From bbc5e6118f9ea0feeea8cddcca8a27c5109a59bb Mon Sep 17 00:00:00 2001
From: Reinis <35471680+reinismu@users.noreply.github.com>
Date: Thu, 20 Jul 2023 05:37:48 +0300
Subject: [PATCH] Experimental option to force DNS queries to use TCP (#1843)

Co-authored-by: Fernandez Ludovic <ldez@users.noreply.github.com>
---
 challenge/dns01/nameserver.go | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/challenge/dns01/nameserver.go b/challenge/dns01/nameserver.go
index 4762dc57..f346246b 100644
--- a/challenge/dns01/nameserver.go
+++ b/challenge/dns01/nameserver.go
@@ -4,6 +4,8 @@ import (
 	"errors"
 	"fmt"
 	"net"
+	"os"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -250,6 +252,13 @@ func createDNSMsg(fqdn string, rtype uint16, recursive bool) *dns.Msg {
 }
 
 func sendDNSQuery(m *dns.Msg, ns string) (*dns.Msg, error) {
+	if ok, _ := strconv.ParseBool(os.Getenv("LEGO_EXPERIMENTAL_DNS_TCP_ONLY")); ok {
+		tcp := &dns.Client{Net: "tcp", Timeout: dnsTimeout}
+		in, _, err := tcp.Exchange(m, ns)
+
+		return in, err
+	}
+
 	udp := &dns.Client{Net: "udp", Timeout: dnsTimeout}
 	in, _, err := udp.Exchange(m, ns)