diff --git a/CHANGES b/CHANGES
index 1386f3fe94..766a01d4d7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+1488.	[bug]		Don't override trust levels for glue addresses.
+			[RT #5764]
+
 1487.	[bug]		A REQUIRE() failure could be triggered if a zone was
 			queued for transfer and the zone was then removed.
 			[RT #6189]
diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index 539c535ee6..d02ee2ecc6 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: adb.c,v 1.203 2003/02/27 02:20:15 marka Exp $ */
+/* $Id: adb.c,v 1.204 2003/07/18 04:30:01 marka Exp $ */
 
 /*
  * Implementation notes
@@ -86,6 +86,7 @@
  */
 #define ADB_CACHE_MINIMUM	10	/* seconds */
 #define ADB_CACHE_MAXIMUM	86400	/* seconds (86400 = 24 hours) */
+#define ADB_ENTRY_WINDOW	1800	/* seconds  */
 
 /*
  * Wake up every CLEAN_SECONDS and clean CLEAN_BUCKETS buckets, so that all
@@ -572,7 +573,11 @@ import_rdataset(dns_adbname_t *adbname, dns_rdataset_t *rdataset,
 	if (addr_bucket != DNS_ADB_INVALIDBUCKET)
 		UNLOCK(&adb->entrylocks[addr_bucket]);
 
-	rdataset->ttl = ttlclamp(rdataset->ttl);
+	if (rdataset->trust == dns_trust_glue ||
+	    rdataset->trust == dns_trust_additional)
+		rdataset->ttl = ADB_CACHE_MINIMUM;
+	else
+		rdataset->ttl = ttlclamp(rdataset->ttl);
 
 	if (rdtype == dns_rdatatype_a) {
 		DP(NCACHE_LEVEL, "expire_v4 set to MIN(%u,%u) import_rdataset",
@@ -3336,6 +3341,7 @@ dns_adb_adjustsrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr,
 {
 	int bucket;
 	unsigned int new_srtt;
+	isc_stdtime_t now;
 
 	REQUIRE(DNS_ADB_VALID(adb));
 	REQUIRE(DNS_ADBADDRINFO_VALID(addr));
@@ -3353,6 +3359,9 @@ dns_adb_adjustsrtt(dns_adb_t *adb, dns_adbaddrinfo_t *addr,
 	addr->entry->srtt = new_srtt;
 	addr->srtt = new_srtt;
 
+	isc_stdtime_get(&now);
+	addr->entry->expires = now + ADB_ENTRY_WINDOW;
+
 	UNLOCK(&adb->entrylocks[bucket]);
 }
 
@@ -3450,7 +3459,7 @@ dns_adb_freeaddrinfo(dns_adb_t *adb, dns_adbaddrinfo_t **addrp) {
 	bucket = addr->entry->lock_bucket;
 	LOCK(&adb->entrylocks[bucket]);
 
-	entry->expires = now + 1800;		/* XXXRTH */
+	entry->expires = now + ADB_ENTRY_WINDOW;
 
 	want_check_exit = dec_entry_refcnt(adb, entry, ISC_FALSE);
 
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 4e92ec1d22..6d73b8883b 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: resolver.c,v 1.263 2003/04/11 07:25:25 marka Exp $ */
+/* $Id: resolver.c,v 1.264 2003/07/18 04:30:01 marka Exp $ */
 
 #include <config.h>
 
@@ -3304,7 +3304,10 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, isc_stdtime_t now) {
 					eresult = DNS_R_DNAME;
 				}
 			}
-			if (rdataset->trust == dns_trust_glue) {
+			if (rdataset->trust == dns_trust_glue &&
+			    (rdataset->type == dns_rdatatype_ns ||
+		             (rdataset->type == dns_rdatatype_sig &&
+			      rdataset->covers == dns_rdatatype_ns))) {
 				/*
 				 * If the trust level is 'dns_trust_glue'
 				 * then we are adding data from a referral