diff -Nru bind9-9.11.3+dfsg/debian/changelog bind9-9.11.3+dfsg/debian/changelog
--- bind9-9.11.3+dfsg/debian/changelog	2018-08-10 06:26:07.000000000 +0000
+++ bind9-9.11.3+dfsg/debian/changelog	2018-10-10 17:33:34.000000000 +0000
@@ -1,3 +1,11 @@
+bind9 (1:9.11.3+dfsg-1ubuntu1.3) bionic; urgency=medium
+
+  [ Karl Stenerud ]
+  * d/p/skip-rtld-deepbind-for-dyndb.diff: fix named-pkcs11 crashing on
+    startup. Thanks to Petr Menšík <pemensik@redhat.com> (LP: #1769440)
+
+ -- Andreas Hasenack <andreas@canonical.com>  Wed, 10 Oct 2018 14:33:34 -0300
+
 bind9 (1:9.11.3+dfsg-1ubuntu1.2) bionic-security; urgency=medium
 
   * SECURITY UPDATE: denial of service crash when deny-answer-aliases
diff -Nru bind9-9.11.3+dfsg/debian/patches/series bind9-9.11.3+dfsg/debian/patches/series
--- bind9-9.11.3+dfsg/debian/patches/series	2018-08-10 06:14:53.000000000 +0000
+++ bind9-9.11.3+dfsg/debian/patches/series	2018-10-10 17:33:34.000000000 +0000
@@ -15,3 +15,4 @@
 CVE-2018-5740-1.patch
 CVE-2018-5740-2.patch
 CVE-2018-5740-3.patch
+skip-rtld-deepbind-for-dyndb.diff
diff -Nru bind9-9.11.3+dfsg/debian/patches/skip-rtld-deepbind-for-dyndb.diff bind9-9.11.3+dfsg/debian/patches/skip-rtld-deepbind-for-dyndb.diff
--- bind9-9.11.3+dfsg/debian/patches/skip-rtld-deepbind-for-dyndb.diff	1970-01-01 00:00:00.000000000 +0000
+++ bind9-9.11.3+dfsg/debian/patches/skip-rtld-deepbind-for-dyndb.diff	2018-10-10 17:33:34.000000000 +0000
@@ -0,0 +1,29 @@
+Description: RTLD_DEEPBIND conflicts with pkcs11 libraries, skip it for dyndb
+ The crash manifested itself when deploying FreeIPA, as described in the
+ Ubuntu bug. This is a distro-only patch because of the way bind9 is built, so
+ no forwarding is needed.
+ .
+ Debian applied the same patch to its bind9 package at
+ https://salsa.debian.org/dns-team/bind9/commit/afc6b5fe2e359e4e7eadc256cd94481965418b4b
+Author: Petr Menšík <pemensik@redhat.com>
+Origin: https://pagure.io/fedora-bind/blob/3d5ea105bd877f0069452e450320f8877b01cb52/f/bind-9.11-rh1410433.patch
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=1410433
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/freeipa/+bug/1769440
+Forwarded: not-needed
+Last-Update: 2018-10-11
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+diff --git a/lib/dns/dyndb.c b/lib/dns/dyndb.c
+index e21a84c7..ac18162c 100644
+--- a/lib/dns/dyndb.c
++++ b/lib/dns/dyndb.c
+@@ -133,9 +133,6 @@ load_library(isc_mem_t *mctx, const char *filename, const char *instname,
+ 		      instname, filename);
+ 
+ 	flags = RTLD_NOW|RTLD_LOCAL;
+-#ifdef RTLD_DEEPBIND
+-	flags |= RTLD_DEEPBIND;
+-#endif
+ 
+ 	handle = dlopen(filename, flags);
+ 	if (handle == NULL)