Back to All Scenarios
PASSEDinfrastructure / unicode_idn_dns_failure
Unicode Domain Name (IDN) Causing DNS Resolution Failure
A customer-facing application that processes international domain names has a punycode encoding bug that causes DNS lookups to fail for domains containing non-ASCII characters. The bug was introduced in a library update and affects 15% of international customers whose email domains contain Unicode characters.
Pattern
DNS_FAILURE
Severity
CRITICAL
Confidence
95%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | DNS_FAILURE | DNS_FAILURE | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 18 linked | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
Application processing international email addresses. IDN punycode library updated from v2.x to v3.x. Breaking change in encoding behavior. 15% of international customers affected. DNS lookups failing for Unicode domains. Email delivery to affected domains completely broken.
Injected Error Messages (2)
email delivery failure for international domains — 15% of outbound emails failing with enotfound for domains containing Unicode characters, punycode library v3.0 encoding non-ASCII domains incorrectly (e.g., 'xn--nxasmq6b.com' being encoded as 'xn--nxasmq6b..com' with double dot), affected domains include IDN TLDs and internationalized email addresses, dns resolution failed for all punycode-encoded lookups, 3,400 emails queued and undeliverable in last 6 hours
dns resolution failed for punycode-encoded domains — internal resolver receiving malformed queries with double-dot in domain name from email service, NXDOMAIN responses for all IDN domains due to invalid punycode encoding, dns query log shows pattern: valid 'xn--e1afmapc.xn--p1ai' being sent as 'xn--e1afmapc..xn--p1ai', resolver correctly rejecting malformed queries, issue traced to punycode library upgrade (v2.3.1 -> v3.0.0) with breaking change in ToASCII() function
Neural Engine Root Cause Analysis
The email delivery service is failing due to a defective punycode library (v3.0) that incorrectly encodes internationalized domain names, introducing spurious double dots in the encoded output (e.g., 'xn--nxasmq6b..com' instead of 'xn--nxasmq6b.com'). This malformed encoding causes DNS resolution failures for all internationalized domains, resulting in 15% of outbound emails being queued as undeliverable. The issue is specifically impacting Unicode domain handling and IDN TLD processing, with 3,400 emails affected in 6 hours.
Remediation Plan
1. Immediately downgrade punycode library from v3.0 to the last known stable version (likely v2.x) 2. Restart the email delivery service to reload the corrected library 3. Implement DNS resolution testing for sample internationalized domains to verify fix 4. Process the 3,400 queued emails through retry mechanism 5. Monitor delivery success rates for international domains 6. Add automated testing for punycode encoding in CI/CD pipeline to prevent regression
Tested: 2026-03-30Monitors: 2 | Incidents: 2Test ID: cmnckigj309smobqewm0thrv2