diff --git a/CHANGES b/CHANGES
index a053d76407d5417cd8b7ae1981257e602b1263cc..eeba7ed7ba84521f1182ce941a4b2e0f1bb73f47 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,9 @@
+5139.	[bug]		If possible, don't use forwarders when priming.
+			This ensures we can get root server IP addresses
+			from priming query response glue, which may not
+			be present if the forwarding server is returning
+			minimal responses. [GL #752]
+
 5134.	[bug]		win32: WSAStartup was not called before getservbyname
 			was called. [GL #590]
 
diff --git a/bin/tests/system/forward/ns4/named.conf.in b/bin/tests/system/forward/ns4/named.conf.in
index 480530b0f27cb1e59f15abf79a951027114338f3..643e1271b53ae85e91a169413259afe84dfe1fee 100644
--- a/bin/tests/system/forward/ns4/named.conf.in
+++ b/bin/tests/system/forward/ns4/named.conf.in
@@ -17,6 +17,9 @@ options {
 	pid-file "named.pid";
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
+	recursion yes;
+	dnssec-validation yes;
+	minimal-responses yes;
 };
 
 zone "." {
diff --git a/bin/tests/system/forward/ns7/named.conf.in b/bin/tests/system/forward/ns7/named.conf.in
new file mode 100644
index 0000000000000000000000000000000000000000..d9f5e8a9db5a09745c37d044b925e914a8b4f060
--- /dev/null
+++ b/bin/tests/system/forward/ns7/named.conf.in
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	query-source address 10.53.0.7;
+	notify-source 10.53.0.7;
+	transfer-source 10.53.0.7;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.7; };
+	listen-on-v6 { none; };
+	forwarders { 10.53.0.4; };
+	forward first;
+	dnssec-validation yes;
+};
+
+zone "." {
+	type hint;
+	file "root.db";
+};
diff --git a/bin/tests/system/forward/ns7/root.db b/bin/tests/system/forward/ns7/root.db
new file mode 100644
index 0000000000000000000000000000000000000000..7346810ba6aa8b552ff02ded71f21c22c9cb7018
--- /dev/null
+++ b/bin/tests/system/forward/ns7/root.db
@@ -0,0 +1,28 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example1		NS	ns.example1
+ns.example1		A	10.53.0.1
+
+example2		NS	ns.example2
+ns.example2		A	10.53.0.1
+
+example3		NS	ns.example3
+ns.example3		A	10.53.0.1
diff --git a/bin/tests/system/forward/setup.sh b/bin/tests/system/forward/setup.sh
index c63aeb10d2a345e3dba4055bab5ed62de0d54ce3..d64579e590fbbe8db01b4e1d6295aad73c82e23f 100644
--- a/bin/tests/system/forward/setup.sh
+++ b/bin/tests/system/forward/setup.sh
@@ -18,3 +18,4 @@ copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns7/named.conf.in ns7/named.conf
diff --git a/bin/tests/system/forward/tests.sh b/bin/tests/system/forward/tests.sh
index 3e6064a043600189c9f9cddc05aa37a872789f77..8fd22fc837b8fb1573f2134139a42393f424523c 100644
--- a/bin/tests/system/forward/tests.sh
+++ b/bin/tests/system/forward/tests.sh
@@ -147,5 +147,17 @@ if [ $sent -ne 1 ]; then ret=1; fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+echo_i "checking that priming queries are not forwarded"
+ret=0
+$DIG $DIGOPTS +noadd +noauth txt.example1. txt @10.53.0.7 > dig.out.f7 || ret=1
+sent=`sed -n '/sending packet to 10.53.0.1/,/^$/p' ns7/named.run | grep ";.*IN.*NS" | wc -l`
+[ $sent -eq 1 ] || ret=1
+sent=`grep "10.53.0.7#.* (.): query '\./NS/IN' approved" ns4/named.run | wc -l`
+[ $sent -eq 0 ] || ret=1
+sent=`grep "10.53.0.7#.* (.): query '\./NS/IN' approved" ns1/named.run | wc -l`
+[ $sent -eq 1 ] || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
diff --git a/lib/dns/include/dns/resolver.h b/lib/dns/include/dns/resolver.h
index 45dc900472607fe33996d7875c006249653cd546..5b2ce0cd8c2d7eaf9695d099886b55361f7af4bf 100644
--- a/lib/dns/include/dns/resolver.h
+++ b/lib/dns/include/dns/resolver.h
@@ -91,23 +91,25 @@ typedef enum {
 /*
  * Options that modify how a 'fetch' is done.
  */
-#define DNS_FETCHOPT_TCP		0x0001	     /*%< Use TCP. */
-#define DNS_FETCHOPT_UNSHARED		0x0002	     /*%< See below. */
-#define DNS_FETCHOPT_RECURSIVE		0x0004	     /*%< Set RD? */
-#define DNS_FETCHOPT_NOEDNS0		0x0008	     /*%< Do not use EDNS. */
-#define DNS_FETCHOPT_FORWARDONLY	0x0010	     /*%< Only use forwarders. */
-#define DNS_FETCHOPT_NOVALIDATE		0x0020	     /*%< Disable validation. */
-#define DNS_FETCHOPT_EDNS512		0x0040	     /*%< Advertise a 512 byte
-							  UDP buffer. */
-#define DNS_FETCHOPT_WANTNSID		0x0080	     /*%< Request NSID */
-#define DNS_FETCHOPT_PREFETCH		0x0100	     /*%< Do prefetch */
-#define DNS_FETCHOPT_NOCDFLAG		0x0200	     /*%< Don't set CD flag. */
-#define DNS_FETCHOPT_NONTA		0x0400	     /*%< Ignore NTA table. */
-/* RESERVED ECS				0x0000 */
-/* RESERVED ECS				0x1000 */
-/* RESERVED ECS				0x2000 */
-/* RESERVED TCPCLIENT			0x4000 */
-#define DNS_FETCHOPT_NOCACHED		0x8000	     /*%< Force cache update. */
+#define DNS_FETCHOPT_TCP		0x00001	     /*%< Use TCP. */
+#define DNS_FETCHOPT_UNSHARED		0x00002	     /*%< See below. */
+#define DNS_FETCHOPT_RECURSIVE		0x00004	     /*%< Set RD? */
+#define DNS_FETCHOPT_NOEDNS0		0x00008	     /*%< Do not use EDNS. */
+#define DNS_FETCHOPT_FORWARDONLY	0x00010	     /*%< Only use forwarders. */
+#define DNS_FETCHOPT_NOVALIDATE		0x00020	     /*%< Disable validation. */
+#define DNS_FETCHOPT_EDNS512		0x00040	     /*%< Advertise a 512 byte
+					0		  UDP buffer. */
+#define DNS_FETCHOPT_WANTNSID		0x00080	     /*%< Request NSID */
+#define DNS_FETCHOPT_PREFETCH		0x00100	     /*%< Do prefetch */
+#define DNS_FETCHOPT_NOCDFLAG		0x00200	     /*%< Don't set CD flag. */
+#define DNS_FETCHOPT_NONTA		0x00400	     /*%< Ignore NTA table. */
+/* RESERVED ECS				0x00000 */
+/* RESERVED ECS				0x01000 */
+/* RESERVED ECS				0x02000 */
+/* RESERVED TCPCLIENT			0x04000 */
+#define DNS_FETCHOPT_NOCACHED		0x08000	     /*%< Force cache update. */
+#define DNS_FETCHOPT_NOFORWARD		0x80000 /*%< Do not use forwarders
+							if possible. */
 
 /* Reserved in use by adb.c		0x00400000 */
 #define	DNS_FETCHOPT_EDNSVERSIONSET	0x00800000
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index cbf6b5ca28bd6122fe15b738c85161fd16d32114..b61ccc98b0549f9df92d0043607abaa765ed9fd6 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -3533,6 +3533,18 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
 	INSIST(ISC_LIST_EMPTY(fctx->forwaddrs));
 	INSIST(ISC_LIST_EMPTY(fctx->altaddrs));
 
+	/*
+	 * If we have DNS_FETCHOPT_NOFORWARD set and forwarding policy
+	 * allows us to not forward - skip forwarders and go straight
+	 * to NSes. This is currently used to make sure that priming query
+	 * gets root servers' IP addresses in ADDITIONAL section.
+	 */
+	if ((fctx->options & DNS_FETCHOPT_NOFORWARD) != 0 &&
+	    (fctx->fwdpolicy != dns_fwdpolicy_only))
+	{
+		goto normal_nses;
+	}
+
 	/*
 	 * If this fctx has forwarders, use them; otherwise use any
 	 * selective forwarders specified in the view; otherwise use the
@@ -3618,7 +3630,7 @@ fctx_getaddresses(fetchctx_t *fctx, bool badcache) {
 	/*
 	 * Normal nameservers.
 	 */
-
+ normal_nses:
 	stdoptions = DNS_ADBFIND_WANTEVENT | DNS_ADBFIND_EMPTYEVENT;
 	if (fctx->restarts == 1) {
 		/*
@@ -10030,7 +10042,8 @@ dns_resolver_prime(dns_resolver_t *res) {
 		LOCK(&res->primelock);
 		result = dns_resolver_createfetch(res, dns_rootname,
 						  dns_rdatatype_ns,
-						  NULL, NULL, NULL, 0,
+						  NULL, NULL, NULL,
+						  DNS_FETCHOPT_NOFORWARD,
 						  res->buckets[0].task,
 						  prime_done,
 						  res, rdataset, NULL,
diff --git a/util/copyrights b/util/copyrights
index 2b553e714498b428f684878e221d5449f50b5806..a2f7cf19602a082e2b2f2098f3a7fae2553ead55 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1313,6 +1313,8 @@
 ./bin/tests/system/forward/ns4/root.db		ZONE	2000,2001,2004,2007,2016,2018,2019
 ./bin/tests/system/forward/ns5/named.conf.in	CONF-C	2011,2016,2018,2019
 ./bin/tests/system/forward/ns5/root.db		ZONE	2011,2016,2018,2019
+./bin/tests/system/forward/ns7/named.conf.in	CONF-C	2019
+./bin/tests/system/forward/ns7/root.db		ZONE	2019
 ./bin/tests/system/forward/rfc1918-inherited.conf	CONF-C	2016,2018,2019
 ./bin/tests/system/forward/rfc1918-notinherited.conf	CONF-C	2016,2018,2019
 ./bin/tests/system/forward/setup.sh		SH	2018,2019