diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index bc3257b..e56bcb7 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -114,7 +114,8 @@ which defaults to 1000ms. If the second parameter is given this controls
 how long the retries will continue for
 otherwise this defaults to 10000ms. Retries are repeated with exponential
 backoff. Using this option increases memory usage and
-network bandwidth.
+network bandwidth. If not otherwise configured, this option is activated
+with the default parameters when \fB--dnssec\fP is set.
 .TP
 .B \-k, --keep-in-foreground
 Do not go into the background at startup but otherwise run as
diff --git a/src/option.c b/src/option.c
index be94b8e..ee505f8 100644
--- a/src/option.c
+++ b/src/option.c
@@ -6027,6 +6027,15 @@ void read_opts(int argc, char **argv, char *compile_opts)
     }
 #endif
 
+#ifdef HAVE_DNSSEC
+  /* Default fast retry on when doing DNSSEC */
+  if (option_bool(OPT_DNSSEC_VALID) && daemon->fast_retry_time == 0)
+    {
+      daemon->fast_retry_timeout = TIMEOUT;
+      daemon->fast_retry_time = DEFAULT_FAST_RETRY;
+    }
+#endif
+  
   /* port might not be known when the address is parsed - fill in here */
   if (daemon->servers)
     {