I updated BIND to v9.5.2-P2 in master. This fixes a bug related to DNSSEC. So anyone using DNSSEC should consider updating sooner than later. Ref: https://www.isc.org/advisories/CVE-2010-0097 Jan PS: Thanks to Aggelos for pointing me to the update.