add +dnssec, +cdflag and +norecurse options

hdig

@@ -13,7 +13,7 @@ use constant URL_TEMPLATE => 'https://%s/dns-query';
 use constant CONTENT_TYPE => 'application/dns-message';
 use strict;
 
-my ($qname, $qtype, $qclass, $url, $debug, $insecure, $help);
+my ($qname, $qtype, $qclass, $url, $debug, $insecure, $help, $dnssec, $cdflag, $norecurse);
 
 #
 # dig-like command lines, things can appear in any order
@@ -69,6 +69,15 @@ while (scalar(@ARGV) > 0) {
 
 		}
 
+	} elsif ('+dnssec' eq $param) {
+		$dnssec = 1;
+
+	} elsif ('+cdflag' eq $param) {
+		$cdflag = 1;
+
+	} elsif ('+norecurse' eq $param) {
+		$norecurse = 1;
+
 	} elsif ($qname) {
 		print STDERR "Error: multiple query names provided\n";
 		exit;
@@ -91,6 +100,12 @@ $url = sprintf(URL_TEMPLATE, (Net::DNS::Resolver->new->nameservers)[0]) if (!$ur
 $qname =~ s/\.$//g;
 my $packet = Net::DNS::Packet->new($qname.'.', $qtype || 'A', $qclass || 'IN');
 
+$packet->header->do($dnssec);
+$packet->header->cd($cdflag);
+$packet->header->rd(!$norecurse);
+
+print STDERR $packet->string if ($debug);
+
 my $request = POST($url, 'Content-Type' => CONTENT_TYPE, 'Content' => $packet->data);
 $request->header('Accept' => CONTENT_TYPE);
 
@@ -161,6 +176,12 @@ This will get turned into the HTTPS URL above.
 
 If no URL is provided, then C<hdig> will construct one using the nameserver the system is configured with.
 
+=item * C<+dnssec>. Sets the EDNS DNSSEC OK flag.
+
+=item * C<+cdflag>. Sets the C<cd> bit in the query header.
+
+=item * C<+norecurse>. Unsets the C<rd> bit in the query header.
+
 =item * C<--insecure> or C<-k>. Disables SSL certification verification.
 
 =item * C<--debug> or C<-d>. Enables debug mode.

hdig.md

@@ -4,7 +4,7 @@
 
 # DESCRIPTION
 
-`hdig` is a simple DNS over HTTPS (DoH) client implemented using [Net::DNS](https://metacpan.org/pod/Net::DNS) and [LWP](https://metacpan.org/pod/LWP).
+`hdig` is a simple DNS over HTTPS (DoH) client implemented using [Net::DNS](https://metacpan.org/pod/Net%3A%3ADNS) and [LWP](https://metacpan.org/pod/LWP).
 
 It will construct a DNS query, send it as an HTTP request to a DoH server, and display the response in human-readable format.
 
@@ -17,7 +17,7 @@ It will construct a DNS query, send it as an HTTP request to a DoH server, and d
 `hdig` accepts similar command-line options to `dig`, and like `dig`, they can be provided in any order.
 
 - query name. mandatory.
-- query type, any RR type supported by your version of [Net::DNS](https://metacpan.org/pod/Net::DNS) will work. Defaults to `A` if unset.
+- query type, any RR type supported by your version of [Net::DNS](https://metacpan.org/pod/Net%3A%3ADNS) will work. Defaults to `A` if unset.
 - query class, defaults to `IN`.
 - URL. This may be either a fully-qualified URL such as [https://example.com/dns-query](https://example.com/dns-query) or a string of the form
 
@@ -27,6 +27,9 @@ It will construct a DNS query, send it as an HTTP request to a DoH server, and d
 
     If no URL is provided, then `hdig` will construct one using the nameserver the system is configured with.
 
+- `+dnssec`. Sets the EDNS DNSSEC OK flag.
+- `+cdflag`. Sets the `cd` bit in the query header.
+- `+norecurse`. Unsets the `rd` bit in the query header.
 - `--insecure` or `-k`. Disables SSL certification verification.
 - `--debug` or `-d`. Enables debug mode.
 - `--help` or `-h`. Displays help.