diff --git a/src/request-internal.c b/src/request-internal.c
index b78c19ab..a819fea0 100644
--- a/src/request-internal.c
+++ b/src/request-internal.c
@@ -84,6 +84,11 @@ getdns_dict  dnssec_ok_checking_disabled_avoid_roadblocks_spc = {
 getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks
     = &dnssec_ok_checking_disabled_avoid_roadblocks_spc;
 
+getdns_dict  no_dnssec_checking_disabled_spc = {
+	{ RBTREE_NULL, 0, (int (*)(const void *, const void *)) strcmp },
+	{ NULL, {{ NULL, NULL, NULL }}}
+};
+getdns_dict *no_dnssec_checking_disabled = &no_dnssec_checking_disabled_spc;
 
 static int
 is_extension_set(getdns_dict *extensions, const char *name, int default_value)
@@ -94,7 +99,8 @@ is_extension_set(getdns_dict *extensions, const char *name, int default_value)
 	if ( ! extensions
 	    || extensions == dnssec_ok_checking_disabled
 	    || extensions == dnssec_ok_checking_disabled_roadblock_avoidance
-	    || extensions == dnssec_ok_checking_disabled_avoid_roadblocks)
+	    || extensions == dnssec_ok_checking_disabled_avoid_roadblocks
+	    || extensions == no_dnssec_checking_disabled)
 		return 0;
 
 	r = getdns_dict_get_int(extensions, name, &value);
@@ -155,7 +161,7 @@ netreq_reset(getdns_network_req *net_req)
 
 static int
 network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
-    uint16_t request_type, int dnssec_extension_set, int with_opt,
+    uint16_t request_type, int checking_disabled, int with_opt,
     int edns_maximum_udp_payload_size,
     uint8_t edns_extended_rcode, uint8_t edns_version, int edns_do_bit,
     uint16_t opt_options_size, size_t noptions, getdns_list *options,
@@ -240,7 +246,7 @@ network_req_init(getdns_network_req *net_req, getdns_dns_req *owner,
 		_getdns_reply_dict2wire(owner->context->header, &gbuf, 1);
 	gldns_buffer_rewind(&gbuf);
 	_getdns_reply_dict2wire(extensions, &gbuf, 1);
-	if (dnssec_extension_set) /* We will do validation ourselves */
+	if (checking_disabled) /* We will do validation ourselves */
 		GLDNS_CD_SET(net_req->query);
 
 	if (with_opt) {
@@ -762,8 +768,22 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	 */
 	size_t max_query_sz, max_response_sz, netreq_sz, dnsreq_base_sz;
 	uint8_t *region, *suffixes;
+	int    checking_disabled = dnssec_extension_set;
 	
-	if (extensions == dnssec_ok_checking_disabled ||
+	if (extensions == no_dnssec_checking_disabled) {
+		dnssec_return_status = 0;
+		dnssec_return_only_secure = 0;
+		dnssec_return_all_statuses = 0;
+		dnssec_return_full_validation_chain = 0;
+		dnssec_return_validation_chain = 0;
+		dnssec_extension_set = 0;
+#ifdef DNSSEC_ROADBLOCK_AVOIDANCE
+		dnssec_roadblock_avoidance = 0;
+		avoid_dnssec_roadblocks = 0;
+#endif
+		extensions = NULL;
+		checking_disabled = 1;
+	} else if (extensions == dnssec_ok_checking_disabled ||
 	    extensions == dnssec_ok_checking_disabled_roadblock_avoidance ||
 	    extensions == dnssec_ok_checking_disabled_avoid_roadblocks)
 		extensions = NULL;
@@ -973,7 +993,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 	result->chain = NULL;
 
 	network_req_init(result->netreqs[0], result,
-	    request_type, dnssec_extension_set, with_opt,
+	    request_type, checking_disabled, with_opt,
 	    edns_maximum_udp_payload_size,
 	    edns_extended_rcode, edns_version, edns_do_bit,
 	    (uint16_t) opt_options_size, noptions, options,
@@ -984,7 +1004,7 @@ _getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,
 		network_req_init(result->netreqs[1], result,
 		    ( request_type == GETDNS_RRTYPE_A
 		    ? GETDNS_RRTYPE_AAAA : GETDNS_RRTYPE_A ),
-		    dnssec_extension_set, with_opt,
+		    checking_disabled, with_opt,
 		    edns_maximum_udp_payload_size,
 		    edns_extended_rcode, edns_version, edns_do_bit,
 		    (uint16_t) opt_options_size, noptions, options,
diff --git a/src/types-internal.h b/src/types-internal.h
index 05589f4a..6c6cf63a 100644
--- a/src/types-internal.h
+++ b/src/types-internal.h
@@ -425,6 +425,7 @@ typedef struct getdns_dns_req {
 extern getdns_dict *dnssec_ok_checking_disabled;
 extern getdns_dict *dnssec_ok_checking_disabled_roadblock_avoidance;
 extern getdns_dict *dnssec_ok_checking_disabled_avoid_roadblocks;
+extern getdns_dict *no_dnssec_checking_disabled;
 
 /* dns request utils */
 getdns_dns_req *_getdns_dns_req_new(getdns_context *context, getdns_eventloop *loop,