From 5d4e67fd937bef4f3ad5ec8e93174a5b6bd7dceb Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@tailscale.com>
Date: Mon, 21 Jul 2025 08:36:43 -0700
Subject: [PATCH] net/dns/recursive: set EDNS on queries

Updates tailscale/corp#30631

Change-Id: Ib88ea1bb51dd917c04f8d41bcaa6d59b9abd4f73
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
---
 net/dns/recursive/recursive.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/dns/recursive/recursive.go b/net/dns/recursive/recursive.go
index eb23004d8..fd865e37a 100644
--- a/net/dns/recursive/recursive.go
+++ b/net/dns/recursive/recursive.go
@@ -547,6 +547,7 @@ func (r *Resolver) queryNameserverProto(
 	// Prepare a message asking for an appropriately-typed record
 	// for the name we're querying.
 	m := new(dns.Msg)
+	m.SetEdns0(1232, false /* no DNSSEC */)
 	m.SetQuestion(name.WithTrailingDot(), uint16(qtype))
 
 	// Allow mocking out the network components with our exchange hook.