It is not obvious to me that DNSSEC needs EDNS as there is no mention of EDNS in the DNSSEC RFC2535. Is there some reason the EDNS feature gets used by calling out the +dnssec option? -- Jeffrey Stevens