-- If you squint, you can see some details like: TLSv1.3 (only), NSID, EDNS TCP Keepalive, and EDNS padding to thwart length analysis

bblack@dns4002:~$ kdig +tls-hostname=ns1.wikimedia.org +nsid @ns1.wikimedia.org en.wikipedia.org A
;; TLS session (TLS1.3)-(ECDHE-SECP256R1)-(ECDSA-SECP256R1-SHA256)-(CHACHA20-POLY1305)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 60073
;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1

;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1024 B; ext-rcode: NOERROR
;; Option (11): 0172
;; NSID: 646E7334303032 "dns4002"
;; PADDING: 373 B

;; QUESTION SECTION:
;; en.wikipedia.org.   		IN	A

;; ANSWER SECTION:
en.wikipedia.org.   	86400	IN	CNAME	dyna.wikimedia.org.

;; Received 468 B
;; Time 2019-12-12 21:20:07 UTC
;; From 208.80.153.231@853(TCP) in 38.4 ms