From c356e86457fbcf259d3b8c1f7fd1a8384f8ee260 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sat, 16 Mar 2024 15:55:37 +1100
Subject: [PATCH 1/3] Re-enable EDNS if an EDNS flag gets set to 1 by
 +ednsflags

This is consistent with +dnssec and +nsid which only re-enable
EDNS if do is set to 1 or nsid is requested.

(cherry picked from commit d74bba4fae2314818ac509088cd182d843d6b36a)
---
 bin/dig/dig.c    | 4 ++++
 bin/tools/mdig.c | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 87552be6f6..74900f4c29 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1453,6 +1453,10 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
 							     "ednsflags");
 							goto exit_or_usage;
 						}
+						if (lookup->edns == -1) {
+							lookup->edns =
+								DEFAULT_EDNS_VERSION;
+						}
 						lookup->ednsflags = num;
 						break;
 					case 'n':
diff --git a/bin/tools/mdig.c b/bin/tools/mdig.c
index ae3fd862e5..d935524b6c 100644
--- a/bin/tools/mdig.c
+++ b/bin/tools/mdig.c
@@ -1366,6 +1366,9 @@ plus_option(char *option, struct query *query, bool global) {
 							"ednsflags");
 						CHECK("parse_xint(ednsflags)",
 						      result);
+						if (query->edns == -1) {
+							query->edns = 1;
+						}
 						query->ednsflags = num;
 						break;
 					case 'o':

From e185d23d9e4b1e6d8071f021db3ff4e933b425f7 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sat, 16 Mar 2024 16:26:17 +1100
Subject: [PATCH 2/3] Test +noedns +ednsflags=non-zero-value

(cherry picked from commit 8babbd09a13772e58c07016e045207f3dd0bf179)
---
 bin/tests/system/digdelv/tests.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index 8ecac7eab4..d7393057c4 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -1098,6 +1098,14 @@ if [ -x "$DIG" ]; then
   grep -F "IN A 10.0.0.1" dig.out.test$n >/dev/null || ret=1
   if [ $ret -ne 0 ]; then echo_i "failed"; fi
   status=$((status + ret))
+
+  n=$((n + 1))
+  echo_i "check that dig +noedns +ednsflags=<nonzero> re-enables EDNS ($n)"
+  dig_with_opts @10.53.0.3 +qr +noedns +ednsflags=0x70 a.example >dig.out.test$n 2>&1 || ret=1
+  grep "; EDNS: version: 0, flags:; MBZ: 0x0070, udp: 1232" dig.out.test$n >/dev/null || ret=1
+  grep "; EDNS: version: 0, flags:; udp: 1232" dig.out.test$n >/dev/null || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status + ret))
 else
   echo_i "$DIG is needed, so skipping these dig tests"
 fi

From c4ba0d24a019c9e156a3678dabfdf951e70ad7d1 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Sat, 16 Mar 2024 16:26:47 +1100
Subject: [PATCH 3/3] Add CHANGES for [GL #4641

(cherry picked from commit b41d1820d26cec81cb890dae319a6d0ac3982883)
---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 52967a0174..9173f7c9a6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6363.	[bug]		dig/mdig +ednsflags=<non-zero-value> did not re-enable
+			EDNS if it had been disabled. [GL #4641]
+
 6361.	[bug]		Some invalid ISO 8601 durations were accepted
 			erroneously. [GL #4624]