I’m pleased to announce the release of DNSDiag version 2.8.1. This update brings DNS Cookie support, improves user experience with automatic Extended DNS Error display, and fixes several issues with encrypted DNS protocols.
Key Features #
DNS Cookies Support
Added --cookie flag to dnsping for displaying EDNS cookies when present. This allows you to verify if your DNS resolver supports RFC 7873 DNS cookies for improved security.
Automatic Extended DNS Error Display
Extended DNS Error (EDE) messages are now always displayed when present, eliminating the need for the --ede flag. This provides better visibility into DNS resolution issues without requiring explicit configuration.
Enhanced ECS Display Format
EDNS Client Subnet output now shows source prefix length ([ECS:address/source/scope]), making it easier to see what was sent versus what was returned by the resolver.
Bug Fixes #
This release fixes hostname resolution issues with encrypted DNS protocols. Both DNS over TLS (DoT) and DNS over QUIC (DoQ) now properly handle DNS server hostnames for SNI and certificate validation. Additionally, DNS over HTTPS (DoH) and HTTP/3 no longer fail when using hostnames instead of IP addresses.
Example Usage #
$ ./dnsping.py --cookie --ecs 203.0.113.0/24 -c 5 -s 8.8.8.8 example.com
Installation #
DNSDiag 2.8.1 is available on the GitHub release page, or can be installed via:
pip install dnsdiag
or
uv tool install dnsdiag
To upgrade an existing installation:
pip install --upgrade dnsdiag
or
uv tool upgrade dnsdiag
Please report any bugs or feature requests through the GitHub issue tracker.