I'm not assigning this one as I'm not sure if you've seen this or not.

ISC released an update today for BIND, part of it was that CVE-2009-4022
was not completely fixed:
https://www.isc.org/advisories/CVE-2009-4022

If you look down at the bottom of their advisory you can see this:
    Jan. 19 - Revised Summary, Severity, Description, Workaround, Impact &
    Solution (earlier fixes incomplete) 

As best as we can tell, this is why:
https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7

Thanks.