diff --git a/README.md b/README.md
index 00ce417b..9d1807aa 100644
--- a/README.md
+++ b/README.md
@@ -89,7 +89,7 @@ GLOBAL OPTIONS:
    --exclude, -x [--exclude option --exclude option]			Explicitly disallow solvers by name from being used. Solvers: "http-01", "tls-sni-01".
    --http 								Set the port and interface to use for HTTP based challenges to listen on. Supported: interface:port or :port
    --tls 								Set the port and interface to use for TLS based challenges to listen on. Supported: interface:port or :port
-   --dns 								Enable the DNS challenge for solving using a provider.
+   --dns 								Solve a DNS challenge using the specified provider. Disables all other solvers.
 									Credentials for providers have to be passed through environment variables.
 									For a more detailed explanation of the parameters, please see the online docs.
 									Valid providers:
@@ -125,9 +125,11 @@ $ lego --email="foo@bar.com" --domains="example.com" renew
 Obtain a certificate using the DNS challenge and AWS Route 53:
 
 ```bash
-$ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" --exclude="http-01" --exclude="tls-sni-01" run
+$ AWS_REGION=us-east-1 AWS_ACCESS_KEY_ID=my_id AWS_SECRET_ACCESS_KEY=my_key lego --email="foo@bar.com" --domains="example.com" --dns="route53" run
 ```
 
+Note that `--dns=foo` implies `--exclude=http-01` and `--exclude=tls-sni-01`. lego will not attempt other challenges if you've told it to use DNS instead.
+
 lego defaults to communicating with the production Let's Encrypt ACME server. If you'd like to test something without issuing real certificates, consider using the staging endpoint instead:
 
 ```bash
diff --git a/cli.go b/cli.go
index 3851c455..ba216d07 100644
--- a/cli.go
+++ b/cli.go
@@ -112,7 +112,7 @@ func main() {
 		},
 		cli.StringFlag{
 			Name: "dns",
-			Usage: "Enable the DNS challenge for solving using a provider." +
+			Usage: "Solve a DNS challenge using the specified provider. Disables all other challenges." +
 				"\n\tCredentials for providers have to be passed through environment variables." +
 				"\n\tFor a more detailed explanation of the parameters, please see the online docs." +
 				"\n\tValid providers:" +
diff --git a/cli_handlers.go b/cli_handlers.go
index 42e3fece..fb7e54bb 100644
--- a/cli_handlers.go
+++ b/cli_handlers.go
@@ -83,6 +83,10 @@ func setup(c *cli.Context) (*Configuration, *Account, *acme.Client) {
 		}
 
 		client.SetChallengeProvider(acme.DNS01, provider)
+
+		// --dns=foo indicates that the user specifically want to do a DNS challenge
+		// infer that the user also wants to exclude all other challenges
+		client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
 	}
 
 	return conf, acc, client