diff --git a/bind-9.10-dist-native-pkcs11.patch b/bind-9.10-dist-native-pkcs11.patch
index 41cf91f..1562b84 100644
--- a/bind-9.10-dist-native-pkcs11.patch
+++ b/bind-9.10-dist-native-pkcs11.patch
@@ -283,7 +283,7 @@ index d9aa66b..1900e3c 100644
  DEPLIBS =	${ISCDEPLIBS}
  
 diff --git a/configure.in b/configure.in
-index 0bde24d..6435274 100644
+index 832b1a4..fc913b8 100644
 --- a/configure.in
 +++ b/configure.in
 @@ -1116,12 +1116,14 @@ AC_SUBST(USE_GSSAPI)
@@ -301,7 +301,7 @@ index 0bde24d..6435274 100644
  
  #
  # was --with-randomdev specified?
-@@ -1489,11 +1491,11 @@ fi
+@@ -1495,11 +1497,11 @@ fi
  AC_MSG_CHECKING(for OpenSSL library)
  OPENSSL_WARNING=
  openssldirs="/usr /usr/local /usr/local/ssl /usr/pkg /usr/sfw"
@@ -318,7 +318,7 @@ index 0bde24d..6435274 100644
  
  if test "auto" = "$use_openssl"
  then
-@@ -1506,6 +1508,7 @@ then
+@@ -1512,6 +1514,7 @@ then
  		fi
  	done
  fi
@@ -326,7 +326,7 @@ index 0bde24d..6435274 100644
  OPENSSL_ECDSA=""
  OPENSSL_GOST=""
  gosttype="raw"
-@@ -1526,16 +1529,17 @@ case "$with_gost" in
+@@ -1532,16 +1535,17 @@ case "$with_gost" in
  		;;
  esac
  
@@ -349,7 +349,7 @@ index 0bde24d..6435274 100644
  	no)
  		AC_MSG_RESULT(no)
  		DST_OPENSSL_INC=""
-@@ -1557,11 +1561,11 @@ case "$use_openssl" in
+@@ -1563,11 +1567,11 @@ case "$use_openssl" in
  If you don't want OpenSSL, use --without-openssl])
  		;;
  	*)
@@ -366,7 +366,7 @@ index 0bde24d..6435274 100644
  		if test "yes" = "$use_openssl"
  		then
  			# User did not specify a path - guess it
-@@ -1917,6 +1921,7 @@ AC_SUBST(OPENSSL_ECDSA)
+@@ -1923,6 +1927,7 @@ AC_SUBST(OPENSSL_ECDSA)
  AC_SUBST(OPENSSL_GOST)
  
  DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DST_OPENSSL_LIBS"
@@ -374,7 +374,7 @@ index 0bde24d..6435274 100644
  
  ISC_PLATFORM_WANTAES="#undef ISC_PLATFORM_WANTAES"
  if test "yes" = "$with_aes"
-@@ -2212,6 +2217,7 @@ esac
+@@ -2218,6 +2223,7 @@ esac
  AC_SUBST(PKCS11LINKOBJS)
  AC_SUBST(PKCS11LINKSRCS)
  AC_SUBST(CRYPTO)
@@ -382,7 +382,7 @@ index 0bde24d..6435274 100644
  AC_SUBST(PKCS11_ECDSA)
  AC_SUBST(PKCS11_GOST)
  AC_SUBST(PKCS11_TEST)
-@@ -5114,8 +5120,11 @@ AC_CONFIG_FILES([
+@@ -5131,8 +5137,11 @@ AC_CONFIG_FILES([
  	bin/delv/Makefile
  	bin/dig/Makefile
  	bin/dnssec/Makefile
@@ -394,7 +394,7 @@ index 0bde24d..6435274 100644
  	bin/nsupdate/Makefile
  	bin/pkcs11/Makefile
  	bin/python/Makefile
-@@ -5216,6 +5225,10 @@ AC_CONFIG_FILES([
+@@ -5233,6 +5242,10 @@ AC_CONFIG_FILES([
  	lib/dns/include/dns/Makefile
  	lib/dns/include/dst/Makefile
  	lib/dns/tests/Makefile
@@ -405,7 +405,7 @@ index 0bde24d..6435274 100644
  	lib/irs/Makefile
  	lib/irs/include/Makefile
  	lib/irs/include/irs/Makefile
-@@ -5240,6 +5253,24 @@ AC_CONFIG_FILES([
+@@ -5257,6 +5270,24 @@ AC_CONFIG_FILES([
  	lib/isc/unix/include/Makefile
  	lib/isc/unix/include/isc/Makefile
  	lib/isc/unix/include/pkcs11/Makefile
@@ -444,7 +444,7 @@ index 318450c..87cde21 100644
  
  @BIND9_MAKE_RULES@
 diff --git a/lib/dns-pkcs11/Makefile.in b/lib/dns-pkcs11/Makefile.in
-index a22b721..a38960b 100644
+index 257d5e5..4abcc49 100644
 --- a/lib/dns-pkcs11/Makefile.in
 +++ b/lib/dns-pkcs11/Makefile.in
 @@ -23,16 +23,16 @@ VERSION=@BIND9_VERSION@
@@ -469,7 +469,7 @@ index a22b721..a38960b 100644
  
  LIBS =		@LIBS@
  
-@@ -136,30 +136,30 @@ version.@O@: version.c
+@@ -135,15 +135,15 @@ version.@O@: version.c
  		-DLIBAGE=${LIBAGE} \
  		-c ${srcdir}/version.c
  
@@ -487,10 +487,23 @@ index a22b721..a38960b 100644
 -		${OBJS} ${ISCLIBS} @DNS_CRYPTO_LIBS@ ${LIBS}
 +		${OBJS} ${ISCLIBS} @DNS_CRYPTO_PK11_LIBS@ ${LIBS}
  
--timestamp: libdns.@A@
-+timestamp: libdns-pkcs11.@A@
+ include: gen
+ 	${MAKE} include/dns/enumtype.h
+@@ -169,25 +169,25 @@ code.h:	gen
+ 	./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; }
+ 
+ gen: gen.c
+-	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
++	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \
+ 	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
+ 
+-timestamp: include libdns.@A@
++timestamp: include libdns-pkcs11.@A@
  	touch timestamp
  
+-testdirs: libdns.@A@
++testdirs: libdns-pkcs11.@A@
+ 
  installdirs:
  	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
  
@@ -508,31 +521,22 @@ index a22b721..a38960b 100644
  	rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
  	rm -f include/dns/rdatastruct.h
  	rm -f dnstap.pb-c.c dnstap.pb-c.h include/dns/dnstap.pb-c.h
-@@ -191,7 +191,7 @@ code.h:	gen
- 	./gen -s ${srcdir} > code.h || { rm -f $@ ; exit 1; }
- 
- gen: gen.c
--	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc/include \
-+	${BUILD_CC} ${BUILD_CFLAGS} -I${top_srcdir}/lib/isc-pkcs11/include \
- 	${BUILD_CPPFLAGS} ${BUILD_LDFLAGS} -o $@ ${srcdir}/gen.c ${BUILD_LIBS}
- 
- rbtdb64.@O@: rbtdb64.c rbtdb.c
 diff --git a/lib/isc-pkcs11/Makefile.in b/lib/isc-pkcs11/Makefile.in
-index e5c4db0..c7a623c 100644
+index bd8b109..3a6665f 100644
 --- a/lib/isc-pkcs11/Makefile.in
 +++ b/lib/isc-pkcs11/Makefile.in
 @@ -20,8 +20,8 @@ CINCLUDES =	-I${srcdir}/unix/include \
  		-I${srcdir}/@ISC_THREAD_DIR@/include \
  		-I${srcdir}/@ISC_ARCH_DIR@/include \
  		-I./include \
--		-I${srcdir}/include @ISC_OPENSSL_INC@ ${DNS_INCLUDES}
+-		-I${srcdir}/include ${DNS_INCLUDES} @ISC_OPENSSL_INC@
 -CDEFINES =	@CRYPTO@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
 +		-I${srcdir}/include ${DNS_PKCS11_INCLUDES}
 +CDEFINES =	@CRYPTO_PK11@ -DPK11_LIB_LOCATION=\"${PROVIDER}\"
  CWARNINGS =
  
  # Alphabetically
-@@ -104,38 +104,38 @@ version.@O@: version.c
+@@ -104,40 +104,40 @@ version.@O@: version.c
  		-DLIBAGE=${LIBAGE} \
  		-c ${srcdir}/version.c
  
@@ -566,6 +570,9 @@ index e5c4db0..c7a623c 100644
 +timestamp: libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@
  	touch timestamp
  
+-testdirs: libisc.@A@ libisc-nosymtbl.@A@
++testdirs: libisc-pkcs11.@A@ libisc-pkcs11-nosymtbl.@A@
+ 
  installdirs:
  	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
  
diff --git a/bind-9.11-rh1236087.patch b/bind-9.11-rh1236087.patch
deleted file mode 100644
index 569db9b..0000000
--- a/bind-9.11-rh1236087.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 66b71679b78ad6cf2c4e5c8c1216b602e0fe1e9b Mon Sep 17 00:00:00 2001
-From: Evan Hunt <each@isc.org>
-Date: Thu, 20 Apr 2017 09:28:37 -0700
-Subject: [PATCH] [master] nsupdate: send tkey queries to the right server
-
-4588.	[bug]		nsupdate could send queries for TKEY to the wrong
-			server when using GSSAPI. Thanks to Tomas Hozza.
-			[RT #39893]
----
- bin/nsupdate/nsupdate.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
-index 9572fd8..8fc5b20 100644
---- a/bin/nsupdate/nsupdate.c
-+++ b/bin/nsupdate/nsupdate.c
-@@ -2799,10 +2799,8 @@ start_gssrequest(dns_name_t *master) {
- 		if (kserver == NULL)
- 			fatal("out of memory");
- 	}
--	if (servers == NULL)
--		get_addresses(namestr, dnsport, kserver, 1);
--	else
--		memmove(kserver, &servers[ns_inuse], sizeof(isc_sockaddr_t));
-+
-+	memmove(kserver, &master_servers[master_inuse], sizeof(isc_sockaddr_t));
- 
- 	dns_fixedname_init(&fname);
- 	servname = dns_fixedname_name(&fname);
-@@ -2947,11 +2945,11 @@ recvgss(isc_task_t *task, isc_event_t *event) {
- 	}
- 
- 	if (eresult != ISC_R_SUCCESS) {
--		next_server("recvgss", addr, eresult);
-+		next_master("recvgss", addr, eresult);
- 		ddebug("Destroying request [%p]", request);
- 		dns_request_destroy(&request);
- 		dns_message_renderreset(tsigquery);
--		sendrequest(&servers[ns_inuse], tsigquery, &request);
-+		sendrequest(&master_servers[master_inuse], tsigquery, &request);
- 		isc_mem_put(gmctx, reqinfo, sizeof(nsu_gssinfo_t));
- 		isc_event_free(&event);
- 		return;
--- 
-2.9.3
-
diff --git a/bind.spec b/bind.spec
index d196c54..3c65714 100644
--- a/bind.spec
+++ b/bind.spec
@@ -80,7 +80,6 @@ Patch136:bind-9.10-dist-native-pkcs11.patch
 # introduced by https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=fc9f0ac5778f78003a7acc957a23711811fec122
 Patch137:bind-9.10-use-of-strlcat.patch
 Patch140:bind-9.11-rh1410433.patch
-Patch141:bind-9.11-rh1236087.patch
 Patch142:bind-9.11-rh1484451.patch
 Patch145:bind-9.11-rh1205168.patch
 Patch146:bind-9.11-rh1500017.patch
@@ -324,7 +323,6 @@ This package provides a module which allows commands to be sent to rndc directly
 %patch130 -p1 -b .libdb
 %patch131 -p1 -b .multlib-conflict
 %patch140 -p1 -b .rh1410433
-%patch141 -p1 -b .rh1236087
 %patch142 -p1 -b .rh1484451
 %patch145 -p1 -b .rh1205168
 %patch146 -p1 -b .rh1500017
diff --git a/bind97-rh693982.patch b/bind97-rh693982.patch
index 57bf812..34e6f73 100644
--- a/bind97-rh693982.patch
+++ b/bind97-rh693982.patch
@@ -1,10 +1,12 @@
-diff -up bind-9.7.3-P3/bin/named/server.c.rh693982 bind-9.7.3-P3/bin/named/server.c
---- bind-9.7.3-P3/bin/named/server.c.rh693982	2011-08-12 17:18:55.611978110 +0200
-+++ bind-9.7.3-P3/bin/named/server.c	2011-08-12 17:19:36.009975303 +0200
-@@ -4444,15 +4444,6 @@ load_configuration(const char *filename,
+diff --git a/bin/named/server.c b/bin/named/server.c
+index 529ba5e..a936597 100644
+--- a/bin/named/server.c
++++ b/bin/named/server.c
+@@ -7892,15 +7892,6 @@ load_configuration(const char *filename, ns_server_t *server,
+ 	if (first_time)
  		ns_os_changeuser();
  
- 	/*
+-	/*
 -	 * Check that the working directory is writable.
 -	 */
 -	if (access(".", W_OK) != 0) {
@@ -13,11 +15,10 @@ diff -up bind-9.7.3-P3/bin/named/server.c.rh693982 bind-9.7.3-P3/bin/named/serve
 -			      "the working directory is not writable");
 -	}
 -
--	/*
- 	 * Configure the logging system.
- 	 *
- 	 * Do this after changing UID to make sure that any log
-@@ -4498,6 +4489,15 @@ load_configuration(const char *filename,
+ #ifdef HAVE_LMDB
+ 	/*
+ 	 * Reopen NZD databases.
+@@ -7976,6 +7967,15 @@ load_configuration(const char *filename, ns_server_t *server,
  	}
  
  	/*