diff --git a/Dockerfile b/Dockerfile
index e5dcf2cb..7fa29518 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -114,7 +114,7 @@ ENV VPN_SERVICE_PROVIDER=pia \
     WIREGUARD_IMPLEMENTATION=auto \
     # PMTUD
     PMTUD_ICMP_ADDRESSES=1.1.1.1,8.8.8.8 \
-    PMTUD_TCP_ADDRESSES=1.1.1.1:443,8.8.8.8:443 \
+    PMTUD_TCP_ADDRESSES=1.1.1.1:443,8.8.8.8:443,1.1.1.1:53,8.8.8.8:53 \
     # VPN server filtering
     SERVER_REGIONS= \
     SERVER_COUNTRIES= \
diff --git a/internal/configuration/settings/pmtud.go b/internal/configuration/settings/pmtud.go
index a5692d55..6255c893 100644
--- a/internal/configuration/settings/pmtud.go
+++ b/internal/configuration/settings/pmtud.go
@@ -64,8 +64,10 @@ func (p *PMTUD) setDefaults() {
 	}
 	p.ICMPAddresses = gosettings.DefaultSlice(p.ICMPAddresses, defaultICMPAddresses)
 
-	const tlsPort = 443
+	const dnsPort, tlsPort = 53, 443
 	defaultTCPAddresses := []netip.AddrPort{
+		netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), dnsPort),
+		netip.AddrPortFrom(netip.AddrFrom4([4]byte{8, 8, 8, 8}), dnsPort),
 		netip.AddrPortFrom(netip.AddrFrom4([4]byte{1, 1, 1, 1}), tlsPort),
 		netip.AddrPortFrom(netip.AddrFrom4([4]byte{8, 8, 8, 8}), tlsPort),
 	}
diff --git a/internal/configuration/settings/settings_test.go b/internal/configuration/settings/settings_test.go
index fa865446..c0976cd9 100644
--- a/internal/configuration/settings/settings_test.go
+++ b/internal/configuration/settings/settings_test.go
@@ -39,7 +39,7 @@ func Test_Settings_String(t *testing.T) {
 |   |   └── Verbosity level: 1
 |   └── Path MTU discovery:
 |       ├── ICMP addresses: 1.1.1.1, 8.8.8.8
-|       └── TCP addresses: 1.1.1.1:443, 8.8.8.8:443
+|       └── TCP addresses: 1.1.1.1:53, 8.8.8.8:53, 1.1.1.1:443, 8.8.8.8:443
 ├── DNS settings:
 |   ├── Keep existing nameserver(s): no
 |   ├── DNS server address to use: 127.0.0.1