diff --git a/CHANGES b/CHANGES
index 2ad34ec4bf..1e461b986e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6277.	[bug]		Take into account local authoritative zones when
+			falling back to serve-stale. [GL #4355]
+
 6276.	[cleanup]	Remove both lock-file configuration option and the
 			-X argument to named. [GL #4391]
 
diff --git a/bin/tests/system/serve-stale/ns1/root.db b/bin/tests/system/serve-stale/ns1/root.db
index aef8e31c7a..e36f2b0562 100644
--- a/bin/tests/system/serve-stale/ns1/root.db
+++ b/bin/tests/system/serve-stale/ns1/root.db
@@ -16,3 +16,5 @@ example.	300	NS	ns.example.
 ns.example.	300	A	10.53.0.2
 slow.		300	NS	ns.slow.
 ns.slow.	300	A	10.53.0.2
+stale.		300	NS	ns.stale.
+ns.stale.	300	A	10.53.0.6
diff --git a/bin/tests/system/serve-stale/ns3/named.conf.in b/bin/tests/system/serve-stale/ns3/named.conf.in
new file mode 100644
index 0000000000..d5f475126d
--- /dev/null
+++ b/bin/tests/system/serve-stale/ns3/named.conf.in
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+options {
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	listen-on-v6 { none; };
+	recursion yes;
+	dnssec-validation no;
+	qname-minimization off;
+
+	stale-answer-enable yes;
+	stale-cache-enable yes;
+	stale-refresh-time 30;
+	stale-answer-client-timeout 1800;
+	max-cache-ttl 24h;
+};
+
+zone "." {
+	type hint;
+	file "root.db";
+};
+
+zone "serve.stale" IN {
+	type primary;
+	notify no;
+	file "serve.stale.db";
+};
diff --git a/bin/tests/system/serve-stale/ns3/serve.stale.db b/bin/tests/system/serve-stale/ns3/serve.stale.db
new file mode 100644
index 0000000000..704f451012
--- /dev/null
+++ b/bin/tests/system/serve-stale/ns3/serve.stale.db
@@ -0,0 +1,18 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+serve.stale.		IN SOA	ns.serve.stale. matthijs.isc.org. 1 0 0 0 0
+serve.stale.		IN NS	ns.serve.stale.
+ns.serve.stale.		IN A    10.53.0.6
+
+$ORIGIN serve.stale.
+test			IN NS	nss1.example.nxd.
+test			IN NS	nss2.example.nxd.
diff --git a/bin/tests/system/serve-stale/ns6/named.conf.in b/bin/tests/system/serve-stale/ns6/named.conf.in
new file mode 100644
index 0000000000..15f5dd6c73
--- /dev/null
+++ b/bin/tests/system/serve-stale/ns6/named.conf.in
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+	inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+options {
+	query-source address 10.53.0.6;
+	notify-source 10.53.0.6;
+	transfer-source 10.53.0.6;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.6; };
+	listen-on-v6 { none; };
+	recursion no;
+};
+
+zone "stale" IN {
+	type primary;
+	notify no;
+	file "stale.db";
+};
+
+zone "serve.stale" IN {
+	type primary;
+	notify no;
+	file "serve.stale.db";
+};
diff --git a/bin/tests/system/serve-stale/ns6/serve.stale.db b/bin/tests/system/serve-stale/ns6/serve.stale.db
new file mode 100644
index 0000000000..2b17c68047
--- /dev/null
+++ b/bin/tests/system/serve-stale/ns6/serve.stale.db
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+serve.stale.		IN SOA	ns.serve.stale. matthijs.isc.org. 1 0 0 0 0
+serve.stale.		IN NS	ns.serve.stale.
+ns.serve.stale.		IN A    10.53.0.6
+
+test			IN TXT	"Oops, I did it again"
diff --git a/bin/tests/system/serve-stale/ns6/stale.db b/bin/tests/system/serve-stale/ns6/stale.db
new file mode 100644
index 0000000000..4ae006802b
--- /dev/null
+++ b/bin/tests/system/serve-stale/ns6/stale.db
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0.  If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+stale.		IN SOA	ns.stale. matthijs.isc.org. 1 0 0 0 0
+stale.		IN NS	ns.stale.
+ns.stale.	IN A    10.53.0.6
+
+serve.stale.	IN NS	ns.serve.stale.
+ns.serve.stale.	IN A    10.53.0.6
diff --git a/bin/tests/system/serve-stale/setup.sh b/bin/tests/system/serve-stale/setup.sh
index 0a0dc476b5..42e1ac8164 100644
--- a/bin/tests/system/serve-stale/setup.sh
+++ b/bin/tests/system/serve-stale/setup.sh
@@ -16,6 +16,7 @@
 $SHELL clean.sh
 
 copy_setports ns1/named1.conf.in ns1/named.conf
-copy_setports ns3/named1.conf.in ns3/named.conf
+copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns6/named.conf.in ns6/named.conf
diff --git a/bin/tests/system/serve-stale/tests.sh b/bin/tests/system/serve-stale/tests.sh
index a45f85bc85..9d7fb866cc 100755
--- a/bin/tests/system/serve-stale/tests.sh
+++ b/bin/tests/system/serve-stale/tests.sh
@@ -259,6 +259,29 @@ grep "data\.example\..*4.*IN.*TXT.*A text record with a 2 second ttl" dig.out.te
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+#
+# Test interaction with local zone
+#
+
+n=$((n + 1))
+echo_i "check that serve-stale does not recurse for local authoritative zone ($n)"
+ret=0
+
+num=0
+threshold=10
+while [ $num -lt $threshold ]; do
+
+  echo_i "dig test.serve.stale TXT ($n)"
+  $DIG -p ${PORT} @10.53.0.3 test.serve.stale TXT >dig.out.test$n.$num
+  grep "status: SERVFAIL" dig.out.test$n.$num >/dev/null || ret=1
+  if [ $ret != 0 ]; then num=$threshold; fi
+
+  sleep 1
+  num=$((num + 1))
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 #
 # Test disabling serve-stale via rndc.
 #
@@ -957,6 +980,17 @@ status=$((status + ret))
 #
 echo_i "test server with no serve-stale options set"
 
+n=$((n + 1))
+echo_i "updating ns3/named.conf ($n)"
+ret=0
+copy_setports ns3/named1.conf.in ns3/named.conf
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+echo_i "restart ns3"
+stop_server --use-rndc --port ${CONTROLPORT} ns3
+start_server --noclean --restart --port ${PORT} ns3
+
 n=$((n + 1))
 echo_i "enable responses from authoritative server ($n)"
 ret=0
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index d3acabc1b4..d90427fdb8 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -70,6 +70,9 @@ Bug Fixes
   DNSSEC records, it was scheduled to be resigning. This unwanted behavior
   has been fixed. :gl:`#4350`
 
+- Looking up stale data from the cache did not take into account local
+  authoritative zones. This has been fixed. :gl:`#4355`
+
 Known Issues
 ~~~~~~~~~~~~
 
diff --git a/lib/ns/query.c b/lib/ns/query.c
index 712bee0871..ff8856127f 100644
--- a/lib/ns/query.c
+++ b/lib/ns/query.c
@@ -7653,8 +7653,19 @@ query_usestale(query_ctx_t *qctx, isc_result_t result) {
 	qctx_freedata(qctx);
 
 	if (dns_view_staleanswerenabled(qctx->client->view)) {
-		dns_db_attach(qctx->client->view->cachedb, &qctx->db);
-		qctx->version = NULL;
+		isc_result_t ret;
+		ret = query_getdb(qctx->client, qctx->client->query.qname,
+				  qctx->client->query.qtype, qctx->options,
+				  &qctx->zone, &qctx->db, &qctx->version,
+				  &qctx->is_zone);
+		if (ret != ISC_R_SUCCESS) {
+			/*
+			 * Failed to get the database, unexpected, but let us
+			 * at least abandon serve-stale.
+			 */
+			return (false);
+		}
+
 		qctx->client->query.dboptions |= DNS_DBFIND_STALEOK;
 		if (FETCH_RECTYPE_NORMAL(qctx->client) != NULL) {
 			dns_resolver_destroyfetch(