From d74bba4fae2314818ac509088cd182d843d6b36a Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sat, 16 Mar 2024 15:55:37 +1100
Subject: [PATCH 1/3] Re-enable EDNS if an EDNS flag gets set to 1 by
 +ednsflags

This is consistent with +dnssec and +nsid which only re-enable
EDNS if do is set to 1 or nsid is requested.
---
 bin/dig/dig.c    | 4 ++++
 bin/tools/mdig.c | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 291490b741..c98fa88277 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1797,6 +1797,10 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
 							     "ednsflags");
 							goto exit_or_usage;
 						}
+						if (lookup->edns == -1) {
+							lookup->edns =
+								DEFAULT_EDNS_VERSION;
+						}
 						lookup->ednsflags = num;
 						break;
 					case 'n':
diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c
index c1ac42978e..0270edb31b 100644
--- a/bin/tools/mdig.c
+++ b/bin/tools/mdig.c
@@ -1354,6 +1354,9 @@ plus_option(char *option, struct query *query, bool global) {
 							"ednsflags");
 						CHECK("parse_xint(ednsflags)",
 						      result);
+						if (query->edns == -1) {
+							query->edns = 1;
+						}
 						query->ednsflags = num;
 						break;
 					case 'o':

From 8babbd09a13772e58c07016e045207f3dd0bf179 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sat, 16 Mar 2024 16:26:17 +1100
Subject: [PATCH 2/3] Test +noedns +ednsflags=non-zero-value

---
 bin/tests/system/digdelv/tests.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 5268e05a70..f29bcccef1 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -1117,6 +1117,14 @@ if [ -x "$DIG" ]; then
   grep -F "IN A 10.0.0.1" dig.out.test$n >/dev/null || ret=1
   if [ $ret -ne 0 ]; then echo_i "failed"; fi
   status=$((status + ret))
+
+  n=$((n + 1))
+  echo_i "check that dig +noedns +ednsflags=<nonzero> re-enables EDNS ($n)"
+  dig_with_opts @10.53.0.3 +qr +noedns +ednsflags=0x70 a.example >dig.out.test$n 2>&1 || ret=1
+  grep "; EDNS: version: 0, flags:; MBZ: 0x0070, udp: 1232" dig.out.test$n >/dev/null || ret=1
+  grep "; EDNS: version: 0, flags:; udp: 1232" dig.out.test$n >/dev/null || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status + ret))
 else
   echo_i "$DIG is needed, so skipping these dig tests"
 fi

From b41d1820d26cec81cb890dae319a6d0ac3982883 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sat, 16 Mar 2024 16:26:47 +1100
Subject: [PATCH 3/3] Add CHANGES for [GL #4641

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 0e91dabf8d..b6641a3665 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6363.	[bug]		dig/mdig +ednsflags=<non-zero-value> did not re-enable
+			EDNS if it had been disabled. [GL #4641]
+
 6362.	[bug]		Reduce memory consumption of QP-trie based databases
 			by dynamically allocating the nodenames. [GL #4614]