diff --git a/doc/Changelog b/doc/Changelog
index 91d79db8c..af1813e95 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,6 +1,7 @@
 6 January 2009: Wouter
 	- fixup packet-of-death when compiled with --enable-debug.
 	  A malformed packet could cause an internal assertion failure.
+	- added test for HINFO canonicalisation behaviour.
 
 5 January 2009: Wouter
 	- fixup getaddrinfo failure handling for remote control port.
diff --git a/testcode/unitverify.c b/testcode/unitverify.c
index a468cd113..1c257fea8 100644
--- a/testcode/unitverify.c
+++ b/testcode/unitverify.c
@@ -134,7 +134,7 @@ extract_keys(struct entry* e, struct alloc_cache* alloc,
 
 /** return true if answer should be bogus */
 static int
-should_be_bogus(struct ub_packed_rrset_key* rrset)
+should_be_bogus(struct ub_packed_rrset_key* rrset, struct query_info* qinfo)
 {
 	struct packed_rrset_data* d = (struct packed_rrset_data*)rrset->
 		entry.data;
@@ -143,13 +143,16 @@ should_be_bogus(struct ub_packed_rrset_key* rrset)
 	/* name 'bogus' as first label signals bogus */
 	if(rrset->rk.dname_len > 6 && memcmp(rrset->rk.dname+1, "bogus", 5)==0)
 		return 1;
+	if(qinfo->qname_len > 6 && memcmp(qinfo->qname+1, "bogus", 5)==0)
+		return 1;
 	return 0;
 }
 
 /** verify and test one rrset against the key rrset */
 static void
 verifytest_rrset(struct module_env* env, struct val_env* ve, 
-	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey)
+	struct ub_packed_rrset_key* rrset, struct ub_packed_rrset_key* dnskey,
+	struct query_info* qinfo)
 {
 	enum sec_status sec;
 	if(vsig) {
@@ -161,7 +164,7 @@ verifytest_rrset(struct module_env* env, struct val_env* ve,
 	if(vsig) {
 		printf("verify outcome is: %s\n", sec_status_to_string(sec));
 	}
-	if(should_be_bogus(rrset)) {
+	if(should_be_bogus(rrset, qinfo)) {
 		unit_assert(sec == sec_status_bogus);
 	} else {
 		unit_assert(sec == sec_status_secure);
@@ -188,7 +191,7 @@ verifytest_entry(struct entry* e, struct alloc_cache* alloc,
 	entry_to_repinfo(e, alloc, region, pkt, &qinfo, &rep);
 
 	for(i=0; i<rep->rrset_count; i++) {
-		verifytest_rrset(env, ve, rep->rrsets[i], dnskey);
+		verifytest_rrset(env, ve, rep->rrsets[i], dnskey, &qinfo);
 	}
 
 	reply_info_parsedelete(rep, alloc);
@@ -478,6 +481,7 @@ verify_test()
 #ifdef HAVE_EVP_SHA512
 	verifytest_file("testdata/test_signatures.10", "20070829144150");
 #endif
+	verifytest_file("testdata/test_signatures.12", "20090107100022");
 	dstest_file("testdata/test_ds_sig.1");
 	nsectest();
 	nsec3_hash_test("testdata/test_nsec3_hash.1");
diff --git a/testdata/test_signatures.12 b/testdata/test_signatures.12
new file mode 100644
index 000000000..0f168e60c
--- /dev/null
+++ b/testdata/test_signatures.12
@@ -0,0 +1,55 @@
+; Signature test file
+
+; first entry is a DNSKEY answer, with the DNSKEY rrset used for verification. 
+; later entries are verified with it.
+
+; Test HINFO canonicalisation
+
+; RSA key from ldns tool
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.	IN DNSKEY
+SECTION ANSWER
+jelte.nlnetlabs.nl.	3600	IN	DNSKEY	256 3 5 AwEAAawmHBgxeOiaYE4JpNU+CBqEj7xGB1o6ThEsUmtjsbmTnsJ89uWv 2PudzhQKCR1hJtuxVxG0Aw4mwHlAy+SoWHp8NXW1JYVA5qbvYhUUUM3l +ZFImaMhShhlviJJDLla5nmB5pyNYbC4wxqkCs51mzJY1abbCmZepmQL IlprTjUL
+ENTRY_END
+
+; check that signatures work
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.	IN	NS
+SECTION ANSWER
+jelte.nlnetlabs.nl.	3600	IN	NS	ns1.jelte.nlnetlabs.nl.
+jelte.nlnetlabs.nl.	3600	IN	NS	ns2.jelte.nlnetlabs.nl.
+jelte.nlnetlabs.nl.	3600	IN	RRSIG	NS 5 3 3600 20090203100022 20090106100022 48885 jelte.nlnetlabs.nl. E3G8ZsCvUw56EKxYA4JzjYaB3ojLpdmQdUHOPSxlWK43haSuxpFERGRc P7AhiMjcYcoJcR+LWQr0uOFVnW8VcFFdy8u7Gs9MNAIWs5+jOaI3WDRC reee7K/NEBiubQCdm7UPA894VNM5oiLCa1waMoMD+LfEeijuN4N09HqY 6eo=
+ENTRY_END
+
+; currently this fails due to the design of canonicalisation in unbound.
+; HINFO record signed with ldns, HINFO in uppercase, signature uppercase
+ENTRY_BEGIN
+SECTION QUESTION
+bogus.jelte.nlnetlabs.nl.    IN      HINFO
+SECTION ANSWER
+jelte.nlnetlabs.nl.	3600	IN	HINFO	"Jelte" "Machine van"
+jelte.nlnetlabs.nl.	3600	IN	RRSIG	HINFO 5 3 3600 20090203100022 20090106100022 48885 jelte.nlnetlabs.nl. eRig3NjIIgBTmQiN7AREmplgiY6OOtVwCNZgF5UAoYFAE1K1tl5WLqe9 FmTcVtaNUzFdgYv+TD93NNYdV0uxJkr+rS2sSykGf9OIlxevFm+rW2ya 4/Y+5GIN77eN9q9/6ULQRdsX3p8w1fhloiDXk+tgCaw+cJJElMEE1Avw 2dY=
+ENTRY_END
+
+
+; HINFO record signed with ldns, HINFO in lowercase, signature lowercase
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.    IN      HINFO
+SECTION ANSWER
+jelte.nlnetlabs.nl.	3600	IN	HINFO	"jelte" "machine van"
+jelte.nlnetlabs.nl.	3600	IN	RRSIG	HINFO 5 3 3600 20090203105558 20090106105558 48885 jelte.nlnetlabs.nl. UwFKSqH9oau3nCdJ4i6iYamo2izgMCKy1K8ec0IkhniUONKaIGiRNz8/ QrLAeBHhMnLQYNV/GBprNjvnPyYLG/6bWYUBxvP6pCG4oDEmNY7QF9di I6So5Ycv0ZWaYoT/NYStUj1fLNZ4xCdNXVLA7Oi5PRMeOvPQIvMG3hHK Ja0=
+ENTRY_END
+
+; HINFO record signed with ldns, HINFO in uppercase, signature lowercase
+; (signer canonicalised)
+ENTRY_BEGIN
+SECTION QUESTION
+jelte.nlnetlabs.nl.    IN      HINFO
+SECTION ANSWER
+jelte.nlnetlabs.nl.	3600	IN	HINFO	"Jelte" "Machine van"
+jelte.nlnetlabs.nl.	3600	IN	RRSIG	HINFO 5 3 3600 20090203105558 20090106105558 48885 jelte.nlnetlabs.nl. UwFKSqH9oau3nCdJ4i6iYamo2izgMCKy1K8ec0IkhniUONKaIGiRNz8/ QrLAeBHhMnLQYNV/GBprNjvnPyYLG/6bWYUBxvP6pCG4oDEmNY7QF9di I6So5Ycv0ZWaYoT/NYStUj1fLNZ4xCdNXVLA7Oi5PRMeOvPQIvMG3hHK Ja0=
+ENTRY_END
+