diff --git a/0002-Fix-that-NXDOMAIN-for-_probe.uk.uk-is-deemed-allrigh.patch b/0002-Fix-that-NXDOMAIN-for-_probe.uk.uk-is-deemed-allrigh.patch
new file mode 100644
index 0000000..de56106
--- /dev/null
+++ b/0002-Fix-that-NXDOMAIN-for-_probe.uk.uk-is-deemed-allrigh.patch
@@ -0,0 +1,27 @@
+From 871f36410b93abc2a2e583043665337d25d66c1e Mon Sep 17 00:00:00 2001
+From: Wouter Wijngaards <wouter@nlnetlabs.nl>
+Date: Mon, 26 Feb 2018 13:48:26 +0000
+Subject: [PATCH] - Fix that NXDOMAIN for _probe.uk.uk is deemed allright.
+
+git-svn-id: file:///svn/dnssec-trigger/trunk@764 14dc9c71-5cc2-e011-b339-0019d10b89f4
+---
+ riggerd/probe.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/riggerd/probe.c b/riggerd/probe.c
+index 4781e01..0954766 100644
+--- a/riggerd/probe.c
++++ b/riggerd/probe.c
+@@ -490,7 +490,8 @@ outq_check_packet(struct outq* outq, uint8_t* wire, size_t len)
+ 	}
+ 
+ 	/* does DNS work? */
+-	if(ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
++	if(ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR &&
++		ldns_pkt_get_rcode(p) != LDNS_RCODE_NXDOMAIN) {
+ 		char* r = ldns_pkt_rcode2str(ldns_pkt_get_rcode(p));
+ 		snprintf(reason, sizeof(reason), "no answer, %s",
+ 			r?r:"(out of memory)");
+-- 
+2.14.3
+
diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec
index 8ea9254..631f545 100644
--- a/dnssec-trigger.spec
+++ b/dnssec-trigger.spec
@@ -5,7 +5,7 @@
 Summary: Tool for dynamic reconfiguration of validating resolver Unbound
 Name: dnssec-trigger
 Version: 0.15
-Release: 4%{?svn_snapshot:.%{svn_snapshot}svn}%{?dist}
+Release: 5%{?svn_snapshot:.%{svn_snapshot}svn}%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/downloads/dnssec-trigger/
 
@@ -21,6 +21,7 @@ Source3: dnssec-trigger-workstation.conf
 
 # Patches
 Patch1: 0001-dnssec-trigger-script-port-to-libnm.patch
+Patch2: 0002-Fix-that-NXDOMAIN-for-_probe.uk.uk-is-deemed-allrigh.patch
 
 # to obsolete the version in which the panel was in main package
 Obsoletes: %{name} < 0.12-22
@@ -80,6 +81,7 @@ some user input is needed, the panel creates a dialog window.
 %setup -q %{?svn_snapshot:-n %{name}-%{version}_%{svn_snapshot}}
 
 %patch1 -p1 -b .libnm_port
+%patch2 -p1 -b .nxdomain
 
 # don't use DNSSEC for forward zones for now
 sed -i "s/validate_connection_provided_zones=yes/validate_connection_provided_zones=no/" dnssec.conf
@@ -180,6 +182,9 @@ fi
 
 
 %changelog
+* Wed Mar 14 2018 Petr Menšík <pemensik@redhat.com> - 0.15-5
+- Accept NXDOMAIN for NSEC probe (#1555355)
+
 * Mon Feb 19 2018 Tomas Hozza <thozza@redhat.com> - 0.15-4
 - Added explicit BuildRequires on gcc as required by packaging guidelines
 - Added explicit Requires on e2fsprogs, so that /usr/bin/chattr is available