diff --git a/CHANGELOG b/CHANGELOG
index 34f3d56..5a3a35e 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -39,6 +39,11 @@ version 2.77
 	    For example --cname=*.example.com,default.example.com
 	    Thanks to Pro Backup for sponsoring this development.
 
+	    Bump the allowed backlog of TCP connections from 5 to 32,
+	    and make this a compile-time configurable option. Thanks
+	    to Donatas Abraitis for diagnosing this as a potential
+	    problem.
+
 
 version 2.76
             Include 0.0.0.0/8 in DNS rebind checks. This range 
diff --git a/src/config.h b/src/config.h
index 80a50e1..4833d49 100644
--- a/src/config.h
+++ b/src/config.h
@@ -18,6 +18,7 @@
 #define MAX_PROCS 20 /* max no children for TCP requests */
 #define CHILD_LIFETIME 150 /* secs 'till terminated (RFC1035 suggests > 120s) */
 #define TCP_MAX_QUERIES 100 /* Maximum number of queries per incoming TCP connection */
+#define TCP_BACKLOG 32  /* kernel backlog limit for TCP connections */
 #define EDNS_PKTSZ 4096 /* default max EDNS.0 UDP packet from RFC5625 */
 #define SAFE_PKTSZ 1280 /* "go anywhere" UDP packet size */
 #define KEYBLOCK_LEN 40 /* choose to mininise fragmentation when storing DNSSEC keys */
diff --git a/src/network.c b/src/network.c
index d87d08f..6169827 100644
--- a/src/network.c
+++ b/src/network.c
@@ -746,7 +746,7 @@ static int make_sock(union mysockaddr *addr, int type, int dienow)
   
   if (type == SOCK_STREAM)
     {
-      if (listen(fd, 5) == -1)
+      if (listen(fd, TCP_BACKLOG) == -1)
 	goto err;
     }
   else if (family == AF_INET)