DNS import does not work with non latin-character TLDs

[linuxens]

The ENS registration platform does not recognize DNS domains when the TLD is not latin characters. This was experimented on DNS domains where the TLDs had chinese characters, hebrew characters, and urdo characters. DNSSEC is supported on all of the TLDs and it was enabled for each domain. The DNS settings were updated with the _ens and wallet address etc etc.

The response given is: "DNS server responded with NXDOMAIN"

I have successfully imported several DNS domains with latin characters so I am experienced with making this process work. It only occurs with non-latin character TLDs. I have also tried to register them using punycode and it produces the same result of NXDOMAIN.

[linuxens]

I have determined the likely culprit of why non-latin character TLDs fail the DNS server response test.

When the ENS manager currently uses the cloudflare DNS query, it sends a base64 encoded request with the non-latin characters. This will return a failed response every time. What the cloudflare DNS query should do is send a request with the punycode of the TLD instead. So it should be: domainname.xn--9dbq2a in the request instead of domainname.קום, for example. This should be an easy fix for the ENS team.

[aoxborrow]

The DNSSEC oracle contract cannot handle IDN names because it needs the punycode of the domain to verify with DNS. I'm not sure on-chain punycoding would be an exact science, since there are collisions where multiple unicode names produce the same punycode, per @adraffy: https://discuss.ens.domains/t/dns-collisions-of-ens-names-in-browser-input/12539

See also: https://github.com/ensdomains/dnsregistrar/issues/10 https://github.com/ensdomains/dnssec-oracle/issues/54

[adraffy]

The collisions only occur because some flavor of IDNA 2003 is typically coupled with Punycode processing (eg. browser address bar). Punycode itself can encode Unicode without issue.

To better understand Punycode, I recently wrote yet-another Punycode library https://github.com/adraffy/punycode.js by directly following RFC3492. IMO, it looks straight forward to translate that to Solidity.

[aoxborrow]

A Solidity Punycode implementation would be super helpful for the Handshake -> EVM bridge we're building! Are you planning to write one by chance? 😄

[adraffy]

I have a working implementation. What exactly do you need?

This code: https://github.com/ensdomains/dnsregistrar/blob/4a0f94cb123d1a8ce22fa9ba07742fc5a73276c6/contracts/DNSRegistrar.sol#L72 Should look something like this?

uint labelLen = name.readUint8(0);
bytes memory decoded = decodeLabel(name.substring(1, labelLen)); // <----
bytes32 labelHash = decoded.keccak(1, decoded.length);

[adraffy]

https://goerli.etherscan.io/address/0xaf7f1fa8d5df0d9316394433e841321160408565#readContract