diff --git a/client/internal/dns/upstream.go b/client/internal/dns/upstream.go
index 3a05d0523..b502bf5eb 100644
--- a/client/internal/dns/upstream.go
+++ b/client/internal/dns/upstream.go
@@ -78,9 +78,10 @@ func (u *upstreamResolverBase) ServeDNS(w dns.ResponseWriter, r *dns.Msg) {
 	}()
 
 	log.WithField("question", r.Question[0]).Trace("received an upstream question")
-	// set the EDNS0 buffer size to 4096 bytes to support larger dns records
+	// set the AuthenticatedData flag and the EDNS0 buffer size to 4096 bytes to support larger dns records
 	if r.Extra == nil {
-		r.SetEdns0(4096, true)
+		r.SetEdns0(4096, false)
+		r.MsgHdr.AuthenticatedData = true
 	}
 
 	select {