diff --git a/lib/doh.js b/lib/doh.js
index 465d7f4..402fa78 100644
--- a/lib/doh.js
+++ b/lib/doh.js
@@ -17,7 +17,7 @@
  * @param config (object)   config object with fields: dohProvider, dohMethod, dohMediaType
  * @param log    (function) logging function to use (optional)
  */
-window.resolveEndpointsBinary = async (domain, config, log=()=>{} ) => {
+self.resolveEndpointsBinary = async (domain, config, log=()=>{} ) => {
     
     // encoder and decoder
     let enc = new TextEncoder();
@@ -344,6 +344,36 @@ window.resolveEndpointsBinary = async (domain, config, log=()=>{} ) => {
     return answers;
 }
 
+/**
+ * names of known DNS return codes
+ * to simplify debugging
+ * 
+ * https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
+ */
+let dnsReturnCodes = []
+dnsReturnCodes[0]  = 'NOERROR'   // no error
+dnsReturnCodes[1]  = 'FORMERR'   // format error
+dnsReturnCodes[2]  = 'SERVFAIL'  // server failed to complete the request
+dnsReturnCodes[3]  = 'NXDOMAIN'  // domain name does not exist
+dnsReturnCodes[4]  = 'NOTIMP'    // not implemented
+dnsReturnCodes[5]  = 'REFUSED'   // server refused to answer
+dnsReturnCodes[6]  = 'YXDOMAIN'  // name that should not exist, exists
+dnsReturnCodes[7]  = 'YXRRSET'   // RRset that should not exist, exists
+dnsReturnCodes[8]  = 'NXRRSET'   // RRset that should exist, doesn't
+dnsReturnCodes[9]  = 'NOTAUTH'   // server not authoritative for the zone, or request not authorized
+dnsReturnCodes[10] = 'NOTZONE'   // name not in the zone
+dnsReturnCodes[11] = 'DSOTYPENI' // DSO-TYPE not implemented
+// dnsReturnCodes[12] to dnsReturnCodes[15] unassigned
+dnsReturnCodes[16] = 'BADSIG'    // TSIG signature failure
+dnsReturnCodes[17] = 'BADKEY'    // bad key
+dnsReturnCodes[18] = 'BADTIME'   // signature out of time window
+dnsReturnCodes[19] = 'BADMODE'   // bad TKEY mode
+dnsReturnCodes[20] = 'BADNAME'   // duplicate key name
+dnsReturnCodes[21] = 'BADALG'    // algorithm not supported
+dnsReturnCodes[22] = 'BADTRUNC'  // bad truncation
+dnsReturnCodes[23] = 'BADCOOKIE' // bad/missing server cookie
+// the rest is unassigned / reserved for private use etc
+
 /**
  * retrieving the alternative endpoints list from DNS TXT records
  * using a DNS-over-HTTPS JSON endpoint
@@ -353,7 +383,7 @@ window.resolveEndpointsBinary = async (domain, config, log=()=>{} ) => {
  * @param domain (string)   domain name to resolve TXT records for
  * @param config (object)   config object with fields: dohProvider, dohMethod, dohMediaType
  */
-window.resolveEndpointsJSON = async (domain, config) => {
+self.resolveEndpointsJSON = async (domain, config) => {
     // pretty self-explanatory:
     // DoH provider, domain, TXT type, pretty please
     var query = `${config.dohProvider}?name=${domain}&type=TXT`
@@ -379,7 +409,11 @@ window.resolveEndpointsJSON = async (domain, config) => {
     // only Status == 0 is acceptable
     // https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml#dns-parameters-6
     if (!('Status' in response) || response.Status != 0) {
-        throw new Error(`DNS request failure, status code: ${response.Status}`)
+        let status_msg = dnsReturnCodes[response.Status]
+        if (status_msg === undefined) {
+            status_msg = "unknown error"
+        }
+        throw new Error(`DNS request failure, status code: ${response.Status} (${status_msg})`)
     }
     
     // we also do need the Answer section please