diff --git a/CHANGES b/CHANGES
index cc8929f4b0..97925add57 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4849.	[bug]		Duplicate zones could appear in the .nzf file if
+			addzone failed. [RT #46435]
+
 4847.	[bug]		dnssec-dnskey-kskonly was not being honoured for
 			CDS and CDNSKEY. [RT #46755]
 
diff --git a/bin/named/server.c b/bin/named/server.c
index a4e904bc5b..6d4833a447 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -12607,6 +12607,7 @@ do_addzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 	dns_zone_t *zone = NULL;
 #ifndef HAVE_LMDB
 	FILE *fp = NULL;
+	isc_boolean_t cleanup_config = ISC_FALSE;
 #else /* HAVE_LMDB */
 	MDB_txn *txn = NULL;
 	MDB_dbi dbi;
@@ -12699,14 +12700,15 @@ do_addzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 	 * we've created. If there was a previous one, merge the new
 	 * zone into it.
 	 */
-	if (cfg->nzf_config == NULL)
+	if (cfg->nzf_config == NULL) {
 		cfg_obj_attach(zoneconf, &cfg->nzf_config);
-	else {
+	} else {
 		cfg_obj_t *z;
 		DE_CONST(zoneobj, z);
 		CHECK(cfg_parser_mapadd(cfg->add_parser,
 					cfg->nzf_config, z, "zone"));
 	}
+	cleanup_config = ISC_TRUE;
 #endif /* HAVE_LMDB */
 
 	/*
@@ -12752,6 +12754,12 @@ do_addzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 #ifndef HAVE_LMDB
 	if (fp != NULL)
 		(void)isc_stdio_close(fp);
+	if (result != ISC_R_SUCCESS && cleanup_config) {
+		tresult = delete_zoneconf(view, cfg->add_parser,
+					 cfg->nzf_config, name,
+					 NULL);
+		RUNTIME_CHECK(tresult == ISC_R_SUCCESS);
+	}
 #else /* HAVE_LMDB */
 	if (txn != NULL)
 		(void) nzd_close(&txn, ISC_FALSE);
diff --git a/bin/tests/system/addzone/ns3/e.db b/bin/tests/system/addzone/ns3/e.db
new file mode 100644
index 0000000000..620f4cd947
--- /dev/null
+++ b/bin/tests/system/addzone/ns3/e.db
@@ -0,0 +1,3 @@
+@	SOA	ns3 hostmaster 0 0 0 0 0
+@	NS	ns3
+ns3	A	10.53.0.3
diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh
index fe14f9e3b3..77f12a3326 100755
--- a/bin/tests/system/addzone/tests.sh
+++ b/bin/tests/system/addzone/tests.sh
@@ -672,5 +672,19 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+if ! $FEATURETEST --with-lmdb
+then
+    echo "I:check that addzone is fully reversed on failure (--with-lmdb=no) ($n)"
+    ret=0
+    $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test1.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
+    $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test2.baz" '{ type master; file "dne.db"; };' > /dev/null 2>&1 && ret=1
+    $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 addzone "test3.baz" '{ type master; file "e.db"; };' > /dev/null 2>&1 || ret=1
+    $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 delzone "test3.baz" > /dev/null 2>&1 || ret=1
+    grep test2.baz ns3/_default.nzf > /dev/null && ret=1
+    n=`expr $n + 1`
+    if [ $ret != 0 ]; then echo "I:failed"; fi
+    status=`expr $status + $ret`
+fi
+
 echo "I:exit status: $status"
 [ $status -eq 0 ] || exit 1
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
index 155ea7615e..6ef94b2165 100644
--- a/bin/tests/system/feature-test.c
+++ b/bin/tests/system/feature-test.c
@@ -45,6 +45,7 @@ usage() {
 	fprintf(stderr, "	--rpz-nsdname\n");
 	fprintf(stderr, "	--rpz-nsip\n");
 	fprintf(stderr, "	--with-idn\n");
+	fprintf(stderr, "	--with-lmdb\n");
 }
 
 int
@@ -156,6 +157,14 @@ main(int argc, char **argv) {
 #endif
 	}
 
+	if (strcmp(argv[1], "--with-lmdb") == 0) {
+#ifdef HAVE_LMDB
+		return (0);
+#else
+		return (1);
+#endif
+	}
+
 	if (strcmp(argv[1], "--ipv6only=no") == 0) {
 #ifdef WIN32
 		return (0);