diff --git a/doc/Changelog b/doc/Changelog
index 367451e7b..3461722b4 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
 	- Fix #4127 unbound -h does not list -p help.
 	- Print error if SSL name verification configured but not available
 	  in the ssl library.
+	- Fix that ratelimit and ip-ratelimit are applied after reload of
+	  changed config file.
 
 16 July 2018: Wouter
 	- Fix qname minimisation NXDOMAIN validation lookup failures causing
diff --git a/services/cache/infra.c b/services/cache/infra.c
index f4320306d..59f2eba89 100644
--- a/services/cache/infra.c
+++ b/services/cache/infra.c
@@ -215,6 +215,18 @@ static int infra_ratelimit_cfg_insert(struct infra_cache* infra,
 	return 1;
 }
 
+/** setup domain limits tree (0 on failure) */
+static int
+setup_domain_limits(struct infra_cache* infra, struct config_file* cfg)
+{
+	name_tree_init(&infra->domain_limits);
+	if(!infra_ratelimit_cfg_insert(infra, cfg)) {
+		return 0;
+	}
+	name_tree_init_parents(&infra->domain_limits);
+	return 1;
+}
+
 struct infra_cache* 
 infra_create(struct config_file* cfg)
 {
@@ -230,7 +242,6 @@ infra_create(struct config_file* cfg)
 		return NULL;
 	}
 	infra->host_ttl = cfg->host_ttl;
-	name_tree_init(&infra->domain_limits);
 	infra_dp_ratelimit = cfg->ratelimit;
 	infra->domain_rates = slabhash_create(cfg->ratelimit_slabs,
 		INFRA_HOST_STARTSIZE, cfg->ratelimit_size,
@@ -241,11 +252,10 @@ infra_create(struct config_file* cfg)
 		return NULL;
 	}
 	/* insert config data into ratelimits */
-	if(!infra_ratelimit_cfg_insert(infra, cfg)) {
+	if(!setup_domain_limits(infra, cfg)) {
 		infra_delete(infra);
 		return NULL;
 	}
-	name_tree_init_parents(&infra->domain_limits);
 	infra_ip_ratelimit = cfg->ip_ratelimit;
 	infra->client_ip_rates = slabhash_create(cfg->ip_ratelimit_slabs,
 	    INFRA_HOST_STARTSIZE, cfg->ip_ratelimit_size, &ip_rate_sizefunc,
@@ -285,12 +295,22 @@ infra_adjust(struct infra_cache* infra, struct config_file* cfg)
 	if(!infra)
 		return infra_create(cfg);
 	infra->host_ttl = cfg->host_ttl;
+	infra_dp_ratelimit = cfg->ratelimit;
+	infra_ip_ratelimit = cfg->ip_ratelimit;
 	maxmem = cfg->infra_cache_numhosts * (sizeof(struct infra_key)+
 		sizeof(struct infra_data)+INFRA_BYTES_NAME);
 	if(maxmem != slabhash_get_size(infra->hosts) ||
 		cfg->infra_cache_slabs != infra->hosts->size) {
 		infra_delete(infra);
 		infra = infra_create(cfg);
+	} else {
+		/* reapply domain limits */
+		traverse_postorder(&infra->domain_limits, domain_limit_free,
+			NULL);
+		if(!setup_domain_limits(infra, cfg)) {
+			infra_delete(infra);
+			return NULL;
+		}
 	}
 	return infra;
 }