diff --git a/doc/Changelog b/doc/Changelog
index d02f00a61..c339e15b6 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+21 November 2018: Wouter
+	- Scrub NS records from NODATA responses as well.
+
 20 November 2018: Wouter
 	- Scrub NS records from NXDOMAIN responses to stop fragmentation
 	  poisoning of the cache.
diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
index a1cd0f441..8cc5effe8 100644
--- a/iterator/iter_scrub.c
+++ b/iterator/iter_scrub.c
@@ -502,7 +502,14 @@ scrub_normalize(sldns_buffer* pkt, struct msg_parse* msg,
 			 * from. eg. fragmentation attacks, inserted after
 			 * long RRSIGs in the packet get to the packet
 			 * border and such */
-			if(FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NXDOMAIN) {
+			/* also for NODATA answers
+			 * (nodata has an empty answer section, ie. the
+			 * first rr is from the next section */
+			if(FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NXDOMAIN ||
+			   (FLAGS_GET_RCODE(msg->flags) == LDNS_RCODE_NOERROR
+			    && (msg->rrset_first->section == LDNS_SECTION_AUTHORITY
+			        || msg->rrset_first->section == LDNS_SECTION_ADDITIONAL)
+			   )) {
 				remove_rrset("normalize: removing irrelevant "
 					"RRset:", pkt, msg, prev, &rrset);
 				continue;