diff --git a/CHANGES b/CHANGES
index 83680886ff..597b3b93c1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3994. [func] Dig now supports setting the last unassigned DNS
+ header flag bit (dig +zflag). [RT #37421]
+
3993. [func] Dig now supports EDNS negotiation by default.
(dig +[no]ednsnegotiation). [RT #37604]
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index 725c5203dd..4517c0dd5c 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -207,6 +207,7 @@ help(void) {
" +[no]aaonly (Set AA flag in query (+[no]aaflag))\n"
" +[no]adflag (Set AD flag in query)\n"
" +[no]cdflag (Set CD flag in query)\n"
+" +[no]zflag (Set Z flag in query)\n"
" +[no]cl (Control display of class in records)\n"
" +[no]cmd (Control display of command line)\n"
" +[no]comments (Control display of comment lines)\n"
@@ -1380,6 +1381,10 @@ plus_option(char *option, isc_boolean_t is_batchfile,
lookup->tcp_mode_set = ISC_TRUE;
}
break;
+ case 'z': /* zflag */
+ FULLCHECK("zflag");
+ lookup->zflag = state;
+ break;
default:
invalid_option:
need_value:
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 5a376be820..d62b35cb4b 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1024,6 +1024,16 @@
+
+
+
+
+ Set [do not set] the last unassigned DNS header flag in a
+ DNS query. This flag is off by default.
+
+
+
+
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index a171358f93..568e798518 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -808,6 +808,7 @@ make_empty_lookup(void) {
looknew->aaonly = ISC_FALSE;
looknew->adflag = ISC_FALSE;
looknew->cdflag = ISC_FALSE;
+ looknew->zflag = ISC_FALSE;
looknew->ns_search_only = ISC_FALSE;
looknew->origin = NULL;
looknew->tsigctx = NULL;
@@ -909,6 +910,7 @@ clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
looknew->aaonly = lookold->aaonly;
looknew->adflag = lookold->adflag;
looknew->cdflag = lookold->cdflag;
+ looknew->zflag = lookold->zflag;
looknew->ns_search_only = lookold->ns_search_only;
looknew->tcp_mode = lookold->tcp_mode;
looknew->tcp_mode_set = lookold->tcp_mode_set;
@@ -2414,6 +2416,11 @@ setup_lookup(dig_lookup_t *lookup) {
lookup->sendmsg->flags |= DNS_MESSAGEFLAG_CD;
}
+ if (lookup->zflag) {
+ debug("Z query");
+ lookup->sendmsg->flags |= 0x0040U;
+ }
+
dns_message_addname(lookup->sendmsg, lookup->name,
DNS_SECTION_QUESTION);
diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h
index 7c23c74fb9..fca74f1c85 100644
--- a/bin/dig/include/dig/dig.h
+++ b/bin/dig/include/dig/dig.h
@@ -114,6 +114,7 @@ struct dig_lookup {
aaonly,
adflag,
cdflag,
+ zflag,
trace, /*% dig +trace */
trace_root, /*% initial query for either +trace or +nssearch */
tcp_mode,
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index c88756e2f7..4bd37a1b0e 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -146,6 +146,12 @@
weeks, days, hours, minutes, and seconds.
+
+
+ dig +zflag can be used to set the last
+ unassigned DNS header flag bit. This bit in normally zero.
+
+
dig +dscp=value