v0.2.2.1

What's New in v0.2.2.1

E2E test: real SOCKS5 CONNECT through the tunnel

• E2E now sends a real SOCKS5 CONNECT request through the DNS tunnel
• Test path: client → dnstt-client → DNS tunnel → resolver → dnstt-server → reply back
• Any SOCKS5 reply (even failure) proves bidirectional tunnel data flow
• Previous version only checked if the TCP port opened — that was local and never tested the tunnel

Default e2e timeout bumped to 30s

• DNS tunnels at MTU 50 can take 10+ seconds for the Noise handshake alone
• Old 15-20s timeout caused false failures on slow tunnel conditions
• 30s gives enough headroom while keeping scans practical

TUI bug fixed

• TUI and CLI now use the same e2e function — identical results
• Fixed false positives where all resolvers passed e2e instantly

Removed unused fields

• Test URL, Proxy Auth, and curl dependency removed
• TUI now only shows: Domain, Pubkey, Cert, Query Size, E2E Timeout

Worker recommendations for e2e

• Use --workers 5 to --workers 10 for e2e scans
• Higher worker counts overload the dnstt server and cause timeouts

IP list export

• _ips.txt file is automatically created alongside JSON output — one IP per line, ready for scripts

dnstt-client binaries included

• dnstt-client-linux and dnstt-client.exe with custom -mtu flag support

v0.2.2

What's New in v0.2.2

E2E testing completely rewritten — fast and reliable

• Old: Spawned curl through the DNS tunnel to fetch a URL. Always timed out at MTU 50 (8s cap, tunnel needs 30s+). Depended on server SOCKS proxy having internet access. Every user got 0% e2e pass rate.
• New: Verifies the dnstt Noise cryptographic handshake completes through each resolver. Proves bidirectional tunnel data flow. 0.6s per resolver instead of 20-45s. No curl, no HTTP overhead, no server internet dependency.
• Scanning 2000 resolvers with e2e now takes minutes instead of hours

Slipstream-client Linux binary included

• slipstream-client-linux-amd64 built from source and included in release
• Slipstream is Linux/macOS only (no Windows support from upstream project)

Windows: Slipstream hidden from TUI

• Cert field and slipstream-client binary check hidden on Windows since no Windows binary exists
• Windows users see only dnstt e2e options (pubkey)

Requirements for e2e testing (unchanged)

• --domain — your tunnel domain
• --pubkey — server's hex public key (64 chars)
• dnstt-client binary next to findns (download from releases)
• A running dnstt-server on your VPS with the matching private key

Without --pubkey, the scan still runs all DNS-only checks (ping, resolve, nxdomain, EDNS, tunnel). E2E step is skipped.

v0.2 — CIDR Scanning, Configurable EDNS, Robust Offline Mode

What's New

CIDR Scanning

• --cidr flag: Scan IP ranges directly — findns scan --cidr 5.52.0.0/16 --domain t.example.com
• Multiple ranges: --cidr 5.52.0.0/16 --cidr 185.51.200.0/24
• TUI Custom CIDR: New input option to type a CIDR range in the interactive UI
• Safety cap at 1M IPs to prevent OOM

Configurable EDNS Buffer Size

• --edns-size flag: Set EDNS0 UDP payload size (default 1232)
• Lower if fragmented (--edns-size 900), raise for faster tunnels (--edns-size 4096)
• TUI EDNS Size field: Configurable in the interactive config screen

Robust Offline Mode

• Zero-config: Auto-loads 7,854 bundled Iranian resolvers — no -i needed
• Auto-default output: Saves to results.json when no -o flag
• Auto-generate _ips.txt: Plain IP list alongside JSON results
• Fetch fallback: Auto-falls back to bundled resolvers when online download fails

Scan Improvements

• Preflight removed — no more checks that fail in filtered networks
• Platform-aware binary finder for dnstt-client/slipstream-client
• Worker buffer capped at workers*4 to prevent OOM

Docs

• README and GUIDE.md updated (English + Farsi)

Full Changelog: v0.1.9...v0.2

v0.1.9

v0.1.9

Bug fixes

• Fix NS delegation verification (two-strategy approach: direct NS + parent zone authoritative)
• Fix e2e pipeline failures: increase timeout to 20s, switch test URL from HTTPS to HTTP
• Fix preflight hang on filtered networks: NS check now runs all resolvers in parallel
• Fix context propagation in preflight e2e (cancel orphaned processes on input change)

New features

• Add preflight e2e tunnel check (parallel test via 18 UDP + 3 DoH resolvers, first success wins)
• DoH fallback for preflight: bypasses UDP DNS blocking entirely (port 443)
• Preflight integrated in both CLI and TUI config screen
• Non-blocking async preflight in TUI with cache invalidation on input change
• --output-ips flag for plain IP list export

Improvements

• Multi-resolver NS delegation check (18 global + regional resolvers)
• Adaptive curl timeouts for e2e tests
• Context cancellation propagation for clean process cleanup

v0.1.8 — Interactive TUI with CLI flag pass-through

What's New

Interactive TUI

• Full terminal UI: welcome → input → config → scan → results
• 7 input sources: known resolvers (7,854), CIDR light/medium/full, combined, custom file
• Dynamic config with E2E toggle, binary status check, context-sensitive help
• Live progress bars and ranked results table with scrolling

CLI Flag Pass-through

• findns tui --domain t.example.com --workers 100 --skip-ping
• All scan flags pre-populate TUI fields — edit before starting
• In-TUI "CLI Flags" option: type flags directly from the welcome screen

Double-click to Launch

• Running findns with no arguments launches the TUI
• On Windows: double-click findns.exe to open the interactive scanner

Binaries

File	Platform
findns-windows-amd64.exe	Windows x64
findns-linux-amd64	Linux x64
findns-linux-arm64	Linux ARM64
findns-darwin-amd64	macOS Intel
findns-darwin-arm64	macOS Apple Silicon

Full Changelog: v0.1.7...v0.1.8

v0.1.7

Fix EDNS0 causing false NXDOMAIN, fix resolve/tunnel on valid setups, and fix 12 scanner bugs

Highlights

• resolve/tunnel fix: NS queries replaced with random subdomain TXT queries — matches what dnstt-client actually does. Fixes setups where NS lookup returns empty but tunnel works fine (#1)
• EDNS0 fix: Broadened retry logic — any non-success Rcode triggers EDNS0-stripped retry (not just FORMERR)
• --edns flag: EDNS payload check is now opt-in (--edns), no longer automatic in pipeline
• Input dedup: Duplicate IPs/URLs are automatically removed
• Inline comments: Lines like 1.1.1.1 # Cloudflare are now supported

Bug fixes (12)

• EDNS0 retry chain: UDP+EDNS → UDP−EDNS → TCP+EDNS → TCP−EDNS
• NXDomain check uses raw UDP (no EDNS0 interference)
• E2E port pool uses buffered channel to prevent deadlock
• Slipstream e2e passes cert path correctly
• DoH tunnel check fixed (same TXT query approach)
• Workers flag wired to root command
• Chain runner respects context cancellation
• Multiple scan step fixes for edge cases

Full Changelog: v0.1.5...v0.1.7

v0.1.6 — Enhanced TUI guidance

What's new

Enhanced scan TUI

• Pre-flight checklist — validates resolvers, workers, binaries, and reminds about NS delegation before scanning
• Step description banners — each step shows what it's testing (e.g. "Verifying resolvers forward queries to your tunnel domain")
• Live pass-rate warning — alerts you mid-scan if pass rate drops below 5%
• Inter-step summary — shows pass rate and how many resolvers advance to the next step
• Post-scan next-steps — suggests manual test commands, e2e flag, and links to the guide

Previous (included)

• Diagnostic hints when 0% pass rate on resolve/tunnel, ping, or e2e steps
• Tunnel domain setup guide (section 3.6 in GUIDE.md)
• Pre-built dnstt-client binaries for Windows and Linux

Assets

File	Platform
findns-windows-amd64.exe	Windows x64
findns-linux-amd64	Linux x64
findns-linux-arm64	Linux ARM64
findns-darwin-amd64	macOS Intel
findns-darwin-arm64	macOS Apple Silicon
dnstt-client.exe	Windows x64 (pre-built)
dnstt-client-linux	Linux x64 (pre-built)

Full Changelog: v0.1.5...v0.1.6

v0.1.5

What's New

Embedded Iranian resolver data (offline support)

The binary now bundles 7,854 known Iranian DNS resolvers and 1,919 CIDR ranges — no internet needed.

Two-mode local command

• findns local -o resolvers.txt — exports pre-verified resolvers (high success rate)
• findns local -o candidates.txt --discover — generates candidate IPs from Iran's full IP space

Discovery sub-modes

• --sample N — random IPs per subnet (default: 10)
• --batch N --offset M — paginated, non-overlapping batches
• --full — all ~10.8M IPs

fetch --local updated

Now merges 7,800+ known resolvers (not raw CIDR candidates) into the fetched list.

Documentation

Updated README, GUIDE, Persian guide, and Telegraph HTML guide.

Full Changelog: v0.1.4...v0.1.5

v0.1.4

v0.1.4 — DNS Query Engine Hardening

Bug Fixes

• Fix truncated DNS responses losing NS records — Added EDNS0 (1232-byte UDP buffer) to all queries. Without it, responses over 512 bytes were silently truncated, causing tunnel checks to report "no DNS" on valid subdomain delegations.
• Add TCP fallback on truncation — When a response still exceeds UDP buffer (TC bit set), the query automatically retries over TCP.
• TCP fallback on UDP failure — If UDP is blocked entirely (middlebox/firewall), automatically falls back to TCP before giving up.
• EDNS0 FORMERR fallback — If a resolver doesn't support EDNS0 and returns FORMERR, retries without it.
• Fix SERVFAIL hiding valid NS delegations — QueryNS and QueryDoHNS now inspect the Authority section even when the resolver returns SERVFAIL, catching subdomain delegations that resolvers couldn't fully chase.
• Fix IPv6 resolver addresses — Replaced raw string concatenation (ip+":53") with net.JoinHostPort() across all DNS, EDNS, NXDOMAIN, and E2E checks. IPv6 addresses like 2001:4860:4860::8888 now work correctly.

Downloads

Platform	Binary
Linux x64	findns-linux-amd64
Linux ARM64	findns-linux-arm64
macOS x64	findns-darwin-amd64
macOS ARM64	findns-darwin-arm64
Windows x64	findns-windows-amd64.exe

v0.1.3

What's New in v0.1.3

Bug Fixes

• Fix tunnel check failing on subdomain delegations — NS records for subdomain delegations appear in the DNS Authority section, not the Answer section. Both resolve/tunnel and doh/resolve/tunnel now check both sections, fixing 0% pass rates on delegated subdomains.
• Fix Ctrl+C not saving partial results — All 12 commands now handle SIGINT gracefully and save whatever results have been collected before interruption.
• Fix binary not found when installed alongside findns — findBinary() now also searches next to the findns executable itself, so dnstt-client/slipstream-client are found when placed in the same directory.
• Fix dnstt-client not found — Improved binary discovery logic.

Features

• CIDR notation support — Input files now accept CIDR ranges (e.g. 1.2.3.0/24). Ranges are automatically expanded to individual host IPs (excluding network and broadcast addresses). Warns when expansion exceeds 100K IPs.
• --proxy-auth flag for SOCKS authentication — All e2e commands (e2e/dnstt, e2e/slipstream, doh/e2e) now support --proxy-auth user:pass for authenticated SOCKS proxies.

Docs

• Added Farsi setup guide
• Added LICENSE

Full Changelog

v0.1.1...v0.1.3