diff --git a/CHANGES b/CHANGES
index 9007dd24ee..84b52bfe66 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5477.	[bug]		The idle timeout for connected TCP sockets is now
+			derived from the client query processing timeout
+			configured for a resolver. [GL #2024]
+
 5476.	[placeholder]
 
 5475.	[bug]		Fix RPZ wildcard passthru ignored when a rejection
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 8aa78191e8..893eb340d2 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -3012,12 +3012,15 @@ resquery_connected(isc_task_t *task, isc_event_t *event) {
 		case ISC_R_SUCCESS:
 
 			/*
-			 * Extend the idle timer for TCP.  20 seconds
-			 * should be long enough for a TCP connection to be
-			 * established, a single DNS request to be sent,
-			 * and the response received.
+			 * Extend the idle timer for TCP.  Half of
+			 * "resolver-query-timeout" will hopefully be long
+			 * enough for a TCP connection to be established, a
+			 * single DNS request to be sent, and the response
+			 * received.
 			 */
-			isc_interval_set(&interval, 20, 0);
+			isc_interval_set(&interval,
+					 fctx->res->query_timeout / 1000 / 2,
+					 0);
 			result = fctx_startidletimer(query->fctx, &interval);
 			if (result != ISC_R_SUCCESS) {
 				FCTXTRACE("query canceled: idle timer failed; "