diff --git a/bin/tests/system/nta/tests_nta.py b/bin/tests/system/nta/tests_nta.py
index ece8db6729..828c04822b 100644
--- a/bin/tests/system/nta/tests_nta.py
+++ b/bin/tests/system/nta/tests_nta.py
@@ -147,6 +147,13 @@ def test_nta_behavior(servers):
     isctest.check.noerror(res)
     isctest.check.noadflag(res)
 
+    # Expiry should also trigger a cache flush, so even if a.secure.example A
+    # was cached when its NTA was active, cached data should not be returned.
+    m = isctest.query.create("a.secure.example", "A")
+    res = isctest.query.tcp(m, "10.53.0.4")
+    isctest.check.noerror(res)
+    isctest.check.adflag(res)
+
     # bogus.example was set to expire in 20s, so at t=13
     # it should still be NTA'd, but badds.example used the default
     # lifetime of 12s, so it should revert to SERVFAIL now.
diff --git a/lib/dns/nta.c b/lib/dns/nta.c
index aba39e95c6..a159f4a400 100644
--- a/lib/dns/nta.c
+++ b/lib/dns/nta.c
@@ -361,6 +361,7 @@ delete_expired(void *arg) {
 	isc_result_t result;
 	dns_qp_t *qp = NULL;
 	void *pval = NULL;
+	dns_view_t *view = NULL;
 
 	REQUIRE(VALID_NTATABLE(ntatable));
 
@@ -375,6 +376,17 @@ delete_expired(void *arg) {
 		dns_name_format(&nta->name, nb, sizeof(nb));
 		isc_log_write(DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_NTA,
 			      ISC_LOG_INFO, "deleting expired NTA at %s", nb);
+
+		/*
+		 * Delay the flushing to avoid lock-order-inversion, as
+		 * dns_view_flushnode()->dns_adb_flushnames() locks 'adbname',
+		 * and it can cause a problem e.g. in dns_ntatable_covered() in
+		 * another thread called by the resolver (also involving 'fctx'
+		 * lock), or in dns_ntatable_shutdown() (also involving 'view'
+		 * lock).
+		 */
+		dns_view_weakattach(ntatable->view, &view);
+
 		dns_qp_deletename(qp, &nta->name, DNS_DBNAMESPACE_NORMAL, NULL,
 				  NULL);
 		dns__nta_shutdown(nta);
@@ -383,6 +395,10 @@ delete_expired(void *arg) {
 	dns_qp_compact(qp, DNS_QPGC_MAYBE);
 	dns_qpmulti_commit(ntatable->table, &qp);
 	RWUNLOCK(&ntatable->rwlock, isc_rwlocktype_write);
+	if (view != NULL) {
+		dns_view_flushnode(view, &nta->name, true);
+		dns_view_weakdetach(&view);
+	}
 	dns__nta_detach(&nta);
 	dns_ntatable_detach(&ntatable);
 }