diff --git a/bin/named/server.c b/bin/named/server.c
index 781d9e013d..2836429de3 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -2557,6 +2557,13 @@ configure_rpz(dns_view_t *view, const cfg_obj_t **maps,
 		zones->p.qname_wait_recurse = false;
 	}
 
+	sub_obj = cfg_tuple_get(rpz_obj, "nsdname-wait-recurse");
+	if (cfg_obj_isvoid(sub_obj) || cfg_obj_asboolean(sub_obj)) {
+		zones->p.nsdname_wait_recurse = true;
+	} else {
+		zones->p.nsdname_wait_recurse = false;
+	}
+
 	sub_obj = cfg_tuple_get(rpz_obj, "nsip-wait-recurse");
 	if (cfg_obj_isvoid(sub_obj) || cfg_obj_asboolean(sub_obj)) {
 		zones->p.nsip_wait_recurse = true;
diff --git a/lib/dns/include/dns/rpz.h b/lib/dns/include/dns/rpz.h
index 4e834d7fe4..966aaee0ed 100644
--- a/lib/dns/include/dns/rpz.h
+++ b/lib/dns/include/dns/rpz.h
@@ -203,6 +203,7 @@ struct dns_rpz_popt {
 	bool		break_dnssec;
 	bool		qname_wait_recurse;
 	bool		nsip_wait_recurse;
+	bool		nsdname_wait_recurse;
 	unsigned int	min_ns_labels;
 	dns_rpz_num_t	num_zones;
 };
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index d3b0d6a41f..55e16c997b 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -1736,6 +1736,7 @@ static cfg_tuplefielddef_t rpz_fields[] = {
 	{ "min-update-interval", &cfg_type_duration, 0 },
 	{ "min-ns-dots", &cfg_type_uint32, 0 },
 	{ "nsip-wait-recurse", &cfg_type_boolean, 0 },
+	{ "nsdname-wait-recurse", &cfg_type_boolean, 0 },
 	{ "qname-wait-recurse", &cfg_type_boolean, 0 },
 	{ "recursive-only", &cfg_type_boolean, 0 },
 	{ "nsip-enable", &cfg_type_boolean, 0 },
diff --git a/lib/ns/query.c b/lib/ns/query.c
index 482b3f3b01..a503109db0 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -2826,7 +2826,10 @@ rpz_rrset_find(ns_client_t *client, dns_name_t *name, dns_rdatatype_t type,
 		 */
 		if (rpz_type == DNS_RPZ_TYPE_IP) {
 			result = DNS_R_NXRRSET;
-		} else if (!client->view->rpzs->p.nsip_wait_recurse) {
+		} else if (!client->view->rpzs->p.nsip_wait_recurse ||
+			   (!client->view->rpzs->p.nsdname_wait_recurse &&
+			    rpz_type == DNS_RPZ_TYPE_NSDNAME))
+		{
 			query_rpzfetch(client, name, type);
 			result = DNS_R_NXRRSET;
 		} else {