diff --git a/doc/Changelog b/doc/Changelog
index ca54d2906..4a14c6060 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
 	- Fix #4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
 	- Fix that qname minimisation does not skip a label when missing
 	  nameserver targets need to be fetched.
+	- Fix #4225: clients seem to erroneously receive no answer with
+	  DNS-over-TLS and qname-minimisation.
 
 4 February 2019: Wouter
 	- Fix that log-replies prints the correct name for local-alias
diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
index f86a83d96..664072aa4 100644
--- a/services/listen_dnsport.c
+++ b/services/listen_dnsport.c
@@ -1779,6 +1779,12 @@ tcp_req_info_handle_readdone(struct tcp_req_info* req)
 	/* If mesh failed(mallocfail) and called commpoint_send_reply with
 	 * something like servfail then we pick up that reply below. */
 	if(req->is_reply) {
+		/* reply from mesh is in the spool_buffer */
+		sldns_buffer_clear(c->buffer);
+		sldns_buffer_write(c->buffer,
+			sldns_buffer_begin(req->spool_buffer),
+			sldns_buffer_limit(req->spool_buffer));
+		sldns_buffer_flip(c->buffer);
 		goto send_it;
 	}