diff --git a/doc/Changelog b/doc/Changelog
index 9c730c330..c729e97ec 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,8 @@
 	  origin consistent between local-data and access-control-tag-data.
 	- Fix NSEC ENT wildcard check. Matching wildcard does not have to be a
 	  subdomain of the NSEC owner.
+	- QNAME minimisation uses QTYPE=A, therefore always check cache for
+	  this type in harden-below-nxdomain functionality.
 
 22 November 2016: Wouter
 	- iana portlist update.
diff --git a/services/cache/dns.c b/services/cache/dns.c
index bec688d01..148b5cb87 100644
--- a/services/cache/dns.c
+++ b/services/cache/dns.c
@@ -798,9 +798,9 @@ dns_cache_lookup(struct module_env* env,
 		dname_remove_label(&k.qname, &k.qname_len);
 		h = query_info_hash(&k, flags);
 		e = slabhash_lookup(env->msg_cache, h, &k, 0);
-		if(!e && k.qtype != LDNS_RR_TYPE_NS &&
+		if(!e && k.qtype != LDNS_RR_TYPE_A &&
 			env->cfg->qname_minimisation) {
-			k.qtype = LDNS_RR_TYPE_NS;
+			k.qtype = LDNS_RR_TYPE_A;
 			h = query_info_hash(&k, flags);
 			e = slabhash_lookup(env->msg_cache, h, &k, 0);
 		}
@@ -820,7 +820,7 @@ dns_cache_lookup(struct module_env* env,
 			lock_rw_unlock(&e->lock);
 		}
 		k.qtype = qtype;
-	}
+	    }
 
 	/* fill common RR types for ANY response to avoid requery */
 	if(qtype == LDNS_RR_TYPE_ANY) {