- Note clearly that 'wait-limit: 0' disables all wait limits.

- 'wait-limit-cookie: 0' can now disable cookie validated wait
  limits.

doc/Changelog

@@ -1,6 +1,9 @@
 3 October 2025: Yorgos
 	- Note 'respip' and 'dns64' module order in the unbound.conf
 	  man page.
+	- Note clearly that 'wait-limit: 0' disables all wait limits.
+	- 'wait-limit-cookie: 0' can now disable cookie validated wait
+	  limits.
 
 2 October 2025: Wouter
 	- Fix that https is set up as enabled when the port is listed in

doc/unbound.conf.rst

@@ -510,7 +510,7 @@ These options are part of the **server:** clause.
     This makes a ratelimit per IP address of waiting replies for recursion.
     It stops very large amounts of queries waiting to be returned to one
     destination.
-    The value ``0`` disables wait limits.
+    The value ``0`` disables all wait limits.
 
     Default: 1000
 
@@ -518,7 +518,11 @@ These options are part of the **server:** clause.
 @@UAHL@unbound.conf@wait-limit-cookie@@: *<number>*
     The number of replies that can wait for recursion, for an IP address
     that sent the query with a valid DNS Cookie.
-    Since the cookie validates the client address, this limit can be higher.
+    Since the cookie already validates the client address, this option allows
+    to override a configured
+    :ref:`wait-limit<unbound.conf.wait-limit>` value usually with a higher one
+    for cookie validated queries.
+    The value ``0`` disables wait limits for cookie validated queries.
 
     Default: 10000
 

services/cache/infra.c

@@ -1269,7 +1269,8 @@ int infra_wait_limit_allowed(struct infra_cache* infra, struct comm_reply* rep,
 	int cookie_valid, struct config_file* cfg)
 {
 	struct lruhash_entry* entry;
-	if(cfg->wait_limit == 0)
+	if(cfg->wait_limit == 0 ||
+		(cookie_valid && cfg->wait_limit_cookie == 0))
 		return 1;
 
 	entry = infra_find_ip_ratedata(infra, &rep->client_addr,