diff --git a/CHANGES b/CHANGES
index be62c90fd0..c428ab1b5b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+6320.	[bug]		Fix a possible crash in 'dig +nssearch +nofail' and
+			'host -C' commands when one of the name servers returns
+			SERVFAIL. [GL #4508]
+
 6319.	[placeholder]
 
 6318.	[placeholder]
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 6f06f62389..b9ceaa22dd 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -4354,29 +4354,32 @@ recv_done(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,
 	if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
 	    (check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
 	{
+		const char *err = (msg->rcode == dns_rcode_servfail &&
+				   !l->servfail_stops)
+					  ? "SERVFAIL reply"
+					  : "recursion not available";
 		dig_query_t *next = ISC_LIST_NEXT(query, link);
 		if (l->current_query == query) {
 			query_detach(&l->current_query);
 		}
-		if (next != NULL) {
+		if (next != NULL && (!l->ns_search_only || l->trace_root)) {
+			dighost_comments(l,
+					 "Got %s from %s, trying next server",
+					 err, query->servname);
 			debug("sending query %p", next);
 			if (l->tcp_mode) {
 				start_tcp(next);
 			} else {
 				start_udp(next);
 			}
-			dighost_comments(l,
-					 "Got %s from %s, trying next "
-					 "server",
-					 msg->rcode == dns_rcode_servfail
-						 ? "SERVFAIL reply"
-						 : "recursion not available",
-					 query->servname);
 			if (check_if_queries_done(l, query)) {
 				goto cancel_lookup;
 			}
 
 			goto detach_query;
+		} else {
+			dighost_comments(l, "Got %s from %s", err,
+					 query->servname);
 		}
 	}