diff --git a/ldns-1.6.16-dsa-key-failures.patch b/ldns-1.6.16-dsa-key-failures.patch
new file mode 100644
index 0000000..93e8a73
--- /dev/null
+++ b/ldns-1.6.16-dsa-key-failures.patch
@@ -0,0 +1,28 @@
+diff -up ldns-1.6.17/keys.c.dsa ldns-1.6.17/keys.c
+--- ldns-1.6.17/keys.c.dsa	2014-01-10 22:04:41.000000000 +0100
++++ ldns-1.6.17/keys.c	2014-03-18 17:54:34.751742493 +0100
+@@ -1324,7 +1324,6 @@ ldns_key_dsa2bin(unsigned char *data, DS
+ 	/* See RFC2536 */
+ 	*size = (uint16_t)BN_num_bytes(k->p);
+ 	T = (*size - 64) / 8;
+-	memcpy(data, &T, 1);
+ 
+ 	if (T > 8) {
+ #ifdef STDERR_MSGS
+@@ -1335,12 +1334,13 @@ ldns_key_dsa2bin(unsigned char *data, DS
+ 	}
+ 
+ 	/* size = 64 + (T * 8); */
++	memset(data, 0, 21 + *size * 3);
+ 	data[0] = (unsigned char)T;
+ 	BN_bn2bin(k->q, data + 1 ); 		/* 20 octects */
+ 	BN_bn2bin(k->p, data + 21 ); 		/* offset octects */
+-	BN_bn2bin(k->g, data + 21 + *size); 	/* offset octets */
+-	BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */
+-	*size = 21 + (*size * 3);
++	BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g));
++	BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key));
++	*size = 21 + *size * 3;
+ 	return true;
+ }
+ 
diff --git a/ldns.spec b/ldns.spec
index f4774b4..4380b8c 100644
--- a/ldns.spec
+++ b/ldns.spec
@@ -14,11 +14,12 @@
 Summary: Low-level DNS(SEC) library with API
 Name: ldns
 Version: 1.6.17
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/%{name}/
 Source: http://www.nlnetlabs.nl/downloads/%{name}/%{name}-%{version}.tar.gz
 Patch1: ldns-1.6.17-multilib.patch
+Patch2: %{name}-1.6.16-dsa-key-failures.patch
 Group: System Environment/Libraries
 BuildRequires: libpcap-devel, openssl-devel, gcc-c++, doxygen,
 # for snapshots only
@@ -78,6 +79,7 @@ This package contains documentation for the ldns library
 %prep
 %setup -q 
 %patch1 -p1
+%patch2 -p1 -b .dsa
 # To built svn snapshots
 # rm config.guess config.sub ltmain.sh
 # aclocal
@@ -192,6 +194,9 @@ rm -f %{buildroot}%{perl_vendorarch}/auto/DNS/LDNS/{.packlist,LDNS.bs}
 %postun -p /sbin/ldconfig
 
 %changelog
+* Tue Mar 18 2014 Tomas Hozza <thozza@redhat.com> - 1.6.17-2
+- Fix error causing ldns to sometimes produce faulty DSA sign (#1077776)
+
 * Fri Jan 10 2014 Paul Wouters <pwouters@redhat.com> - 1.6.17-1
 - Updated to 1.6.17
 - Enable perl bindings via new ldns-perl sub-package