diff --git a/src/dns_server.c b/src/dns_server.c
index 2e9768672c..e07a00cbf8 100644
--- a/src/dns_server.c
+++ b/src/dns_server.c
@@ -1666,7 +1666,7 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, char
 	int j = 0;
 	struct dns_rrs *rrs = NULL;
 	int ip_check_result = 0;
-	int is_result_strict = 0;
+	int is_result_discard = 0;
 
 	if (packet->head.rcode != DNS_RC_NOERROR && packet->head.rcode != DNS_RC_NXDOMAIN) {
 		if (request->rcode == DNS_RC_SERVFAIL) {
@@ -1680,8 +1680,9 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, char
 	for (j = 1; j < DNS_RRS_END; j++) {
 		rrs = dns_get_rrs_start(packet, j, &rr_count);
 		for (i = 0; i < rr_count && rrs; i++, rrs = dns_get_rrs_next(packet, rrs)) {
-			if (rrs->type == request->qtype || rrs->type == DNS_T_SOA) {
-				is_result_strict = 1;
+			if ((rrs->type == DNS_T_A || rrs->type == DNS_T_AAAA) &&
+				(request->qtype != DNS_T_A && request->qtype != DNS_T_AAAA)) {
+				is_result_discard = 1;
 			}
 
 			switch (rrs->type) {
@@ -1744,7 +1745,7 @@ static int _dns_server_passthrough_rule_check(struct dns_request *request, char
 		}
 	}
 
-	if (is_result_strict == 0) {
+	if (is_result_discard == 1) {
 		return 0;
 	}