From fbe9f225ddf929a720961a2107fde1ccd47d9968 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sun, 20 Oct 2019 02:04:32 +0200
Subject: [PATCH] Reencrypt on TCP retries

---
 dnscrypt-proxy/proxy.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/dnscrypt-proxy/proxy.go b/dnscrypt-proxy/proxy.go
index 01f858c2..e065662b 100644
--- a/dnscrypt-proxy/proxy.go
+++ b/dnscrypt-proxy/proxy.go
@@ -412,7 +412,12 @@ func (proxy *Proxy) processIncomingQuery(serverInfo *ServerInfo, clientProto str
 			if serverProto == "udp" {
 				response, err = proxy.exchangeWithUDPServer(serverInfo, sharedKey, encryptedQuery, clientNonce)
 				if err == nil && len(response) >= MinDNSPacketSize && response[2]&0x02 == 0x02 {
-					dlog.Debug("Truncated response over UDP, retrying over TCP")
+					serverProto = "tcp"
+					sharedKey, encryptedQuery, clientNonce, err := proxy.Encrypt(serverInfo, query, serverProto)
+					if err != nil {
+						pluginsState.returnCode = PluginsReturnCodeParseError
+						pluginsState.ApplyLoggingPlugins(&proxy.pluginsGlobals)
+					}
 					response, err = proxy.exchangeWithTCPServer(serverInfo, sharedKey, encryptedQuery, clientNonce)
 				}
 			} else {