diff --git a/validator/include/validator/validator-compat.h b/validator/include/validator/validator-compat.h
index c6ebf23..515df6d 100644
--- a/validator/include/validator/validator-compat.h
+++ b/validator/include/validator/validator-compat.h
@@ -678,6 +678,11 @@ typedef enum __ns_rcode {
 #define ns_t_zxfr    256 /* BIND-specific, nonstandard. */
 #endif /* HAVE_NS_T_KX */

+/* glibc 2.25 is missing ns_t_zxfr */
+#if !defined(ns_t_zxfr)
+#define ns_t_zxfr    256 /* BIND-specific, nonstandard. */
+#endif /* glibc 2.25 */
+
 #if !HAVE_DECL_NS_T_DS
 #define ns_t_ds       43
 #endif
@@ -818,53 +823,6 @@ typedef enum __ns_flag {
         ns_f_max
 } ns_flag;

-/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
-#define NS_ALG_MD5RSA           1       /* MD5 with RSA */
-#define NS_ALG_DH               2       /* Diffie Hellman KEY */
-#define NS_ALG_DSA              3       /* DSA KEY */
-#define NS_ALG_DSS              NS_ALG_DSA
-#define NS_ALG_EXPIRE_ONLY      253     /* No alg, no security */
-#define NS_ALG_PRIVATE_OID      254     /* Key begins with OID giving alg */
-
-/* Protocol values  */
-/* value 0 is reserved */
-#define NS_KEY_PROT_TLS         1
-#define NS_KEY_PROT_EMAIL       2
-#define NS_KEY_PROT_DNSSEC      3
-#define NS_KEY_PROT_IPSEC       4
-#define NS_KEY_PROT_ANY         255
-
-/* Signatures */
-#define NS_MD5RSA_MIN_BITS       512    /* Size of a mod or exp in bits */
-#define NS_MD5RSA_MAX_BITS      2552
-        /* Total of binary mod and exp */
-#define NS_MD5RSA_MAX_BYTES     ((NS_MD5RSA_MAX_BITS+7/8)*2+3)
-        /* Max length of text sig block */
-#define NS_MD5RSA_MAX_BASE64    (((NS_MD5RSA_MAX_BYTES+2)/3)*4)
-#define NS_MD5RSA_MIN_SIZE      ((NS_MD5RSA_MIN_BITS+7)/8)
-#define NS_MD5RSA_MAX_SIZE      ((NS_MD5RSA_MAX_BITS+7)/8)
-
-#define NS_DSA_SIG_SIZE         41
-#define NS_DSA_MIN_SIZE         213
-#define NS_DSA_MAX_BYTES        405
-
-/* Offsets into SIG record rdata to find various values */
-#define NS_SIG_TYPE     0       /* Type flags */
-#define NS_SIG_ALG      2       /* Algorithm */
-#define NS_SIG_LABELS   3       /* How many labels in name */
-#define NS_SIG_OTTL     4       /* Original TTL */
-#define NS_SIG_EXPIR    8       /* Expiration time */
-#define NS_SIG_SIGNED   12      /* Signature time */
-#define NS_SIG_FOOT     16      /* Key footprint */
-#define NS_SIG_SIGNER   18      /* Domain name of who signed it */
-
-/* How RR types are represented as bit-flags in NXT records */
-#define NS_NXT_BITS 8
-#define NS_NXT_BIT_SET(  n,p) (p[(n)/NS_NXT_BITS] |=  (0x80>>((n)%NS_NXT_BITS)))
-#define NS_NXT_BIT_CLEAR(n,p) (p[(n)/NS_NXT_BITS] &= ~(0x80>>((n)%NS_NXT_BITS)))
-#define NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] &   (0x80>>((n)%NS_NXT_BITS)))
-#define NS_NXT_MAX 127
-
 /*
  * Inline versions of get/put short/long.  Pointer is advanced.
  */
@@ -931,6 +889,57 @@ int	ns_parse_ttl(const char *, u_long *);

 #endif /* HAVE_ARPA_NAMESER_H */

+/* glibc 2.25 passes HAVE_ARPA_NAMESER_H, but doesn't have NS_ALG_MD5RSA and more defines. */
+#if !defined(HAVE_ARPA_NAMESER_H) || defined(eabi) || defined(ANDROID) ||defined(__OpenBSD__) || !defined(NS_ALG_MD5RSA)
+/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
+#define NS_ALG_MD5RSA           1       /* MD5 with RSA */
+#define NS_ALG_DH               2       /* Diffie Hellman KEY */
+#define NS_ALG_DSA              3       /* DSA KEY */
+#define NS_ALG_DSS              NS_ALG_DSA
+#define NS_ALG_EXPIRE_ONLY      253     /* No alg, no security */
+#define NS_ALG_PRIVATE_OID      254     /* Key begins with OID giving alg */
+
+/* Protocol values  */
+/* value 0 is reserved */
+#define NS_KEY_PROT_TLS         1
+#define NS_KEY_PROT_EMAIL       2
+#define NS_KEY_PROT_DNSSEC      3
+#define NS_KEY_PROT_IPSEC       4
+#define NS_KEY_PROT_ANY         255
+
+/* Signatures */
+#define NS_MD5RSA_MIN_BITS       512    /* Size of a mod or exp in bits */
+#define NS_MD5RSA_MAX_BITS      2552
+        /* Total of binary mod and exp */
+#define NS_MD5RSA_MAX_BYTES     ((NS_MD5RSA_MAX_BITS+7/8)*2+3)
+        /* Max length of text sig block */
+#define NS_MD5RSA_MAX_BASE64    (((NS_MD5RSA_MAX_BYTES+2)/3)*4)
+#define NS_MD5RSA_MIN_SIZE      ((NS_MD5RSA_MIN_BITS+7)/8)
+#define NS_MD5RSA_MAX_SIZE      ((NS_MD5RSA_MAX_BITS+7)/8)
+
+#define NS_DSA_SIG_SIZE         41
+#define NS_DSA_MIN_SIZE         213
+#define NS_DSA_MAX_BYTES        405
+
+/* Offsets into SIG record rdata to find various values */
+#define NS_SIG_TYPE     0       /* Type flags */
+#define NS_SIG_ALG      2       /* Algorithm */
+#define NS_SIG_LABELS   3       /* How many labels in name */
+#define NS_SIG_OTTL     4       /* Original TTL */
+#define NS_SIG_EXPIR    8       /* Expiration time */
+#define NS_SIG_SIGNED   12      /* Signature time */
+#define NS_SIG_FOOT     16      /* Key footprint */
+#define NS_SIG_SIGNER   18      /* Domain name of who signed it */
+
+/* How RR types are represented as bit-flags in NXT records */
+#define NS_NXT_BITS 8
+#define NS_NXT_BIT_SET(  n,p) (p[(n)/NS_NXT_BITS] |=  (0x80>>((n)%NS_NXT_BITS)))
+#define NS_NXT_BIT_CLEAR(n,p) (p[(n)/NS_NXT_BITS] &= ~(0x80>>((n)%NS_NXT_BITS)))
+#define NS_NXT_BIT_ISSET(n,p) (p[(n)/NS_NXT_BITS] &   (0x80>>((n)%NS_NXT_BITS)))
+#define NS_NXT_MAX 127
+#endif
+/* glibc 2.25 */
+
 int libsres_msg_getflag(ns_msg han, int flag);
 /*
  * at one open ns_msg_getflag was a macro on Linux, but now it is a