) domain-list), and DHCPv6 options that accept domain names (dhcp6.fqdn (39) string) or lists of domain names (dhcp6.domain-search (24)) domain-list.
- When you add domains in the Inclusion list and Exclusion list. For information, see Excluding Domains From Query and Response Capture.
- When you configure rules for a local RPZ and RPZ feed. For information, see Configuring Local RPZs and Configuring Infoblox Threat Intelligence Feed.
Displaying IDN Entries in Punycode
The appliance displays IDN entries in punycode for the following:
- The data of a zone for which an Infoblox Grid member is the secondary server.
- The CLI commands dig, ddns_add, ddns_delete, show dns, and set dns support punycode only. For information about CLI commands, refer to the Infoblox CLI Guide.
- All syslog entries generated by DNS.
- IDN data in database files is stored in punycode.
- The DNS cache of a Grid member that contains IDNs.
- The Reporting tab displays all report data that contains IDNs in punycode. For information, see Predefined Dashboards.