diff --git a/daemon/remote.c b/daemon/remote.c
index 47f99e82f..d9f5bcf31 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -798,6 +798,16 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
 		(unsigned long)s->svr.zero_ttl_responses)) return 0;
 	if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm, 
 		(unsigned long)s->mesh_replies_sent)) return 0;
+#ifdef USE_DNSCRYPT
+    if(!ssl_printf(ssl, "%s.num.dnscrypt.crypted"SQ"%lu\n", nm,
+        (unsigned long)s->svr.num_query_dnscrypt_crypted)) return 0;
+    if(!ssl_printf(ssl, "%s.num.dnscrypt.cert"SQ"%lu\n", nm,
+        (unsigned long)s->svr.num_query_dnscrypt_cert)) return 0;
+    if(!ssl_printf(ssl, "%s.num.dnscrypt.cleartext"SQ"%lu\n", nm,
+        (unsigned long)s->svr.num_query_dnscrypt_cleartext)) return 0;
+    if(!ssl_printf(ssl, "%s.num.dnscrypt.malformed"SQ"%lu\n", nm,
+        (unsigned long)s->svr.num_query_dnscrypt_crypted_malformed)) return 0;
+#endif
 	if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
 		(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
 			(double)s->svr.sum_query_list_size/
diff --git a/daemon/stats.c b/daemon/stats.c
index a3c3d7389..3665616be 100644
--- a/daemon/stats.c
+++ b/daemon/stats.c
@@ -232,6 +232,14 @@ void server_stats_add(struct stats_info* total, struct stats_info* a)
 	total->svr.num_queries_missed_cache += a->svr.num_queries_missed_cache;
 	total->svr.num_queries_prefetch += a->svr.num_queries_prefetch;
 	total->svr.sum_query_list_size += a->svr.sum_query_list_size;
+#ifdef USE_DNSCRYPT
+    total->svr.num_query_dnscrypt_crypted += a->svr.num_query_dnscrypt_crypted;
+    total->svr.num_query_dnscrypt_cert += a->svr.num_query_dnscrypt_cert;
+    total->svr.num_query_dnscrypt_cleartext += \
+        a->svr.num_query_dnscrypt_cleartext;
+    total->svr.num_query_dnscrypt_crypted_malformed += \
+        a->svr.num_query_dnscrypt_crypted_malformed;
+#endif
 	/* the max size reached is upped to higher of both */
 	if(a->svr.max_query_list_size > total->svr.max_query_list_size)
 		total->svr.max_query_list_size = a->svr.max_query_list_size;
diff --git a/daemon/stats.h b/daemon/stats.h
index 0b9d77b42..39c4d21c5 100644
--- a/daemon/stats.h
+++ b/daemon/stats.h
@@ -43,6 +43,7 @@
 #ifndef DAEMON_STATS_H
 #define DAEMON_STATS_H
 #include "util/timehist.h"
+#include "dnscrypt/dnscrypt_config.h"
 struct worker;
 struct config_file;
 struct comm_point;
@@ -149,6 +150,16 @@ struct server_stats {
 	size_t infra_cache_count;
 	/** number of key cache entries */
 	size_t key_cache_count;
+#ifdef USE_DNSCRYPT
+    /** number of queries that used dnscrypt */
+    size_t num_query_dnscrypt_crypted;
+    /** number of queries that queried dnscrypt certificates */
+    size_t num_query_dnscrypt_cert;
+    /** number of queries in clear text and not asking for the certificates */
+    size_t num_query_dnscrypt_cleartext;
+    /** number of malformed encrypted queries */
+    size_t num_query_dnscrypt_crypted_malformed;
+#endif
 };
 
 /** 
diff --git a/daemon/worker.c b/daemon/worker.c
index 580846d54..b8cc2a0cd 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -977,6 +977,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 #ifdef USE_DNSCRYPT
     repinfo->max_udp_size = worker->daemon->cfg->max_udp_size;
     if(!dnsc_handle_curved_request(worker->daemon->dnscenv, repinfo)) {
+        worker->stats.num_query_dnscrypt_crypted_malformed++;
         return 0;
     }
     if(c->dnscrypt && !repinfo->is_dnscrypted) {
@@ -1003,9 +1004,13 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
                     sldns_rr_descript(qinfo.qtype)->_name,
                     buf);
             comm_point_drop_reply(repinfo);
+            worker->stats.num_query_dnscrypt_cleartext++;
             return 0;
         }
+        worker->stats.num_query_dnscrypt_cert++;
         sldns_buffer_rewind(c->buffer);
+    } else if(c->dnscrypt && repinfo->is_dnscrypted) {
+        worker->stats.num_query_dnscrypt_crypted++;
     }
 #endif
 #ifdef USE_DNSTAP
diff --git a/dnscrypt/dnscrypt.c b/dnscrypt/dnscrypt.c
index f672096ab..56903e651 100644
--- a/dnscrypt/dnscrypt.c
+++ b/dnscrypt/dnscrypt.c
@@ -468,7 +468,6 @@ dnsc_handle_curved_request(struct dnsc_env* dnscenv,
                                    repinfo->client_nonce,
                                    repinfo->nmkey,
                                    c->buffer) != 0){
-            // TODO: Bump counter!
             verbose(VERB_ALGO, "dnscrypt: Failed to uncurve");
             comm_point_drop_reply(repinfo);
             return 0;
diff --git a/doc/Changelog b/doc/Changelog
index a70ba8214..6ffc06901 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+3 April 2017: Wouter
+	- Fix #1217: Add metrics to unbound-control interface showing
+	  crypted, cert request, plaintext and malformed queries (from
+	  Manu Bretelle).
+
 27 March 2017: Wouter
 	- Remove (now unused) event2 include from dnscrypt code.
 
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 741058b1b..3f00525b6 100644
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -199,6 +199,13 @@ static void pr_stats(const char* nm, struct stats_info* s)
 	PR_UL_NM("num.prefetch", s->svr.num_queries_prefetch);
 	PR_UL_NM("num.zero_ttl", s->svr.zero_ttl_responses);
 	PR_UL_NM("num.recursivereplies", s->mesh_replies_sent);
+#ifdef USE_DNSCRYPT
+    PR_UL_NM("num.dnscrypt.crypted", s->svr.num_query_dnscrypt_crypted);
+    PR_UL_NM("num.dnscrypt.cert", s->svr.num_query_dnscrypt_cert);
+    PR_UL_NM("num.dnscrypt.cleartext", s->svr.num_query_dnscrypt_cleartext);
+    PR_UL_NM("num.dnscrypt.malformed",
+             s->svr.num_query_dnscrypt_crypted_malformed);
+#endif
 	printf("%s.requestlist.avg"SQ"%g\n", nm,
 		(s->svr.num_queries_missed_cache+s->svr.num_queries_prefetch)?
 			(double)s->svr.sum_query_list_size/