diff --git a/CHANGES b/CHANGES
index 0f9b43de08..4b2246d3b3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3337.	[bug]		Change #3294 broke support for the multiple keys
+			in controls. [RT #29694]
+
 3336.	[func]		Maintain statistics for RRsets tagged as "stale".
 			[RT #29514]
 
diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
index f360d02203..8a3d3b0932 100644
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -373,8 +373,10 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 		if (result == ISC_R_SUCCESS)
 			break;
 		isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
-		log_invalid(&conn->ccmsg, result);
-		goto cleanup;
+		if (result != ISCCC_R_BADAUTH) {
+			log_invalid(&conn->ccmsg, result);
+			goto cleanup;
+		}
 	}
 
 	if (key == NULL) {
diff --git a/bin/tests/system/rndc/ns2/named.conf b/bin/tests/system/rndc/ns2/named.conf
index fa2000aa43..f2d91a161b 100644
--- a/bin/tests/system/rndc/ns2/named.conf
+++ b/bin/tests/system/rndc/ns2/named.conf
@@ -32,8 +32,13 @@ key rndc_key {
 	algorithm hmac-md5;
 };
 
+key secondkey {
+	secret "abcd1234abcd8765";
+	algorithm hmac-md5;
+};
+
 controls {
-	inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+	inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; secondkey; };
 };
 
 
diff --git a/bin/tests/system/rndc/ns2/secondkey.key b/bin/tests/system/rndc/ns2/secondkey.key
new file mode 100644
index 0000000000..2e8be57e3d
--- /dev/null
+++ b/bin/tests/system/rndc/ns2/secondkey.key
@@ -0,0 +1,4 @@
+key secondkey {
+        secret "abcd1234abcd8765";
+        algorithm hmac-md5;
+};
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index 1ae31d98b0..634b0e4e18 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -233,5 +233,11 @@ grep "ADB stats" ns2/named.stats > /dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:test using second key"
+ret=0
+$RNDC -s 10.53.0.2 -p 9953 -k ns2/secondkey.key status > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
diff --git a/lib/isccc/cc.c b/lib/isccc/cc.c
index b549d6cb9e..1ab9479855 100644
--- a/lib/isccc/cc.c
+++ b/lib/isccc/cc.c
@@ -399,8 +399,6 @@ table_fromwire(isccc_region_t *source, isccc_region_t *secret,
 		first_tag = ISC_FALSE;
 	}
 
-	*alistp = alist;
-
 	if (secret != NULL) {
 		if (checksum_rstart != NULL)
 			result = verify(alist, checksum_rstart,
@@ -412,7 +410,9 @@ table_fromwire(isccc_region_t *source, isccc_region_t *secret,
 		result = ISC_R_SUCCESS;
 
  bad:
-	if (result != ISC_R_SUCCESS)
+	if (result == ISC_R_SUCCESS)
+		*alistp = alist;
+	else
 		isccc_sexpr_free(&alist);
 
 	return (result);