dnsdiag 2.9.3

What's Changed

This release focuses on bug fixes for traceroute functionality and improved user experience with better DNSSEC information display and command-line parameter validation.

Bug Fixes

TCP Traceroute Fixed: The most important fix in this release resolves a regression where dnstraceroute with TCP protocol (-T flag) would immediately fail with "No route to host" errors. During TCP traceroute operations, intermediate hosts send ICMP Time Exceeded messages when TTL expires, which the TCP stack interprets as EHOSTUNREACH errors. These errors were being unconditionally re-raised even in traceroute mode where they're expected behavior. The fix now properly handles these errors during traceroute, allowing TCP path discovery to work as intended.

QUIC and HTTP/3 Traceroute TTL Control: Previously, dnstraceroute couldn't control TTL values when using QUIC (-Q) or HTTP/3 (-3) protocols, basically breaking traceroute functionality for DoH3 and DoQ. The fix enables proper TTL manipulation for both protocols, allowing users to trace network paths to DNS-over-QUIC and DNS-over-HTTP/3 resolvers.

Timing Accuracy Improvements: Replaced dnspython library internal timing with Python's perf_counter for response time measurements across all DNS protocols. This provides more accurate and consistent latency measurements.

Better Error Handling for Modern Protocols: Improved error handling for DoH, DoH3, and DoQ protocols to display user-friendly error messages instead of Python stack traces. Connection refused errors are now treated as transient across all DNS protocols, and transient QUIC connection failures (UnexpectedEOF exceptions) are handled gracefully, allowing dnsping to continue with the next attempt.

Platform-Specific Build Fixes: Removed Windows ARM64 from the CI build matrix due to lack of pre-built cryptography dependency wheels for this platform, and corrected Windows ARM64 architecture detection in the build script to use the MSYSTEM_CARCH environment variable (that is useful in case you want to build your packages manually).

Improvements

DNSSEC Information Display: Added explanation of DNSSEC flags and Extended DNS Error (EDE) codes in dnsping output. When DNSSEC validation is enabled, users now see detailed explanations of response codes like "DNSSEC Bogus" with human-readable descriptions of what went wrong, making DNSSEC troubleshooting easier.

Command-Line Parameter Validation: Added mutual exclusivity validation to command-line parameters across all tools. Conflicting protocol flags (like -T and -H used together) now trigger clear error messages instead of unpredictable behavior, preventing user confusion and potential misdiagnosis of DNS issues.

Testing

Protocol Coverage: Enhanced CI test coverage to ensure all DNS protocols (UDP, TCP, QUIC, HTTP/3) are tested in traceroute mode, preventing future regressions in protocol-specific functionality.

---

Full Changelog: v2.9.2...v2.9.3

Installation

# Using pip
pip install --upgrade dnsdiag

# Using uvx
uvx --from dnsdiag dnsping google.com

# Using pipx
pipx install dnsdiag

Docker:

docker pull farrokhi/dnsdiag:2.9.3

Binary packages: Available for Linux (x86_64, aarch64), macOS (Intel, Apple Silicon), FreeBSD, and Windows in the release assets below.

dnsdiag 2.9.2

What's Changed

This release focuses on stability improvements, fixing several issues reported by the community and discovered through continuous testing.

Bug Fixes

Network Resilience: dnsping now survives transient network errors instead of exiting fatally. When WiFi is toggled, network cable is unplugged, or the system sleeps/resumes, dnsping prints the error message and continues with the next ping attempt, behaving like traditional ping. The fix also improves error handling and makes it platform-portable.

Answer Display: The -a flag in dnsping now displays the first answer from the response regardless of record type, with the type prepended for clarity (e.g., [RDATA: CNAME res130.qams5.on.quad9.net.] or [RDATA: A 142.250.179.174]). Previously it filtered by the requested type only, which meant CNAME responses were silently ignored.

JSONL Output: The -j flag in dnseval now outputs valid JSONL format with one JSON object per line, instead of concatenating JSON objects back-to-back. The old format was not parse-able by standard JSON parsers. Each line can now be independently parsed with tools like jq.

NSID Option Consistency: Fixed NSID EDNS option in dnsping to use bytes instead of string for consistency with the rest of the codebase and correct wire format.

Exit Code Handling: All tools now return exit code 0 when invoked with the --help flag, following standard conventions.

Race Condition Fix: Fixed a time-of-check to time-of-use race condition in dnsping that could cause negative sleep duration in the interruptible sleep loop. This was only triggered in GitHub CI tests and apparently was an edge case that only happened when a machine was too busy.

Documentation

• Updated README with JSONL output examples and jq usage patterns

---

Full Changelog: v2.9.1...v2.9.2

Installation

# Using pip
pip install --upgrade dnsdiag

# Using uvx
uvx --from dnsdiag dnsping google.com

# Using pipx
pipx install dnsdiag

Docker:

docker pull farrokhi/dnsdiag:2.9.2

Binary packages: Available for Linux (x86_64, aarch64), macOS (Intel, Apple Silicon), FreeBSD, and Windows in the release assets below.

  This follows the same structure and tone as previous releases while accurately describing the changes in v2.9.2.

dnsdiag 2.9.1 - Bugfix

What's Changed

This is a bugfix release that resolves a packaging issue affecting v2.9.0 installations from PyPI. Users experiencing ModuleNotFoundError when installing via pip or uvx should upgrade to this version immediately.

Critical Fix

Package Distribution Issue Resolved: The v2.9.0 release had a packaging configuration error that prevented root-level Python modules (dnsping, dnstraceroute, dnseval) from being included in the PyPI distribution. This caused ModuleNotFoundError when users attempted to install or run the tools via pip, uvx, or pipx. The package configuration has been corrected to ensure all modules are properly distributed.

Additional Improvements

Multithreaded DNS Evaluation: dnseval now uses concurrent evaluation when testing multiple DNS resolvers, improving evaluation times. The tool employs ThreadPoolExecutor with up to 10 worker threads for parallel testing while maintaining thread-safe output handling. Results continue to be displayed in the same order as the input file.

Cookie Display Enhancement: DNS COOKIE output in dnsping is now truncated to 8 hex characters followed by "..." in normal mode, keeping output compact and readable. Full cookie details remain available when using verbose mode.

Build & Infrastructure

• Constrained cryptography dependency to version <46 to avoid Rust compiler requirement during installation
• Updated Docker image to Python 3.14-alpine with improved ENV format

---

Full Changelog: v2.9.0...v2.9.1

Installation

# Using pip
pip install --upgrade dnsdiag

# Using uvx (now fixed!)
uvx --from dnsdiag dnsping

# Using pipx
pipx install dnsdiag

Docker

docker pull farrokhi/dnsdiag:2.9.1

Note: If you installed v2.9.0 from PyPI and experienced import errors, please upgrade to v2.9.1 to resolve the issue.

dnsdiag 2.9.0

What's Changed

New Features

• Added --nsid support to dnstraceroute for tracing paths to anycast instances (#153, #152)
• Added DNS COOKIE support to dnsping (--cookie)
• Added DoQ (DNS over QUIC) and DoH3 (DNS over HTTP/3) protocol support to dnseval (#139, #137)
• Added cache warmup behavior to dnseval for fair resolver comparisons (#138, #40)
• Added EDNS flags display in dnseval output
• Added Python 3.14 support

Improvements

• Refactored codebase with PEP 8 conventions and comprehensive type hints (#151)
• Improved CLI error handling and parameter validation across all tools
• Enhanced hostname validation to allow RFC-compliant hostnames starting with underscore
• Improved IPv6 address display with bracket wrapping for readability

Bug Fixes

• Fixed IPv4/IPv6 address family selection to default to AF_UNSPEC for automatic detection
• Fixed DoH3 feature detection to properly check HTTPVersion.H3
• Fixed hostname resolution on Windows where getaddrinfo() behaves differently
• Fixed IPv6 hostname resolution to avoid IPv4-mapped IPv6 addresses
• Fixed DNS COOKIE display in normal and verbose modes
• Fixed JSON output type consistency for float values
• Fixed premature TCP connection termination handling (#140)

Testing & CI/CD

• Added comprehensive GitHub Actions integration test workflow for Ubuntu, macOS, and Windows
• Added test markers for network, privileged, and IPv6 tests
• Integrated git-changelog for automated changelog generation

Documentation

• Cleaned up DNS resolver lists (removed dns0.eu, updated UncensoredDNS status)
• Updated DNS resolver lists with DoT/DoH hostnames and new providers

dnsdiag 2.8.1

New Features

• Added DNS Cookies support with --cookie option in dnsping (Fixes #120)

Improvements & Bug Fixes

• Extended DNS Error messages now always displayed when present
• Enhanced ECS display format to show source prefix length ([ECS:address/source/scope])
• Fixed DoH/HTTP3 hostname resolution issues
• Fixed DoT/DoQ hostname support for SNI and certificate validation
• Improved responsiveness to CTRL+C
• Removed duplicate CLI parameter in usage string

Documentation

• Updated EDNS Client Subnet examples with new display format

dnsdiag 2.8.0

New Features

• EDNS Client Subnet (ECS) Support: Added --ecs option to dnsping for testing EDNS Client Subnet behavior (Fixes #110) (#128)
• EDNS Options Display Format: Implemented compact inline format for EDNS options ([NSID:server-name], [ECS:subnet/scope], [EDE:code("text")]) to reduce output redundancy
• DoQ and DoH3 Support in dnstraceroute: Added DNS over QUIC and DNS over HTTP/3 protocol support for modern encrypted DNS tracing (#131)

Documentation

• Protocol Support Documentation: Added protocol compatibility table (UDP, TCP, DoT, DoH, DoQ, DoH3) to clarify tool capabilities
• DNS Resolver Reference Updates: Updated public DNS resolver lists with current operational status and capabilities, also added more entries (Fixes #129) (#130)

Improvements & Bug Fixes

• CLI Parameter Consistency: Standardized command line parameters across tools for consistent user experience
• Help Message Completeness: Added missing -q option and --venv parameter explanations for better usability
• Package Management: Added uv usage examples for faster Python dependency management
• macOS Compatibility: Prevented filesystem metadata creation during package operations
• EDE Display Formatting: Fixed broken ping output formatting when EDE messages are too long by truncating text in ping results while preserving full text in verbose mode

DNSDiag 2.7.0

Changelog for DNSDiag 2.7.0

New Features

• DNS over HTTP/3 (DoH3) Support: Added support for RFC 9114 DNS over HTTP3 protocol using -3 or --doh3 option in dnsping
• Improved Error Handling: Enhanced error handling for DoH3 connection failures

Breaking Changes

• Python 3.9 Support Dropped: Minimum Python version is now 3.10 due to dnspython 2.8.0 requirements
• Module Rename: Renamed util module to dnsdiag to avoid generic naming conflicts (addresses issue #122)

Improvements

• DoQ and DoH3 Enhancements: Upgraded to dnspython 2.8.0 which provides improved DoQ (DNS over QUIC) and DoH3 error handling

• Display Enhancements:

  • Fixed RTT display that was broken in previous release
  • Improved response time display
  • Better display of DNS response flags
  • Fixed EDE (Extended DNS Error) payload display to show empty string instead of "None"
  • Added quotes around EDE payload strings for better visibility

• Dependencies:

  • Upgraded dnspython dependency to 2.8.0
  • Lowered some dependency version requirements to improve compatibility

v2.6.0

What's Changed

• Add support for RFC 9250 DNS over QUIC (DoQ) protocol
• Lower dependency version requirement to improve compatibility
• Other various bug fixes

Full Changelog: v2.5.0...v2.6.0

Bug fixes and Improvements, mostly in dnsping

What's Changed

• Add RFC5001 NSID support (-n or --nsid)
• Display RFC8914 Extended DNS Errors when available (-E or --ede)
• Add ability to override default RR class (-C or --class)
• Display response TTL if applicable (-L or --ttl)
• Display first answer in RRSET, when available (-a or --answer)
• Add -x to display extra/expert information, implying Flags, EDE and
  TTL
• Display EDNS flags alongside other response flags, when available
• Always display RCODE with responses
• Add more resolvers to the default list
• Lots of bug fixes and UX improvements
• Change default behavior of --edns to disabled by default
• Always display flags in brackets

Full Changelog: v2.1.0...v2.5.0

Improved `dnsping` tool

What's Changed

• Add -m flag to enforce cache-miss
• Add -r flag to clear RD flag (disable recursion)
• Bump dependency versions to latest
• Remove support for python 3.4 - 3.6
• Other minor quality of life improvements

New Contributors

• @cpswan made their first contribution in #90
• @oBusk made their first contribution in #91
• @leleobhz made their first contribution in #94
• @xhdix made their first contribution in #93

Full Changelog: v2.0.2...v2.1.0