diff -Nru bind9-9.11.5.P1+dfsg/debian/changelog bind9-9.11.5.P1+dfsg/debian/changelog
--- bind9-9.11.5.P1+dfsg/debian/changelog	2019-04-24 09:00:07.000000000 +0000
+++ bind9-9.11.5.P1+dfsg/debian/changelog	2019-04-26 14:20:00.000000000 +0000
@@ -1,3 +1,9 @@
+bind9 (1:9.11.5.P1+dfsg-1ubuntu2.4) disco; urgency=medium
+
+  * d/rules: add back EdDSA support (LP: #1825712)
+
+ -- Andreas Hasenack <andreas@canonical.com>  Fri, 26 Apr 2019 14:20:00 +0000
+
 bind9 (1:9.11.5.P1+dfsg-1ubuntu2.3) disco-security; urgency=medium
 
   * SECURITY UPDATE: limiting simultaneous TCP clients is ineffective
diff -Nru bind9-9.11.5.P1+dfsg/debian/rules bind9-9.11.5.P1+dfsg/debian/rules
--- bind9-9.11.5.P1+dfsg/debian/rules	2019-01-17 20:59:25.000000000 +0000
+++ bind9-9.11.5.P1+dfsg/debian/rules	2019-04-26 14:20:00.000000000 +0000
@@ -76,6 +76,13 @@
 
 override_dh_auto_configure:
 	debian/checkapi
+	# Behavior of --with-eddsa:
+	#  yes: enables it for openssl and pkcs11
+	#  no: disables it for openssl and pkcs11
+	#  auto, or absent: enables it for openssl if supported, disables
+	#  it for pkcs11
+	# EDDSA requires openssl 1.1.1 or later.
+	# If EDDSA is enabled, extra symbols will appear in libdns110x.
 	dh_auto_configure -B build -- \
 		--libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \
 		--sysconfdir=/etc/bind \
@@ -101,7 +108,6 @@
 		--enable-native-pkcs11 \
 		--with-pkcs11=\$${prefix}/lib/softhsm/libsofthsm2.so \
 		--with-randomdev=/dev/urandom \
-		--with-eddsa=no \
 		$(EXTRA_FEATURES)
 	dh_auto_configure -B build-udeb -- \
 		--sysconfdir=/etc/bind \
@@ -120,7 +126,6 @@
 		--enable-shared \
 		--with-libtool \
 		--with-gssapi=no \
-		--with-eddsa=no \
 		--libdir=/lib/$(DEB_HOST_MULTIARCH) \
 		--includedir=/usr/include/bind-export
 	sh debian/apply-export-patch