diff --git a/dns/doh.go b/dns/doh.go
index 99c22cb1..7e4ed469 100644
--- a/dns/doh.go
+++ b/dns/doh.go
@@ -3,6 +3,7 @@ package dns
 import (
 	"bytes"
 	"context"
+	"crypto/tls"
 	"io"
 	"net"
 	"net/http"
@@ -102,6 +103,10 @@ func newDoHClient(url, iface string, r *Resolver) *dohClient {
 
 				return dialer.DialContext(ctx, "tcp", net.JoinHostPort(ip.String(), port), options...)
 			},
+			TLSClientConfig: &tls.Config{
+				// alpn identifier, see https://tools.ietf.org/html/draft-hoffman-dprive-dns-tls-alpn-00#page-6
+				NextProtos: []string{"dns"},
+			},
 		},
 	}
 }
diff --git a/dns/util.go b/dns/util.go
index d25f5731..99590d63 100644
--- a/dns/util.go
+++ b/dns/util.go
@@ -63,8 +63,6 @@ func transform(servers []NameServer, resolver *Resolver) []dnsClient {
 			Client: &D.Client{
 				Net: s.Net,
 				TLSConfig: &tls.Config{
-					// alpn identifier, see https://tools.ietf.org/html/draft-hoffman-dprive-dns-tls-alpn-00#page-6
-					NextProtos: []string{"dns"},
 					ServerName: host,
 				},
 				UDPSize: 4096,