diff --git pdns/auth-catalogzone.cc pdns/auth-catalogzone.cc
index bcff734f0..d7ae6bdd7 100644
--- pdns/auth-catalogzone.cc
+++ pdns/auth-catalogzone.cc
@@ -121,10 +121,30 @@ DNSZoneRecord CatalogInfo::getCatalogVersionRecord(const DNSName& zone)
   dzr.dr.d_type = QType::TXT;
   dzr.dr.setContent(std::make_shared<TXTRecordContent>("2"));
   return dzr;
 }
 
+static string txtEscape(const string &name)
+{
+  string ret;
+  char ebuf[5];
+
+  for(char i : name) {
+    if((unsigned char) i >= 127 || (unsigned char) i < 32) {
+      snprintf(ebuf, sizeof(ebuf), "\\%03u", (unsigned char)i);
+      ret += ebuf;
+    }
+    else if(i=='"' || i=='\\'){
+      ret += '\\';
+      ret += i;
+    }
+    else
+      ret += i;
+  }
+  return ret;
+}
+
 void CatalogInfo::toDNSZoneRecords(const DNSName& zone, vector<DNSZoneRecord>& dzrs) const
 {
   DNSName prefix;
   if (d_unique.empty()) {
     prefix = getUnique();
@@ -136,11 +156,11 @@ void CatalogInfo::toDNSZoneRecords(const DNSName& zone, vector<DNSZoneRecord>& d
 
   DNSZoneRecord dzr;
   dzr.dr.d_name = prefix;
   dzr.dr.d_ttl = 0;
   dzr.dr.d_type = QType::PTR;
-  dzr.dr.setContent(std::make_shared<PTRRecordContent>(d_zone.toString()));
+  dzr.dr.setContent(std::make_shared<PTRRecordContent>(d_zone));
   dzrs.emplace_back(dzr);
 
   if (!d_coo.empty()) {
     dzr.dr.d_name = DNSName("coo") + prefix;
     dzr.dr.d_ttl = 0;
@@ -151,9 +171,9 @@ void CatalogInfo::toDNSZoneRecords(const DNSName& zone, vector<DNSZoneRecord>& d
 
   for (const auto& group : d_group) {
     dzr.dr.d_name = DNSName("group") + prefix;
     dzr.dr.d_ttl = 0;
     dzr.dr.d_type = QType::TXT;
-    dzr.dr.setContent(std::make_shared<TXTRecordContent>("\"" + group + "\""));
+    dzr.dr.setContent(std::make_shared<TXTRecordContent>("\"" + txtEscape(group) + "\""));
     dzrs.emplace_back(dzr);
   }
 }