diff --git a/prober/dns.go b/prober/dns.go
index 184fa949..38a2323c 100644
--- a/prober/dns.go
+++ b/prober/dns.go
@@ -141,6 +141,10 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 		Name: "probe_dns_additional_rrs",
 		Help: "Returns number of entries in the additional resource record list",
 	})
+	probeDNSFlagDo := prometheus.NewGauge(prometheus.GaugeOpts{
+		Name: "probe_dns_flag_do",
+		Help: "Returns whether or not the query had the DNSSEC OK flag set",
+	})
 	probeDNSQuerySucceeded := prometheus.NewGauge(prometheus.GaugeOpts{
 		Name: "probe_dns_query_succeeded",
 		Help: "Displays whether or not the query was executed successfully",
@@ -154,6 +158,7 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 	registry.MustRegister(probeDNSAnswerRRSGauge)
 	registry.MustRegister(probeDNSAuthorityRRSGauge)
 	registry.MustRegister(probeDNSAdditionalRRSGauge)
+	registry.MustRegister(probeDNSFlagDo)
 	registry.MustRegister(probeDNSQuerySucceeded)
 
 	qc := uint16(dns.ClassINET)
@@ -257,6 +262,7 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 	msg.RecursionDesired = module.DNS.Recursion
 	msg.Question = make([]dns.Question, 1)
 	msg.Question[0] = dns.Question{dns.Fqdn(module.DNS.QueryName), qt, qc}
+	msg.SetEdns0(client.UDPSize, true)
 
 	logger.Info("Making DNS query", "target", targetIP, "dial_protocol", dialProtocol, "query", module.DNS.QueryName, "type", qt, "class", qc)
 	timeoutDeadline, _ := ctx.Deadline()
@@ -280,6 +286,12 @@ func ProbeDNS(ctx context.Context, target string, module config.Module, registry
 	probeDNSAdditionalRRSGauge.Set(float64(len(response.Extra)))
 	probeDNSQuerySucceeded.Set(1)
 
+	if opt := response.IsEdns0(); opt != nil && opt.Do() {
+		probeDNSFlagDo.Set(1)
+	} else {
+		probeDNSFlagDo.Set(0)
+	}
+
 	if qt == dns.TypeSOA {
 		probeDNSSOAGauge = prometheus.NewGauge(prometheus.GaugeOpts{
 			Name: "probe_dns_serial",