diff --git a/CHANGES b/CHANGES
index c085f85a3f..2aca18860c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+5284.	[func]		Added +unexpected command line option to dig. 
+                        By default, dig won't accept a reply from a source
+                        other than the one to which it sent the query.
+                        Invoking dig with +unexpected argument will allow it
+                        to process replies from unexpected sources.
+
 5283.	[bug]		When a response-policy zone expires, ensure that
 			its policies are removed from the RPZ summary
 			database. [GL #1146]
diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index d28bdb264e..d4dca378e6 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1674,7 +1674,7 @@ plus_option(char *option, bool is_batchfile,
 			switch (cmd[2]) {
 			case 'e':
 				FULLCHECK("unexpected");
-				lookup->accept_reply_unexpected_src = true;
+				lookup->accept_reply_unexpected_src = state;
 				break;
 			case 'k':
 				FULLCHECK("unknownformat");
diff --git a/bin/dig/dig.docbook b/bin/dig/dig.docbook
index 86125c6040..7658128f6c 100644
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -1269,6 +1269,17 @@
 	  </listitem>
 	</varlistentry>
 
+	<varlistentry>
+	  <term><option>+[no]unexpected</option></term>
+	  <listitem>
+	    <para>
+	      Accept [do not accept] answers from unexpected sources.  By
+	      default, <command>dig</command> won't accept a reply from a
+	      source other than the one to which it sent the query.
+	    </para>
+	  </listitem>
+	</varlistentry>
+
 	<varlistentry>
 	  <term><option>+[no]unknownformat</option></term>
 	  <listitem>
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index c273c497dc..06169db44d 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -621,6 +621,7 @@ make_empty_lookup(void) {
 	looknew->ttlunits = false;
 	looknew->expandaaaa = false;
 	looknew->qr = false;
+	looknew->accept_reply_unexpected_src = false;
 #ifdef HAVE_LIBIDN2
 	looknew->idnin = isatty(1)?(getenv("IDN_DISABLE") == NULL):false;
 	looknew->idnout = looknew->idnin;
@@ -766,6 +767,8 @@ clone_lookup(dig_lookup_t *lookold, bool servers) {
 	looknew->ttlunits = lookold->ttlunits;
 	looknew->expandaaaa = lookold->expandaaaa;
 	looknew->qr = lookold->qr;
+	looknew->accept_reply_unexpected_src =
+		lookold->accept_reply_unexpected_src;
 	looknew->idnin = lookold->idnin;
 	looknew->idnout = lookold->idnout;
 	looknew->udpsize = lookold->udpsize;
diff --git a/bin/tests/system/digdelv/ans6/ans.pl b/bin/tests/system/digdelv/ans6/ans.pl
old mode 100644
new mode 100755
index 90f90730db..793f796cf2
--- a/bin/tests/system/digdelv/ans6/ans.pl
+++ b/bin/tests/system/digdelv/ans6/ans.pl
@@ -67,7 +67,7 @@ for (;;) {
                 my $sendsock =
                         IO::Socket::INET->new(LocalAddr => "10.53.1.2",
                                               PeerAddr => $sock->peerhost,
-                                              PeerPort => "5300",
+                                              PeerPort => $sock->peerport,
                                               Proto => "udp") or die "$!";
                 print "**** response from ", $sendsock->sockhost, " to " ,
                       $sendsock->peerhost, " port ", $sendsock->peerport, "\n";
diff --git a/bin/tests/system/digdelv/tests.sh b/bin/tests/system/digdelv/tests.sh
index f87ece2598..d67a50cd86 100644
--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -68,6 +68,7 @@ if [ -n "$PYTHON" ] ; then
 fi
 
 if [ -x "$DIG" ] ; then
+
   n=$((n+1))
   echo_i "checking dig short form works ($n)"
   ret=0
@@ -723,6 +724,7 @@ if [ -x "$DIG" ] ; then
   status=$((status+ret))
 
   n=$((n+1))
+
   echo_i "check that dig +short +expandaaaa works ($n)"
   ret=0
   dig_with_opts @10.53.0.3 +short +expandaaaa AAAA ns2.example > dig.out.test$n 2>&1 || ret=1
@@ -744,6 +746,33 @@ if [ -x "$DIG" ] ; then
     if [ $ret -ne 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
   fi
+
+  echo_i "check that dig +unexpected works ($n)"
+  ret=0
+  dig_with_opts @10.53.0.6 +unexpected a a.example > dig.out.test$n || ret=1
+  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
+  grep 'status: NOERROR' dig.out.test$n > /dev/null || ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
+  n=$((n+1))
+  echo_i "check that dig +nounexpected works ($n)"
+  ret=0
+  dig_with_opts @10.53.0.6 +nounexpected +tries=1 +time=2 a a.example > dig.out.test$n && ret=1
+  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
+  grep "status: NOERROR" < dig.out.test$n > /dev/null && ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
+  n=$((n+1))
+  echo_i "check that dig default for +[no]unexpected (+nounexpected) works ($n)"
+  ret=0
+  dig_with_opts @10.53.0.6 +tries=1 +time=2 a a.example > dig.out.test$n && ret=1
+  grep 'reply from unexpected source' dig.out.test$n > /dev/null || ret=1
+  grep "status: NOERROR" < dig.out.test$n > /dev/null && ret=1
+  if [ $ret -ne 0 ]; then echo_i "failed"; fi
+  status=$((status+ret))
+
 else
   echo_i "$DIG is needed, so skipping these dig tests"
 fi
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 62e8a4e2a3..5796058a60 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -113,6 +113,15 @@
 
   <section xml:id="relnotes_features"><info><title>New Features</title></info>
     <itemizedlist>
+      <listitem>
+	<para>
+          Added a new command line option to <command>dig</command>:
+	  <comand>+[no]unexpected</comand>. By default, <command>dig</command>
+	  won't accept a reply from a source other than the one to which
+	  it sent the query.  Add the <command>+unexpected</command> argument
+	  to enable it to process replies from unexpected sources.
+        </para>
+      </listitem>
       <listitem>
 	<para>
 	  The GeoIP2 API from MaxMind is now supported. Geolocation support