diff --git a/CHANGES b/CHANGES
index 6c037b2d1f..60d25f9c9c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+4021.	[bug]		Adjust max-recursion-queries to accommodate 
+			the need for more queries when the cache is
+			empty. [RT #38104]
+
 4020.	[bug]		Change 3736 broke nsupdate's SOA MNAME discovery
 			resulting in updates being sent to the wrong server.
 			[RT #37925]
diff --git a/bin/named/config.c b/bin/named/config.c
index 6c7fe19fb5..de685e9b04 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -175,7 +175,7 @@ options {\n\
 	clients-per-query 10;\n\
 	max-clients-per-query 100;\n\
 	max-recursion-depth 7;\n\
-	max-recursion-queries 50;\n\
+	max-recursion-queries 75;\n\
 	zero-no-soa-ttl-cache no;\n\
 	nsec3-test-zone no;\n\
 	allow-new-zones no;\n\
diff --git a/bin/tests/system/reclimit/ns3/named3.conf b/bin/tests/system/reclimit/ns3/named3.conf
index 953a6adc30..23d14d8878 100644
--- a/bin/tests/system/reclimit/ns3/named3.conf
+++ b/bin/tests/system/reclimit/ns3/named3.conf
@@ -27,6 +27,7 @@ options {
 	listen-on-v6 { none; };
 	servfail-ttl 0;
 	max-recursion-depth 100;
+	max-recursion-queries 50;
 };
 
 key rndc_key {
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 398a68175b..b459d6a04d 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -9123,8 +9123,10 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 		  Sets the maximum number of iterative queries that
 		  may be sent while servicing a recursive query.
 		  If more queries are sent, the recursive query
-		  is terminated and returns SERVFAIL. The default
-		  is 50.
+		  is terminated and returns SERVFAIL. Queries to
+		  look up top level comains such as "com" and "net"
+		  and the DNS root zone are exempt from this limitation.
+		  The default is 75.
 		</para>
 	      </listitem>
 	    </varlistentry>
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index bb0c5df039..770ab73d5d 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -423,6 +423,13 @@
 	  rather than the SOA MNAME server when sending the UPDATE.
         </para>
       </listitem>
+      <listitem>
+        <para>
+	  Adjusted max-recursion-queries to accommodate the smaller
+	  initial packet sizes used in BIND 9.10 and higher when
+	  contacting authoritative servers for the first time.
+        </para>
+      </listitem>
     </itemizedlist>
   </sect2>
   <sect2 id="end_of_life">
diff --git a/lib/dns/adb.c b/lib/dns/adb.c
index 2a45dadae4..51bac51f4c 100644
--- a/lib/dns/adb.c
+++ b/lib/dns/adb.c
@@ -3893,11 +3893,11 @@ fetch_callback(isc_task_t *task, isc_event_t *ev) {
 			goto out;
 		/* XXXMLG Don't pound on bad servers. */
 		if (address_type == DNS_ADBFIND_INET) {
-			name->expire_v4 = ISC_MIN(name->expire_v4, now + 300);
+			name->expire_v4 = ISC_MIN(name->expire_v4, now + 10);
 			name->fetch_err = FIND_ERR_FAILURE;
 			inc_stats(adb, dns_resstatscounter_gluefetchv4fail);
 		} else {
-			name->expire_v6 = ISC_MIN(name->expire_v6, now + 300);
+			name->expire_v6 = ISC_MIN(name->expire_v6, now + 10);
 			name->fetch6_err = FIND_ERR_FAILURE;
 			inc_stats(adb, dns_resstatscounter_gluefetchv6fail);
 		}
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index b0f62c2e9c..b6734f8fae 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -164,7 +164,7 @@
 
 /* The default maximum number of iterative queries to allow before giving up. */
 #ifndef DEFAULT_MAX_QUERIES
-#define DEFAULT_MAX_QUERIES 50
+#define DEFAULT_MAX_QUERIES 75
 #endif
 
 /*%
@@ -3416,6 +3416,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
 
 	REQUIRE(!ADDRWAIT(fctx));
 
+	/* We've already exceeded maximum query count */
+	if (isc_counter_used(fctx->qc) > fctx->res->maxqueries) {
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+			      DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+			      "exceeded max queries resolving '%s'",
+			      fctx->info);
+		fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+		return;
+	}
+
 	addrinfo = fctx_nextaddress(fctx);
 	if (addrinfo == NULL) {
 		/*
@@ -3453,14 +3463,16 @@ fctx_try(fetchctx_t *fctx, isc_boolean_t retrying, isc_boolean_t badcache) {
 		}
 	}
 
-	result = isc_counter_increment(fctx->qc);
-	if (result != ISC_R_SUCCESS) {
-		isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
-			      DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
-			      "exceeded max queries resolving '%s'",
-			      fctx->info);
-		fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
-		return;
+	if (dns_name_countlabels(&fctx->domain) > 2) {
+		result = isc_counter_increment(fctx->qc);
+		if (result != ISC_R_SUCCESS) {
+			isc_log_write(dns_lctx, DNS_LOGCATEGORY_RESOLVER,
+				      DNS_LOGMODULE_RESOLVER, ISC_LOG_DEBUG(3),
+				      "exceeded max queries resolving '%s'",
+				      fctx->info);
+			fctx_done(fctx, DNS_R_SERVFAIL, __LINE__);
+			return;
+		}
 	}
 
 	result = fctx_query(fctx, addrinfo, fctx->options);