diff --git a/dnsfilter/dnsfilter.go b/dnsfilter/dnsfilter.go
index 705631fa..3843f1dc 100644
--- a/dnsfilter/dnsfilter.go
+++ b/dnsfilter/dnsfilter.go
@@ -270,10 +270,6 @@ func (d *Dnsfilter) CheckHost(host string, qtype uint16, setts *RequestFiltering
 		return Result{Reason: NotFilteredNotFound}, nil
 	}
 	host = strings.ToLower(host)
-	// prevent recursion
-	if host == d.parentalServer || host == d.safeBrowsingServer {
-		return Result{}, nil
-	}
 
 	var result Result
 	var err error
diff --git a/dnsfilter/security.go b/dnsfilter/security.go
index 1de5cc8a..14751c6e 100644
--- a/dnsfilter/security.go
+++ b/dnsfilter/security.go
@@ -26,6 +26,9 @@ import (
 	"golang.org/x/net/publicsuffix"
 )
 
+// Servers to use for resolution of SB/PC server name
+var bootstrapServers = []string{"176.103.130.130", "176.103.130.131"}
+
 const dnsTimeout = 3 * time.Second
 const defaultSafebrowsingServer = "https://dns-family.adguard.com/dns-query"
 const defaultParentalServer = "https://dns-family.adguard.com/dns-query"
@@ -36,13 +39,14 @@ func (d *Dnsfilter) initSecurityServices() error {
 	var err error
 	d.safeBrowsingServer = defaultSafebrowsingServer
 	d.parentalServer = defaultParentalServer
+	opts := upstream.Options{Timeout: dnsTimeout, Bootstrap: bootstrapServers}
 
-	d.parentalUpstream, err = upstream.AddressToUpstream(d.parentalServer, upstream.Options{Timeout: dnsTimeout})
+	d.parentalUpstream, err = upstream.AddressToUpstream(d.parentalServer, opts)
 	if err != nil {
 		return err
 	}
 
-	d.safeBrowsingUpstream, err = upstream.AddressToUpstream(d.safeBrowsingServer, upstream.Options{Timeout: dnsTimeout})
+	d.safeBrowsingUpstream, err = upstream.AddressToUpstream(d.safeBrowsingServer, opts)
 	if err != nil {
 		return err
 	}