diff --git a/bin/dig.js b/bin/dig.js
index 3113955..925dbc5 100755
--- a/bin/dig.js
+++ b/bin/dig.js
@@ -186,6 +186,7 @@ cli.main(function (args, cli) {
 
   cli.onMessage = function (nb) {
     var packet = dnsjs.DNSPacket.parse(nb.buffer.slice(nb.byteOffset, nb.byteOffset + nb.byteLength));
+    var fail0x20;
 
     if (packet.id !== query.id) {
       console.log('ignoring packet for ', packet.question[0].name);
@@ -197,6 +198,13 @@ cli.main(function (args, cli) {
       console.log(packet);
     }
 
+    packet.question.forEach(function (q) {
+      // if (-1 === q.name.indexOf(cli.casedQuery))
+      if (q.name !== cli.casedQuery) {
+        fail0x20 = q.name;
+      }
+    });
+
     if (!cli.norecase && !cli.recase) {
       [ 'question', 'answer', 'authority', 'additional' ].forEach(function (group) {
         (packet[group]||[]).forEach(function (a) {
@@ -225,14 +233,12 @@ cli.main(function (args, cli) {
       });
     }
 
-    packet.question.forEach(function (q) {
-      // if (-1 === q.name.indexOf(cli.casedQuery))
-      if (q.name !== cli.casedQuery) {
-        console.warn("");
-        console.warn(";; Warning: DNS 0x20 security not implemented (or packet spoofed). Queried '" + cli.casedQuery + "' but got response for '" + q.name + "'.");
-        console.warn("");
-      }
-    });
+    if (fail0x20) {
+      console.warn("");
+      console.warn(";; Warning: DNS 0x20 security not implemented (or packet spoofed). Queried '" + cli.casedQuery + "' but got response for '" + fail0x20 + "'.");
+      console.warn("");
+    }
+
     console.log(';; Got answer:');
     dig.logQuestion(packet);