diff --git a/.bind-dyndb-ldap.metadata b/.bind-dyndb-ldap.metadata
index a1d3b8d..0e4b861 100644
--- a/.bind-dyndb-ldap.metadata
+++ b/.bind-dyndb-ldap.metadata
@@ -1 +1 @@
-2ddce96217240ef58962105e7677e70a52550eec SOURCES/bind-dyndb-ldap-11.9.tar.bz2
+73251b2d57a1be41317bea9da4eb3204c1d808c0 SOURCES/bind-dyndb-ldap-11.11.tar.bz2
diff --git a/.gitignore b/.gitignore
index 422aec5..1e57328 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/bind-dyndb-ldap-11.9.tar.bz2
+SOURCES/bind-dyndb-ldap-11.11.tar.bz2
diff --git a/SOURCES/0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch b/SOURCES/0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch
deleted file mode 100644
index bbcfe7d..0000000
--- a/SOURCES/0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 7b4c1e28b3e64f7cd075599472e349510f8d33da Mon Sep 17 00:00:00 2001
-From: Petr Menšík <pemensik@redhat.com>
-Date: Sep 14 2022 15:23:20 +0000
-Subject: Modify empty zone conflicts under exclusive mode
-
-
-Does not accept new request when exclusive mode is active. Zone table
-can be modified even after main fwd entries have been added. Ensure
-empty zones handling keeps exclusive mode active.
-
-Exclusive mode were mentioned as the only protection it had by bind
-maintainer:
-https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6637#note_308928
-
----
-
-diff --git a/src/fwd.c b/src/fwd.c
-index 24f6e53..0a3c673 100644
---- a/src/fwd.c
-+++ b/src/fwd.c
-@@ -595,10 +595,12 @@ fwd_configure_zone(const settings_set_t *set, ldap_instance_t *inst,
- 		  dns_result_totext(result));
- 
- 	/* Handle collisions with automatic empty zones. */
--	if (isconfigured == true)
-+	if (isconfigured == true) {
-+		run_exclusive_enter(inst, &lock_state);
- 		CHECK(empty_zone_handle_conflicts(name,
- 						  view->zonetable,
- 						  (fwdpolicy == dns_fwdpolicy_first)));
-+	}
- 
- cleanup:
- 	run_exclusive_exit(inst, lock_state);
-
diff --git a/SOURCES/bind-dyndb-ldap-11.10-bind-CVE-2024-1737.patch b/SOURCES/bind-dyndb-ldap-11.10-bind-CVE-2024-1737.patch
deleted file mode 100644
index 06764ac..0000000
--- a/SOURCES/bind-dyndb-ldap-11.10-bind-CVE-2024-1737.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From c7801fabb1597c4d4b18b21fcfcf6ab064040ba5 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Wed, 7 Aug 2024 16:19:46 +0200
-Subject: [PATCH] Detect presence of dns_zone_setmaxrrperset
-
-Because it were backported into bind-9.16 branch by upstream and testing
-of simpler variant fails in some cases. This assumes these call do not
-appear only after 9.18.28, but may be backported into previous versions.
-Tests just call presence and assumes dns_db_setmaxtypepername will be
-present also.
----
- configure.ac      |  4 ++++
- src/ldap_driver.c | 25 +++++++++++++++++++++++++
- 2 files changed, 29 insertions(+)
-
-diff --git a/configure.ac b/configure.ac
-index faac214..b897c2b 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -137,6 +137,10 @@ AC_CHECK_LIB([dns], [dns_db_setservestalettl],
-   [AC_DEFINE([HAVE_DNS_SERVESTALE], 1, [Define if dns library provides dns_db_setservestalettl])]
- )
- 
-+AC_CHECK_LIB([dns], [dns_db_setmaxrrperset],
-+  [AC_DEFINE([HAVE_DNS_DB_SETMAXRRPERSET], 1, [Define if dns library provides dns_db_setmaxrrperset])]
-+)
-+
- dnl Older autoconf (2.59, for example) doesn't define docdir
- [[ ! -n "$docdir" ]] && docdir='${datadir}/doc/${PACKAGE_TARNAME}'
- AC_SUBST([docdir])
-diff --git a/src/ldap_driver.c b/src/ldap_driver.c
-index 5f9e00a..29896d4 100644
---- a/src/ldap_driver.c
-+++ b/src/ldap_driver.c
-@@ -909,6 +909,27 @@ adjusthashsize(dns_db_t *db, size_t size) {
- }
- #endif
- 
-+#if HAVE_DNS_DB_SETMAXRRPERSET
-+/* Calls added to fix CVE-2024-1737 in 9.18.28 */
-+static void
-+setmaxrrperset(dns_db_t *db, uint32_t value) {
-+	ldapdb_t *ldapdb = (ldapdb_t *) db;
-+
-+	REQUIRE(VALID_LDAPDB(ldapdb));
-+
-+	return dns_db_setmaxrrperset(ldapdb->rbtdb, value);
-+}
-+
-+static void
-+setmaxtypepername(dns_db_t *db, uint32_t value) {
-+	ldapdb_t *ldapdb = (ldapdb_t *) db;
-+
-+	REQUIRE(VALID_LDAPDB(ldapdb));
-+
-+	return dns_db_setmaxtypepername(ldapdb->rbtdb, value);
-+}
-+#endif
-+
- static dns_dbmethods_t ldapdb_methods = {
- 	attach,
- 	detach,
-@@ -969,6 +990,10 @@ static dns_dbmethods_t ldapdb_methods = {
- #if LIBDNS_VERSION_MAJOR >= 1606
- 	adjusthashsize, /* adjusthashsize */
- #endif
-+#if HAVE_DNS_DB_SETMAXRRPERSET
-+	setmaxrrperset, /* setmaxrrperset */
-+	setmaxtypepername, /* setmaxtypepername */
-+#endif
- };
- 
- isc_result_t ATTR_NONNULLS
--- 
-2.45.2
-
diff --git a/SOURCES/bind-dyndb-ldap-11.11.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.11.tar.bz2.asc
new file mode 100644
index 0000000..e16c75a
--- /dev/null
+++ b/SOURCES/bind-dyndb-ldap-11.11.tar.bz2.asc
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQJMBAABCgA2FiEEhD/TWKTBHgTUwD3S5vWnKGOylwYFAmeQyXAYHHJlbGVhc2Vz
+QG1nLmZyZWVpcGEub3JnAAoJEOb1pyhjspcGQTIQAKzF8EmPBIQQbMZlSdsH312r
+M7tkjr7+mdcOEKaiGtbpAT8h8KmDWZjDqCuCzYMIVFLL5S7aRpFjowbPQo612a3j
+MYEchw5O0vkBaqRxqwZqBxgRkgFiyw7LfziZospLS23UbKYxtZA32/GUhhnaXpoC
+EeH3afXE4zMSy8OhLDYIcAa0Vpb0eQcouGbN3/bmoMXwafdt/mlKMgNupgrnnXFT
+RYSkvMnfD5vakFeXbPhu9b4fkV+hUAh8vxJbBDa2Gkkrmu/DMwR/Y0QcMec5RF/z
+MMpma3YaqetIC8jIsHAcCV6Tq8gjCoIXzIbueWxspBZU6tzHFRfMlKl4ZQjxz3Jq
+SvFFTw5vvEwewgPChL+ReVgqx56FAr7RrYHCM1eADBCoVvrTLYZeZObip+z1xLEt
+i6yYvnb93Hyr9r5rKdd1S9IbKQiqArYXT+9GF2a6w/ti44E/Iav9PI8uOGmIWPLc
+25INbGGAZoHCmESWX1zXgm0DGLGQ7fbY2Iyl1tTo2ugtyDvhkNjjSmZ2z1zu7N+2
+O5hTtSovrmsl8fqpL/52NiUsEcHllZuXEDUMP+w8Lk8IM5ZWtBtypzhh6Ej2AHQZ
+/WrBmhanA/fcOEdUpG5LIJ0ce+mif/K+pUgIwuRJ4m4NpV0c7UxC4IZXx4vOfmyn
+p8OUsetDMyZQRuZn6TtN
+=UB7t
+-----END PGP SIGNATURE-----
diff --git a/SOURCES/bind-dyndb-ldap-11.9-bind-9.16.17.patch b/SOURCES/bind-dyndb-ldap-11.9-bind-9.16.17.patch
deleted file mode 100644
index 3f3edbc..0000000
--- a/SOURCES/bind-dyndb-ldap-11.9-bind-9.16.17.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From d7d3032de7f5d3dd3cffea6064549b63a9ad7d59 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
-Date: Thu, 17 Jun 2021 17:57:52 +0200
-Subject: [PATCH] Skip isc_bind9 check on BIND 9.16.17+
-
-Reference variable refvar from dns_dyndbctx_t were removed. Removed was
-also flag requesting different namespace. Skip that check on last stable
-version, it should eval to false on all versions anyway.
----
- src/ldap_driver.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/ldap_driver.c b/src/ldap_driver.c
-index e9f1005ee..5f9e00af1 100644
---- a/src/ldap_driver.c
-+++ b/src/ldap_driver.c
-@@ -1156,6 +1156,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
- 	RUNTIME_CHECK(isc_once_do(&library_init_once, library_init)
- 		      == ISC_R_SUCCESS);
- 
-+#if LIBDNS_VERSION_MAJOR < 1617
- 	/*
- 	 * Depending on how dlopen() was called, we may not have
- 	 * access to named's global namespace, in which case we need
-@@ -1168,6 +1169,7 @@ dyndb_init(isc_mem_t *mctx, const char *name, const char *parameters,
- 		isc_hash_set_initializer(dctx->hashinit);
- 		log_debug(5, "registering library from dynamic ldap driver, %p != %p.", dctx->refvar, &isc_bind9);
- 	}
-+#endif
- 
- 	log_debug(2, "registering dynamic ldap driver for %s.", name);
- 
--- 
-2.31.1
-
diff --git a/SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch b/SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
deleted file mode 100644
index 0272ebf..0000000
--- a/SOURCES/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff --git a/src/mldap.c b/src/mldap.c
-index 92a330c..79efddb 100644
---- a/src/mldap.c
-+++ b/src/mldap.c
-@@ -50,18 +50,7 @@
- static unsigned char uuid_rootname_ndata[]
- 	= { 4, 'u', 'u', 'i', 'd', 4, 'l', 'd', 'a', 'p', 0 };
- static unsigned char uuid_rootname_offsets[] = { 0, 5, 10 };
--static dns_name_t uuid_rootname =
--{
--	DNS_NAME_MAGIC,
--	uuid_rootname_ndata,
--	sizeof(uuid_rootname_ndata),
--	sizeof(uuid_rootname_offsets),
--	DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
--	uuid_rootname_offsets,
--	NULL,
--	{ (void *)-1, (void *)-1 },
--	{ NULL, NULL }
--};
-+static dns_name_t uuid_rootname = DNS_NAME_INITABSOLUTE(uuid_rootname_ndata, uuid_rootname_offsets);
- 
- struct mldapdb {
- 	isc_mem_t	*mctx;
diff --git a/SOURCES/bind-dyndb-ldap-11.9.tar.bz2.asc b/SOURCES/bind-dyndb-ldap-11.9.tar.bz2.asc
deleted file mode 100644
index 9b4924e..0000000
--- a/SOURCES/bind-dyndb-ldap-11.9.tar.bz2.asc
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEhAodHH8+xLL+UwQ1RxniuKu/YhoFAmCtCAoACgkQRxniuKu/
-YhptNQ//QvGsnJsvlhZddT1EnoiiNhmKyW6HAV7f/0z4L/1RE9sng930mLhRD5mI
-wFPzeJBBYVTM82hZwjboaa8r5hpAHiq29Q6o7cBCIcOEN6YhNZePoO7RmU1TaF57
-6LGIzmUuEHfHaajV7fvYUY/kW0mJrxLwu58IJX7wi8OsJi+Exx8EqjVIVPJYkj3n
-hen17jJmxnPyjI3fhwZt+ON3X3yfocLgsg08Zl4dtB6MTHMeb0a6gxZ2MQwpCGrq
-zmo+Qv3OkvxJHPtpKO46je4GHZ3JYSNfCu8fVSqFiZfqu0Zv1DF6YUjxsHHU1BVk
-64CCEN1vNal1rIblwz447oEAwBWQ0ky0r+EtAYfUggSHZ/Lwjh8LX44VYISa/4Io
-R3aq3Egz8YwttXoH1PEGqv6ag9O7S8dVqKRm2+UmC6ajKtDtQimvWfyiInAjAsm4
-ngwiWoqfYVYvs38YSc9oL/VFc0N7NglNGTVOKzgrkUlG8RF2GEdeMqXBcPflIL16
-+R8AEgaFOcFmyrv1DMTglK6Mq2EjSDlfxVb8Rv1jiBmglB1z0hzLi0yVLNIAobPF
-eOgi5Aq7UYWnT7oE8t6m1PWomVBObNFtC7OgMTdXt0lT7ZdqbRkxaW0CCY1+e645
-4NlyEvwONUGPKzl7jlSNH/5eE0GuYp6Qi68b+LkBf5wfK4axfdY=
-=OlUq
------END PGP SIGNATURE-----
diff --git a/SPECS/bind-dyndb-ldap.spec b/SPECS/bind-dyndb-ldap.spec
index 80ed0e7..433c98f 100644
--- a/SPECS/bind-dyndb-ldap.spec
+++ b/SPECS/bind-dyndb-ldap.spec
@@ -1,18 +1,26 @@
 
 %define VERSION %{version}
 
-%define bind_version 32:9.16.23-19
+%define bind_name bind9.18
+%define bind_version 32:9.18.29-2
 
 %if 0%{?fedora} >= 31 || 0%{?rhel} > 8
+%if 0%{?fedora} >= 40 || 0%{?rhel} >= 10
+    %global openssl_pkcs11_version 0.3
+    %global openssl_pkcs11_name pkcs11-provider
+    %global softhsm_version 2.6.1
+%else
     %global openssl_pkcs11_version 0.4.10-6
+    %global openssl_pkcs11_name openssl-pkcs11
     %global softhsm_version 2.5.0-4
+%endif
 %else
     %global with_bind_pkcs11 1
 %endif
 
 Name:           bind-dyndb-ldap
-Version:        11.9
-Release:        10%{?dist}
+Version:        11.11
+Release:        2%{?dist}
 Summary:        LDAP back-end plug-in for BIND
 
 License:        GPLv2+
@@ -20,30 +28,54 @@ URL:            https://releases.pagure.org/bind-dyndb-ldap
 Source0:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2
 Source1:        https://releases.pagure.org/%{name}/%{name}-%{VERSION}.tar.bz2.asc
 
-Patch1:         bind-dyndb-ldap-11.9-bind-9.16.17.patch
-Patch2:         0001-Modify-empty-zone-conflicts-under-exclusive-mode_rhbz#2129844.patch
-# https://pagure.io/bind-dyndb-ldap/pull-request/229
-Patch3:         https://pagure.io/bind-dyndb-ldap/raw/dbbcc2f07ea6955c6b0b5a719f8058c54b1d750c#/bind-dyndb-ldap-11.9-bind-CVE-2023-50387.patch
-# https://pagure.io/bind-dyndb-ldap/pull-request/235
-Patch4:         bind-dyndb-ldap-11.10-bind-CVE-2024-1737.patch
+%if "%{bind_name}" != "bind" && 0%{?rhel} == 9
+Obsoletes: bind < 32:9.18
+Obsoletes: bind-chroot <= 32:9.18
+Obsoletes: bind-devel <= 32:9.18
+Obsoletes: bind-dlz-filesystem <= 32:9.18
+Obsoletes: bind-dlz-ldap <= 32:9.18
+Obsoletes: bind-dlz-mysql <= 32:9.18
+Obsoletes: bind-dlz-sqlite3 <= 32:9.18
+Obsoletes: bind-dnssec-doc <= 32:9.18
+Obsoletes: bind-dnssec-utils <= 32:9.18
+Obsoletes: bind-doc <= 32:9.18
+Obsoletes: bind-license <= 32:9.18
+Obsoletes: bind-libs <= 32:9.18
+Obsoletes: bind-utils <= 32:9.18
+Obsoletes: python3-bind <= 32:9.18
+%endif
+%if "%{bind_name}" != "bind9.18" && 0%{?rhel} > 9
+Obsoletes: bind9.18 <= 32:9.18
+Obsoletes: bind9.18-chroot <= 32:9.18
+Obsoletes: bind9.18-devel <= 32:9.18
+Obsoletes: bind9.18-dnssec-doc <= 32:9.18
+Obsoletes: bind9.18-dnssec-utils <= 32:9.18
+Obsoletes: bind9.18-doc <= 32:9.18
+Obsoletes: bind9.18-libs <= 32:9.18
+Obsoletes: bind9.18-utils <= 32:9.18
+%endif
 
-BuildRequires:  bind-devel >= %{bind_version}, bind-lite-devel >= %{bind_version}
+BuildRequires:  %{bind_name}-devel >= %{bind_version}, %{bind_name}-lite-devel >= %{bind_version}
 BuildRequires:  krb5-devel
 BuildRequires:  openldap-devel
 BuildRequires:  libuuid-devel
 BuildRequires:  automake, autoconf, libtool
+BuildRequires:  autoconf-archive
+
+# https://bugzilla.redhat.com/show_bug.cgi?id=2165256
+Conflicts: bind9-next
 
 %if %{with bind_pkcs11}
-BuildRequires:  bind-pkcs11-devel >= %{bind_version}
+BuildRequires:  %{bind_name}-pkcs11-devel >= %{bind_version}
 BuildRequires: make
-Requires(pre): bind-pkcs11 >= %{bind_version}
-Requires: bind-pkcs11 >= %{bind_version}
-Requires: bind-pkcs11-utils >= %{bind_version}
+Requires(pre): %{bind_name}-pkcs11 >= %{bind_version}
+Requires: %{bind_name}-pkcs11 >= %{bind_version}
+Requires: %{bind_name}-pkcs11-utils >= %{bind_version}
 %else
 Requires: softhsm >= %{softhsm_version}
-Requires: openssl-pkcs11 >= %{openssl_pkcs11_version}
-Requires(pre): bind >= %{bind_version}
-Requires: bind >= %{bind_version}
+Requires: %{openssl_pkcs11_name} >= %{openssl_pkcs11_version}
+Requires(pre): %{bind_name} >= %{bind_version}
+Requires: %{bind_name} >= %{bind_version}
 %endif
 
 %description
@@ -121,6 +153,17 @@ sed -i.bak -e "$SEDSCRIPT" /etc/named.conf
 
 
 %changelog
+* Wed Feb 12 2025 Thomas Woerner <twoerner@redhat.com> - 11.11-2
+- Release bump, fixed date for previous changelog entry
+  Resolves: RHEL-78927
+
+* Tue Feb 11 2025 Thomas Woerner <twoerner@redhat.com> - 11.11-1
+- Release 11.11, Support BIND 9.18
+  Resolves: RHEL-78927
+
+* Fri Sep 06 2024 Petr Menšík <pemensik@redhat.com> - 11.9-11
+- Bump version above RHEL 9.5
+
 * Wed Aug 07 2024 Petr Menšík <pemensik@redhat.com> - 11.9-10
 - Rebuilt for BIND CVE-2024-1737 fixes (CVE-2024-1737)