diff --git a/CHANGES b/CHANGES
index 9742467b5d84be66c332da911ad206c25939ba06..07a8c06596ad96ef9b05e4669e12da8e1b7d576d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5079.	[func]		Disable IDN processing in dig and nslookup
+			when not on a tty. [GL #653]
+
 5078.	[cleanup]	Require python components to be explicitly disabled if
 			python is not available on unix platforms. [GL #601]
 
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 39f74be3b323cef2946d202bdb2b886e3d65fe4d..4c340689923d3a8afae70ea1af972c68afdd7e26 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -193,8 +193,10 @@ help(void) {
 "                 +[no]fail           (Don't try next server on SERVFAIL)\n"
 "                 +[no]header-only    (Send query without a question section)\n"
 "                 +[no]identify       (ID responders in short answers)\n"
-"                 +[no]idnin          (Parse IDN names)\n"
-"                 +[no]idnout         (Convert IDN response)\n"
+#ifdef HAVE_LIBIDN2
+"                 +[no]idnin          (Parse IDN names [default=on on tty])\n"
+"                 +[no]idnout         (Convert IDN response [default=on on tty])\n"
+#endif
 "                 +[no]ignore         (Don't revert to TCP for TC responses.)\n"
 "                 +[no]keepopen       (Keep the TCP socket open between queries)\n"
 "                 +[no]mapped         (Allow mapped IPv4 over IPv6)\n"
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index bd7510e38b891e4db7498bc9b6472608fb35f49c..5996b37101074dfd9047d960f3e9fd43d7adf8a2 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -789,7 +789,13 @@
 	    <para>
 	      Process [do not process] IDN domain names on input.
 	      This requires IDN SUPPORT to have been enabled at
-	      compile time.  The default is to process IDN input.
+	      compile time.
+	    </para>
+	    <para>
+	      The default is to process IDN input when standard output
+	      is a tty.  The IDN processing on input is disabled when
+	      dig output is redirected to files, pipes, and other
+	      non-tty file descriptors.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -800,7 +806,13 @@
 	    <para>
 	      Convert [do not convert] puny code on output.
 	      This requires IDN SUPPORT to have been enabled at
-	      compile time.  The default is to convert output.
+	      compile time.
+	    </para>
+	    <para>
+	      The default is to process puny code on output when
+	      standard output is a tty.  The puny code processing on
+	      output is disabled when dig output is redirected to
+	      files, pipes, and other non-tty file descriptors.
 	    </para>
 	  </listitem>
 	</varlistentry>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index aa5315d2f78301c386a134a51e14fb394eccb17b..a3bfca726db665fad912f9a421b0b4b78042d384 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -824,12 +824,12 @@ make_empty_lookup(void) {
 	looknew->seenbadcookie = false;
 	looknew->badcookie = true;
 #ifdef WITH_IDN_SUPPORT
-	looknew->idnin = true;
+	looknew->idnin = isatty(1)?(getenv("IDN_DISABLE") == NULL):false;
 #else
 	looknew->idnin = false;
 #endif
 #ifdef WITH_IDN_OUT_SUPPORT
-	looknew->idnout = true;
+	looknew->idnout = looknew->idnin;
 #else
 	looknew->idnout = false;
 #endif
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index 3aff4e984dd22390f2552d07cce33a90c8dac3d9..e41404a5a43fa69e6d0f48e04c693e2d0f935fd0 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -478,6 +478,22 @@ nslookup -query=hinfo  -timeout=10
     </para>
   </refsection>
 
+  <refsection><info><title>IDN SUPPORT</title></info>
+
+    <para>
+      If <command>nslookup</command> has been built with IDN (internationalized
+      domain name) support, it can accept and display non-ASCII domain names.
+      <command>nslookup</command> appropriately converts character encoding of
+      domain name before sending a request to DNS server or displaying a
+      reply from the server.
+      If you'd like to turn off the IDN support for some reason, define
+      the <envar>IDN_DISABLE</envar> environment variable.
+      The IDN support is disabled if the variable is set when
+      <command>nslookup</command> runs or when the standard output is not
+      a tty.
+    </para>
+  </refsection>
+
   <refsection><info><title>FILES</title></info>
 
     <para><filename>/etc/resolv.conf</filename>
diff --git a/bin/tests/system/idna/tests.sh b/bin/tests/system/idna/tests.sh
index 6637bf6828e826e9f18225ff00bc0b30db3644b8..7acb0fa5f6f5116cb9befc71b6fc352a2868c18b 100644
--- a/bin/tests/system/idna/tests.sh
+++ b/bin/tests/system/idna/tests.sh
@@ -185,11 +185,11 @@ idna_enabled_test() {
     # Note that ASCII characters are converted to lower-case.
 
     text="Checking valid non-ASCII label"
-    idna_test "$text" ""                   "München" "münchen." 
+    idna_test "$text" ""                   "München" "M\195\188nchen."
     idna_test "$text" "+noidnin +noidnout" "München" "M\195\188nchen."
     idna_test "$text" "+noidnin +idnout"   "München" "M\195\188nchen."
     idna_test "$text" "+idnin   +noidnout" "München" "xn--mnchen-3ya."
-    idna_test "$text" "+idnin   +idnout"   "München" "münchen." 
+    idna_test "$text" "+idnin   +idnout"   "München" "münchen."
 
 
     # Tests of transitional processing of a valid U-label
@@ -210,7 +210,7 @@ idna_enabled_test() {
     # for the valid U-label.
 
     text="Checking that non-transitional IDNA processing is used"
-    idna_test "$text" ""                   "faß.de" "faß.de."
+    idna_test "$text" ""                   "faß.de" "fa\195\159.de."
     idna_test "$text" "+noidnin +noidnout" "faß.de" "fa\195\159.de."
     idna_test "$text" "+noidnin +idnout"   "faß.de" "fa\195\159.de."
     idna_test "$text" "+idnin   +noidnout" "faß.de" "xn--fa-hia.de."
@@ -220,11 +220,11 @@ idna_enabled_test() {
     # onto the Greek sigma character ("σ") in IDNA2003.
 
     text="Second check that non-transitional IDNA processing is used"
-    idna_test "$text" ""                   "βόλος.com" "βόλος.com." 
+    idna_test "$text" ""                   "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
     idna_test "$text" "+noidnin +noidnout" "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
     idna_test "$text" "+noidnin +idnout"   "βόλος.com" "\206\178\207\140\206\187\206\191\207\130.com."
     idna_test "$text" "+idnin   +noidnout" "βόλος.com" "xn--nxasmm1c.com."
-    idna_test "$text" "+idnin   +idnout"   "βόλος.com" "βόλος.com." 
+    idna_test "$text" "+idnin   +idnout"   "βόλος.com" "βόλος.com."
 
 
 
@@ -238,9 +238,9 @@ idna_enabled_test() {
     # The "+[no]idnin" flag has no effect in these cases.
 
     text="Checking valid A-label"
-    idna_test "$text" ""                   "xn--nxasmq6b.com" "βόλοσ.com." 
+    idna_test "$text" ""                   "xn--nxasmq6b.com" "xn--nxasmq6b.com."
     idna_test "$text" "+noidnin +noidnout" "xn--nxasmq6b.com" "xn--nxasmq6b.com."
-    idna_test "$text" "+noidnin +idnout"   "xn--nxasmq6b.com" "βόλοσ.com." 
+    idna_test "$text" "+noidnin +idnout"   "xn--nxasmq6b.com" "βόλοσ.com."
     idna_test "$text" "+idnin +noidnout"   "xn--nxasmq6b.com" "xn--nxasmq6b.com."
     idna_test "$text" "+idnin +idnout"     "xn--nxasmq6b.com" "βόλοσ.com."
 
@@ -259,7 +259,7 @@ idna_enabled_test() {
     # a shorter label is detected and rejected.
 
     text="Checking punycode label shorter than minimum valid length"
-    idna_fail "$text" ""                   "xn--xx"
+    idna_test "$text" ""                   "xn--xx" "xn--xx."
     idna_test "$text" "+noidnin +noidnout" "xn--xx" "xn--xx."
     idna_fail "$text" "+noidnin   +idnout" "xn--xx"
     idna_fail "$text" "+idnin   +noidnout" "xn--xx"
@@ -268,7 +268,7 @@ idna_enabled_test() {
     # Fake A-label - the string does not translate to anything.
 
     text="Checking fake A-label"
-    idna_fail "$text" ""                   "xn--ahahah"
+    idna_test "$text" ""                   "xn--ahahah" "xn--ahahah."
     idna_test "$text" "+noidnin +noidnout" "xn--ahahah" "xn--ahahah."
     idna_fail "$text" "+noidnin   +idnout" "xn--ahahah"
     idna_fail "$text" "+idnin   +noidnout" "xn--ahahah"
@@ -285,7 +285,7 @@ idna_enabled_test() {
     idna_fail "$text" "+idnin   +noidnout" "$label"
     idna_fail "$text" "+idnin     +idnout" "$label"
 
-    
+
 
 
     # Tests of a valid unicode string but an invalid U-label (input)
@@ -299,7 +299,7 @@ idna_enabled_test() {
     # The +[no]idnout options should not have any effect on the test.
 
     text="Checking invalid input U-label"
-    idna_fail "$text" ""                   "🧦.com"
+    idna_test "$text" ""                   "🧦.com" "\240\159\167\166.com."
     idna_test "$text" "+noidnin +noidnout" "🧦.com" "\240\159\167\166.com."
     idna_test "$text" "+noidnin +idnout"   "🧦.com" "\240\159\167\166.com."
     idna_fail "$text" "+idnin   +noidnout" "🧦.com"
@@ -319,7 +319,7 @@ idna_enabled_test() {
     # The +[no]idnin options should not have any effect on the test.
 
     text="Checking invalid output U-label"
-    idna_fail "$text" ""                   "xn--19g"
+    idna_test "$text" ""                   "xn--19g" "xn--19g."
     idna_test "$text" "+noidnin +noidnout" "xn--19g" "xn--19g."
     idna_fail "$text" "+noidnin +idnout"   "xn--19g"
     idna_test "$text" "+idnin   +noidnout" "xn--19g" "xn--19g."
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index d9537a368780e6f045740cbb0afd281e6ddd4b6d..25566cc7466584caebbdff8d709ea68c9f2706a1 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -180,6 +180,16 @@
 	  option. [GL #105]
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  When compiled with IDN support, the <command>dig</command> and the
+	  <command>nslookup</command> commands now disable IDN processing when
+	  the standard output is not a tty (e.g. not used by human).  The command
+	  line options +idnin and +idnout need to be used to enable IDN
+	  processing when <command>dig</command> or <command>nslookup</command>
+	  is used from the shell scripts.
+	</para>
+      </listitem>
     </itemizedlist>
   </section>