diff --git a/CHANGES b/CHANGES
index 2cf758ef8e..031ce8f150 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+4575.	[security]	Dns64 with break-dnssec yes; can result in a
+			assertion failure. (CVE-2017-3136) [RT #44653]
 
 	--- 9.10.5rc1 released ---
 
diff --git a/bin/named/query.c b/bin/named/query.c
index a190f7c587..f252200628 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -8257,6 +8257,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
 			result = query_dns64(client, &fname, rdataset,
 					     sigrdataset, dbuf,
 					     DNS_SECTION_ANSWER);
+			noqname = NULL;
 			dns_rdataset_disassociate(rdataset);
 			dns_message_puttemprdataset(client->message, &rdataset);
 			if (result == ISC_R_NOMORE) {