diff --git a/net/dns/resolver/forwarder.go b/net/dns/resolver/forwarder.go
index 25703b852..00b906366 100644
--- a/net/dns/resolver/forwarder.go
+++ b/net/dns/resolver/forwarder.go
@@ -701,7 +701,9 @@ func (f *forwarder) sendTCP(ctx context.Context, fq *forwardQuery, rr resolverAn
 	ctx, cancel := context.WithTimeout(ctx, tcpQueryTimeout)
 	defer cancel()
 
-	conn, err := f.dialer.UserDial(ctx, tcpFam, ipp.String())
+	// Keeping this as SystemDial per discussion in https://github.com/tailscale/tailscale/pull/10380
+	// This would mean SplitDNS via upstreams only reachable via UserDial would not work currently.
+	conn, err := f.dialer.SystemDial(ctx, tcpFam, ipp.String())
 	if err != nil {
 		return nil, err
 	}