diff --git a/src/context.c b/src/context.c
index 3b4eebef..a623cec5 100644
--- a/src/context.c
+++ b/src/context.c
@@ -2603,6 +2603,7 @@ _get_context_settings(getdns_context* context) {
             }
             r |= getdns_dict_set_list(result, "dns_transport_list", transports);
         }
+        r |= getdns_dict_set_int(result, "tls_authentication", context->tls_auth);
     }
     if (context->namespace_count > 0) {
         /* create a namespace list */
@@ -2848,6 +2849,15 @@ getdns_context_get_dns_transport_list(getdns_context *context,
     return GETDNS_RETURN_GOOD;
 }
 
+getdns_return_t
+getdns_context_get_tls_authentication(getdns_context *context,
+    getdns_tls_authentication_t* value) {
+    RETURN_IF_NULL(context, GETDNS_RETURN_INVALID_PARAMETER);
+    RETURN_IF_NULL(value, GETDNS_RETURN_INVALID_PARAMETER);
+    *value = context->tls_auth;
+    return GETDNS_RETURN_GOOD;
+}
+
 getdns_return_t
 getdns_context_get_limit_outstanding_queries(getdns_context *context,
     uint16_t* value) {
diff --git a/src/dict.c b/src/dict.c
index dd59d346..822d5deb 100644
--- a/src/dict.c
+++ b/src/dict.c
@@ -996,7 +996,8 @@ getdns_pp_dict(gldns_buffer * buf, size_t indent,
 			     strcmp(item->node.key, "append_name") == 0 ||
 			     strcmp(item->node.key, "follow_redirects") == 0 ||
 				 strcmp(item->node.key, "transport") == 0 ||
-			     strcmp(item->node.key, "resolution_type") == 0) &&
+			     strcmp(item->node.key, "resolution_type") == 0 ||
+			     strcmp(item->node.key, "tls_authentication") == 0 ) &&
 			    (strval =
 			     _getdns_get_const_info(item->i.data.n)->name)) {
 				if (gldns_buffer_printf(buf, " %s", strval) < 0)
diff --git a/src/getdns/getdns_extra.h.in b/src/getdns/getdns_extra.h.in
index 919d6b05..da6c35e2 100644
--- a/src/getdns/getdns_extra.h.in
+++ b/src/getdns/getdns_extra.h.in
@@ -385,6 +385,10 @@ getdns_return_t
 getdns_context_set_tls_authentication(
     getdns_context *context, getdns_tls_authentication_t value);
 
+getdns_return_t
+getdns_context_get_tls_authentication(getdns_context *context,
+    getdns_tls_authentication_t* value);
+
 
 /* WARNING! Do not use the constants below.  They will be removed from future
  * releases.  Please use the getdns_context_set_dns_transport_list with the
diff --git a/src/libgetdns.symbols b/src/libgetdns.symbols
index 39226295..dad7cc2f 100644
--- a/src/libgetdns.symbols
+++ b/src/libgetdns.symbols
@@ -13,6 +13,7 @@ getdns_context_get_dnssec_allowed_skew
 getdns_context_get_dnssec_trust_anchors
 getdns_context_get_dns_transport
 getdns_context_get_dns_transport_list
+getdns_context_get_tls_authentication
 getdns_context_get_edns_client_subnet_private
 getdns_context_get_edns_do_bit
 getdns_context_get_edns_extended_rcode
diff --git a/src/request-internal.c b/src/request-internal.c
index 5c8de2bc..0e1beff3 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -136,6 +136,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 	net_req->debug_start_time = 0;
 	net_req->debug_end_time = 0;
 	net_req->debug_tls_auth_status = 0;
+	net_req->debug_udp = 0;
 
 	net_req->wire_data_sz = wire_data_sz;
 	if (max_query_sz) {
diff --git a/src/stub.c b/src/stub.c
index a390413a..e4689535 100644
--- a/src/stub.c
+++ b/src/stub.c
@@ -694,6 +694,7 @@ stub_tcp_write(int fd, getdns_tcp_state *tcp, getdns_network_req *netreq)
 	if (q != 0)
 		return q;
 
+	netreq->debug_udp = 0;
 	/* Do we have remaining data that we could not write before?  */
 	if (! tcp->write_buf) {
 		/* No, this is an initial write. Try to send
@@ -1302,6 +1303,7 @@ stub_udp_write_cb(void *userarg)
 	GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 
 	netreq->debug_start_time = _getdns_get_time_as_uintt64();
+	netreq->debug_udp = 1;
 	netreq->query_id = arc4random();
 	GLDNS_ID_SET(netreq->query, netreq->query_id);
 	if (netreq->opt) {
@@ -1390,6 +1392,7 @@ stub_tcp_write_cb(void *userarg)
 		return;
 
 	default:
+		netreq->debug_udp = 0;
 		netreq->query_id = (uint16_t) q;
 		GETDNS_CLEAR_EVENT(dnsreq->loop, &netreq->event);
 		GETDNS_SCHEDULE_EVENT(
diff --git a/src/types-internal.h b/src/types-internal.h
index c1ca1e3e..42293521 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -230,6 +230,7 @@ typedef struct getdns_network_req
 	uint64_t                    debug_start_time;
 	uint64_t                    debug_end_time;
 	size_t                      debug_tls_auth_status;
+    size_t                      debug_udp;
 
 	/* When more space is needed for the wire_data response than is
 	 * available in wire_data[], it will be allocated seperately.
diff --git a/src/util-internal.c b/src/util-internal.c
index 02ae659f..07672bd7 100644
--- a/src/util-internal.c
+++ b/src/util-internal.c
@@ -714,11 +714,17 @@ _getdns_create_call_debugging_dict(
 	_getdns_sockaddr_to_dict(
 	    context, &netreq->upstream->addr, &address_debug);
 
-	if (getdns_dict_set_dict(netreq_debug, "query_to", address_debug) ||
-	    getdns_dict_set_int( netreq_debug, "transport"
-	                       , netreq->upstream->transport)) {
-
+	if (getdns_dict_set_dict(netreq_debug, "query_to", address_debug)) {
 		getdns_dict_destroy(address_debug);
+		return NULL;
+	}
+	getdns_transport_list_t transport = netreq->upstream->transport;
+	/* Same upstream is used for UDP and TCP, so netreq keeps track of what
+	   was actually used for the last successful query.*/
+	if (transport == GETDNS_TRANSPORT_TCP && netreq->debug_udp == 1) {
+		transport = GETDNS_TRANSPORT_UDP;
+	}
+	if (getdns_dict_set_int( netreq_debug, "transport", transport)) {
 		getdns_dict_destroy(netreq_debug);
 		return NULL;
 	}