diff --git a/AUTHORS.md b/AUTHORS.md
index f8708dde1..4b8dd9e73 100644
--- a/AUTHORS.md
+++ b/AUTHORS.md
@@ -210,6 +210,7 @@ Authors
 * [Peter Conrad](https://github.com/pconrad-fb)
 * [Peter Eckersley](https://github.com/pde)
 * [Peter Mosmans](https://github.com/PeterMosmans)
+* [Phil Martin](https://github.com/frillip)
 * [Philippe Langlois](https://github.com/langloisjp)
 * [Philipp Spitzer](https://github.com/spitza)
 * [Piero Steinger](https://github.com/Jadaw1n)
diff --git a/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py b/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py
index 8cf6d9966..2c52486e2 100644
--- a/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py
+++ b/certbot-dns-rfc2136/certbot_dns_rfc2136/_internal/dns_rfc2136.py
@@ -216,6 +216,8 @@ class _RFC2136Client:
         request = dns.message.make_query(domain, dns.rdatatype.SOA, dns.rdataclass.IN)
         # Turn off Recursion Desired bit in query
         request.flags ^= dns.flags.RD
+        # Use our TSIG keyring
+        request.use_tsig(self.keyring, algorithm=self.algorithm) # type: ignore[attr-defined]
 
         try:
             try:
diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md
index 231f5c453..9403209dc 100644
--- a/certbot/CHANGELOG.md
+++ b/certbot/CHANGELOG.md
@@ -10,7 +10,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/).
 
 ### Changed
 
-*
+* DNS RFC2136 module now uses the TSIG key to check for an authoritative SOA record. Helps the use of split-horizon and multiple views in BIND9 using the key in an ACL to determine which view to use.
 
 ### Fixed