diff --git a/src/cli/network/search.rs b/src/cli/network/search.rs
index 1469ed2f..c4a11223 100644
--- a/src/cli/network/search.rs
+++ b/src/cli/network/search.rs
@@ -77,6 +77,21 @@ pub struct Command {
     #[clap(skip)]
     pub use_wkd_source: Option<clap::parser::ValueSource>,
 
+    #[clap(
+        long = "use-dane",
+        value_name = "ENABLE",
+        default_value = "true",
+        help = "Use DANE to search for certs",
+        long_help = config::augment_help(
+            "network.search.use-dane",
+            "Use DANE to search for certs"),
+    )]
+    pub use_dane: Option<bool>,
+
+    /// Workaround for https://github.com/clap-rs/clap/issues/3846
+    #[clap(skip)]
+    pub use_dane_source: Option<clap::parser::ValueSource>,
+
     #[clap(
         help = FileOrCertStore::HELP_OPTIONAL,
         long,
diff --git a/src/commands/config/inspect.rs b/src/commands/config/inspect.rs
index 1e394048..15314279 100644
--- a/src/commands/config/inspect.rs
+++ b/src/commands/config/inspect.rs
@@ -46,11 +46,13 @@ fn network(sq: Sq, _: inspect::network::Command) -> Result<()> {
         wwriteln!(stream=o, initial_indent = "     - ", "see below for impact");
     }
 
+    let use_dane = sq.config.network_search_use_dane(
+        Some(true), Some(ValueSource::DefaultValue));
     wwriteln!(stream=o, initial_indent = "   - ", "{}",
-              may_use("DANE", sq.config.network_search_dane()));
+              may_use("DANE", use_dane));
     wwriteln!(stream=o, initial_indent = "     - ",
               "relevant setting: network.search.use-dane");
-    if sq.config.network_search_dane() {
+    if use_dane {
         wwriteln!(stream=o, initial_indent = "     - ", "see below for impact");
     }
 
diff --git a/src/commands/network.rs b/src/commands/network.rs
index 39a13903..8a8298f7 100644
--- a/src/commands/network.rs
+++ b/src/commands/network.rs
@@ -85,6 +85,7 @@ pub fn dispatch(sq: Sq, c: cli::network::Command, matches: &ArgMatches)
         Subcommands::Search(mut command) => {
             command.servers_source = matches.value_source("servers");
             command.use_wkd_source = matches.value_source("use_wkd");
+            command.use_dane_source = matches.value_source("use_dane");
             dispatch_search(sq, command)
         },
 
@@ -905,6 +906,8 @@ pub fn dispatch_search(mut sq: Sq, c: cli::network::search::Command)
 
     let use_wkd =
         sq.config.network_search_use_wkd(c.use_wkd, c.use_wkd_source);
+    let use_dane =
+        sq.config.network_search_use_dane(c.use_dane, c.use_dane_source);
 
     let mut seen_emails = HashSet::new();
     let mut seen_fps = HashSet::new();
@@ -979,7 +982,7 @@ pub fn dispatch_search(mut sq: Sq, c: cli::network::search::Command)
             }
 
             if let Some(address) = query.as_address()
-                .filter(|_| sq.config.network_search_dane())
+                .filter(|_| use_dane)
             {
                 let a = address.to_string();
                 pb.inc_length(1);
diff --git a/src/config.rs b/src/config.rs
index d5241964..ad195993 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -83,7 +83,7 @@ pub struct Config {
     network_search_use_wkd: Option<bool>,
 
     /// Whether network search should use DANE.
-    network_search_dane: bool,
+    network_search_use_dane: Option<bool>,
 
     /// The location of the backend server executables.
     servers_path: Option<PathBuf>,
@@ -107,7 +107,7 @@ impl Default for Config {
             key_servers: None,
             network_search_iterations: 3,
             network_search_use_wkd: None,
-            network_search_dane: true,
+            network_search_use_dane: None,
             servers_path: None,
         }
     }
@@ -353,8 +353,23 @@ impl Config {
     }
 
     /// Returns whether network search should use DANE.
-    pub fn network_search_dane(&self) -> bool {
-        self.network_search_dane
+    ///
+    /// Handles the precedence of the various sources:
+    ///
+    /// - If the flag is given, use the given value.
+    /// - If the command line flag is not given, then
+    ///   - use the value from the configuration file (if any),
+    ///   - or use the default value.
+    pub fn network_search_use_dane(&self, cli: Option<bool>,
+                                  source: Option<ValueSource>)
+                                  -> bool
+    {
+        let cli = cli.expect("has a default");
+        match source.expect("set by the cli parser") {
+            ValueSource::DefaultValue =>
+                self.network_search_use_dane.unwrap_or(cli),
+            _ => cli,
+        }
     }
 
     /// Returns the path to the backend servers.
@@ -1279,7 +1294,7 @@ fn apply_network_search_iterations(config: &mut Option<&mut Config>,
 
 /// Validates the `network.search.use-dane` value.
 fn apply_network_search_use_dane(config: &mut Option<&mut Config>,
-                                 _cli: &mut Option<&mut Augmentations>,
+                                 cli: &mut Option<&mut Augmentations>,
                                  path: &str, item: &Item)
                                  -> Result<()>
 {
@@ -1287,7 +1302,11 @@ fn apply_network_search_use_dane(config: &mut Option<&mut Config>,
         .ok_or_else(|| Error::bad_item_type(path, item, "bool"))?;
 
     if let Some(config) = config {
-        config.network_search_dane = s;
+        config.network_search_use_dane = Some(s);
+    }
+
+    if let Some(cli) = cli {
+        cli.insert("network.search.use-dane", s.to_string());
     }
 
     Ok(())