diff --git a/net-dns/bind/Manifest b/net-dns/bind/Manifest
index 90166287e..fdb61a4a2 100644
--- a/net-dns/bind/Manifest
+++ b/net-dns/bind/Manifest
@@ -1,4 +1,2 @@
-DIST bind-9.11.2_p1.tar.gz 9783329 BLAKE2B 5a3bbd87112064231bd5e6b09ebb4014f9d5cf65cb601c03555ff540a22d87aec3990cd8e37ce5ff09e9a149bdf122d20ecb01f87731e6c79d80379a6926014f SHA512 168f27f580e3be2f7ada27afa2f72e715e750eec76831cf01bd32fabc1fa65dc29dab0eb7ed1682b076d3be99269897ddbc2c10551631a3911d9e5ae1aa40597
-DIST bind-9.14.8.tar.gz 6403140 BLAKE2B 45cb06ce8564880d501c63d25c7af8567184e4e4293e01886620cf655449c972ab55c77c7aded07838c61557bc56d9edac26097715c1121fcfb6b606d7a29365 SHA512 eb52760982ebd246e6e1945684771193fc7364324a6d6a95a0cae33afa0a4fa24ffe8313b5f9094420c7c2ec932b1b1a9fb19f6e673ff3c5583ab5e3ff04eb6a
 DIST bind-9.16.6.tar.xz 3228368 BLAKE2B 0c2265fe0e006679733a4f7610b0c33bb8e2bd32caf26dca8cfedbea0e08df9e7665cbbbf5321199bd2e30b97ad5b0146ae4e8a9a78abadbe6d067bbd1ad8a3a SHA512 37f57db6d1633cc85a4d954a69bbb3372c65ac43fef965df5aee8dcdd32153bb5b0c6d0d5f00f353dd4464c71d74dc8e801937b930e2b8f6799fa77af5f243e0
 DIST dyndns-samples.tbz2 22866 BLAKE2B 409890653c6536cb9c0e3ba809d2bfde0e0ae73a2a101b4f229b46c01568466bc022bbbc37712171adbd08c572733e93630feab95a0fcd1ac50a7d37da1d1108 SHA512 83b0bf99f8e9ff709e8e9336d8c5231b98a4b5f0c60c10792f34931e32cc638d261967dfa5a83151ec3740977d94ddd6e21e9ce91267b3e279b88affdbc18cac
diff --git a/net-dns/bind/bind-9.16.6-r1.ebuild b/net-dns/bind/bind-9.16.6-r4.ebuild
similarity index 93%
rename from net-dns/bind/bind-9.16.6-r1.ebuild
rename to net-dns/bind/bind-9.16.6-r4.ebuild
index c06920178..61aa1b07d 100644
--- a/net-dns/bind/bind-9.16.6-r1.ebuild
+++ b/net-dns/bind/bind-9.16.6-r4.ebuild
@@ -41,8 +41,9 @@ urandom xml +zlib sdb-ldap"
 # sdb-ldap - patch broken
 # no PKCS11 currently as it requires OpenSSL to be patched, also see bug 409687
 
+# Upstream dropped the old geoip library, but the BIND configuration for using
+# GeoIP remained the same.
 REQUIRED_USE="
-	?? ( geoip geoip2 )
 	postgres? ( dlz )
 	berkdb? ( dlz )
 	mysql? ( dlz )
@@ -64,7 +65,7 @@ DEPEND="
 	postgres? ( dev-db/postgresql:= )
 	caps? ( >=sys-libs/libcap-2.1.0 )
 	xml? ( dev-libs/libxml2 )
-	geoip? ( >=dev-libs/geoip-1.4.6 )
+	geoip? ( dev-libs/libmaxminddb )
 	geoip2? ( dev-libs/libmaxminddb )
 	gssapi? ( virtual/krb5 )
 	json? ( dev-libs/json-c:= )
@@ -85,6 +86,14 @@ RDEPEND="${DEPEND}
 
 S="${WORKDIR}/${MY_P}"
 
+PATCHES=(
+	# should fix https://bugs.gentoo.org/741162 taken from:
+	# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4073
+	"${FILESDIR}/bind-9.16.6-bug-741162.patch"
+
+	"${FILESDIR}/ldap-library-path-on-multilib-machines.patch"
+)
+
 # bug 479092, requires networking
 # bug 710840, cmocka fails LDFLAGS='-Wl,-O1'
 #RESTRICT="test"
@@ -155,9 +164,18 @@ bind_configure() {
 		$(use_with zlib)
 		"${@}"
 	)
-
-	use geoip && myeconfargs+=( --enable-geoip )
-	use geoip2 && myeconfargs+=( --with-maxminddb )
+	# This is for users to start to migrate back to USE=geoip, rather than
+	# USE=geoip2
+	if use geoip ; then
+		myeconfargs+=( $(use_with geoip maxminddb) --enable-geoip )
+	elif use geoip2 ; then
+		# Added 2020/09/30
+		# Remove USE=geoip2 support after 2020/03/01
+		ewarn "USE=geoip2 is deprecated; update your USE flags!"
+		myeconfargs+=( $(use_with geoip2 maxminddb) --enable-geoip )
+	else
+		myeconfargs+=( --without-maxminddb --disable-geoip )
+	fi
 
 	# bug #158664
 #	gcc-specs-ssp && replace-flags -O[23s] -O
diff --git a/net-dns/bind/files/bind-9.16.6-bug-741162.patch b/net-dns/bind/files/bind-9.16.6-bug-741162.patch
new file mode 100644
index 000000000..9cc030c82
--- /dev/null
+++ b/net-dns/bind/files/bind-9.16.6-bug-741162.patch
@@ -0,0 +1,31 @@
+commit 56d2cf6f1ef008ab6cb50545af9b1d8a5c1ece81
+Author: Ondřej Surý <ondrej@isc.org>
+Date:   Mon Aug 24 10:15:07 2020 +0200
+
+    Print diagnostics on dns_name_issubdomain() failure in fctx_create()
+    
+    Log diagnostic message when dns_name_issubdomain() in the fctx_create()
+    when the resolver is qname minimizing and forwarding at the same time.
+    
+    (cherry picked from commit 0a22024c270a38a54f0d51621a046b726df158c0)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 8a36693a9a..b37e756c53 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -5122,7 +5122,14 @@ fctx_create(dns_resolver_t *res, const dns_name_t *name, dns_rdatatype_t type,
+ 
+ 	log_ns_ttl(fctx, "fctx_create");
+ 
+-	INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain));
++	if (!dns_name_issubdomain(&fctx->name, &fctx->domain)) {
++		dns_name_format(&fctx->domain, buf, sizeof(buf));
++		UNEXPECTED_ERROR(__FILE__, __LINE__,
++				 "'%s' is not subdomain of '%s'", fctx->info,
++				 buf);
++		result = ISC_R_UNEXPECTED;
++		goto cleanup_fcount;
++	}
+ 
+ 	fctx->qmessage = NULL;
+ 	result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
diff --git a/net-dns/bind/files/ldap-library-path-on-multilib-machines.patch b/net-dns/bind/files/ldap-library-path-on-multilib-machines.patch
new file mode 100644
index 000000000..5286c72f1
--- /dev/null
+++ b/net-dns/bind/files/ldap-library-path-on-multilib-machines.patch
@@ -0,0 +1,13 @@
+diff --git a/contrib/dlz/config.dlz.in b/contrib/dlz/config.dlz.in
+index f769cf1..721d480 100644
+--- a/contrib/dlz/config.dlz.in
++++ b/contrib/dlz/config.dlz.in
+@@ -396,7 +396,7 @@ case "$use_dlz_ldap" in
+ 	*)
+ 		DLZ_ADD_DRIVER(LDAP, dlz_ldap_driver,
+ 				[-I$use_dlz_ldap/include],
+-				[-L$use_dlz_ldap/lib -lldap -llber])
++				[-lldap -llber])
+ 
+ 		AC_MSG_RESULT(
+ [using LDAP from $use_dlz_ldap/lib and $use_dlz_ldap/include])