diff --git a/CHANGES b/CHANGES
index 95b4e901d3..c33f3f3d71 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4541.	[bug]		rndc addzone should properly reject non master/slave
+			zones. [RT #43665]
+
 4540.	[bug]		Correctly handle ecs entries in dns_acl_isinsecure.
 			[RT #43601]
 
diff --git a/bin/named/server.c b/bin/named/server.c
index 239fd07dc5..f56a692d22 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -2147,8 +2147,9 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
 	RUNTIME_CHECK(result == ISC_R_SUCCESS);
 	dns_view_thaw(ev->view);
 	result = configure_zone(cfg->config, zoneobj, cfg->vconfig,
-				ev->cbd->server->mctx, ev->view, NULL,
-				cfg->actx, ISC_TRUE, ISC_FALSE, ev->mod);
+				ev->cbd->server->mctx, ev->view, 
+				&ev->cbd->server->viewlist, cfg->actx,
+				ISC_TRUE, ISC_FALSE, ev->mod);
 	dns_view_freeze(ev->view);
 	isc_task_endexclusive(task);
 
@@ -4994,7 +4995,7 @@ configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
 
 	if (ISC_LIST_EMPTY(fwdlist)) {
 		if (forwardtype != NULL)
-			cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
+			cfg_obj_log(forwardtype, ns_g_lctx, ISC_LOG_WARNING,
 				    "no forwarders seen; disabling "
 				    "forwarding");
 		fwdpolicy = dns_fwdpolicy_none;
@@ -6656,8 +6657,8 @@ configure_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 	     element = cfg_list_next(element))
 	{
 		const cfg_obj_t *zconfig = cfg_listelt_value(element);
-		CHECK(configure_zone(config, zconfig, vconfig,
-				     mctx, view, NULL, actx,
+		CHECK(configure_zone(config, zconfig, vconfig, mctx,
+				     view, &ns_g_server->viewlist, actx,
 				     ISC_TRUE, ISC_FALSE, ISC_FALSE));
 	}
 
@@ -6785,8 +6786,8 @@ configure_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
 			CHECK(ISC_R_FAILURE);
 
 		zoneobj = cfg_listelt_value(cfg_list_first(zlist));
-		CHECK(configure_zone(config, zoneobj, vconfig,
-				     mctx, view, NULL, actx,
+		CHECK(configure_zone(config, zoneobj, vconfig, mctx,
+				     view, &ns_g_server->viewlist, actx,
 				     ISC_TRUE, ISC_FALSE, ISC_FALSE));
 
 		cfg_obj_destroy(ns_g_addparser, &zoneconf);
@@ -11252,6 +11253,7 @@ newzone_parse(ns_server_t *server, char *command, dns_view_t **viewp,
 	cfg_obj_t *zoneconf = NULL;
 	const cfg_obj_t *zlist = NULL;
 	const cfg_obj_t *zoneobj = NULL;
+	const cfg_obj_t *zoptions = NULL;
 	const cfg_obj_t *obj = NULL;
 	const char *viewname = NULL;
 	dns_rdataclass_t rdclass;
@@ -11259,6 +11261,8 @@ newzone_parse(ns_server_t *server, char *command, dns_view_t **viewp,
 	const char *bn;
 
 	REQUIRE(viewp != NULL && *viewp == NULL);
+	REQUIRE(zoneobjp != NULL && *zoneobjp == NULL);
+	REQUIRE(zoneconfp != NULL && *zoneconfp == NULL);
 
 	/* Try to parse the argument string */
 	isc_buffer_init(&argbuf, command, (unsigned int) strlen(command));
@@ -11281,12 +11285,40 @@ newzone_parse(ns_server_t *server, char *command, dns_view_t **viewp,
 	CHECK(cfg_parse_buffer3(ns_g_addparser, &argbuf, bn, 0,
 				&cfg_type_addzoneconf, &zoneconf));
 	CHECK(cfg_map_get(zoneconf, "zone", &zlist));
-	if (! cfg_obj_islist(zlist))
+	if (!cfg_obj_islist(zlist))
 		CHECK(ISC_R_FAILURE);
 
 	/* For now we only support adding one zone at a time */
 	zoneobj = cfg_listelt_value(cfg_list_first(zlist));
 
+	/* Check the zone type for ones that are not supported by addzone. */
+	zoptions = cfg_tuple_get(zoneobj, "options");
+
+	obj = NULL;
+	(void)cfg_map_get(zoptions, "type", &obj);
+	if (obj == NULL) {
+		(void) cfg_map_get(zoptions, "in-view", &obj);
+		if (obj != NULL) {
+			(void) putstr(text,
+				      "'in-view' zones not supported by ");
+			(void) putstr(text, bn);
+		} else
+			(void) putstr(text, "zone type not specified");
+		CHECK(ISC_R_FAILURE);
+	}
+
+	if (strcasecmp(cfg_obj_asstring(obj), "hint") == 0 ||
+	    strcasecmp(cfg_obj_asstring(obj), "forward") == 0 ||
+	    strcasecmp(cfg_obj_asstring(obj), "redirect") == 0 ||
+	    strcasecmp(cfg_obj_asstring(obj), "delegation-only") == 0)
+	{
+		(void) putstr(text, "'");
+		(void) putstr(text, cfg_obj_asstring(obj));
+		(void) putstr(text, "' zones not supported by ");
+		(void) putstr(text, bn);
+		CHECK(ISC_R_FAILURE);
+	}
+
 	/* Make sense of optional class argument */
 	obj = cfg_tuple_get(zoneobj, "class");
 	CHECK(ns_config_getclass(obj, dns_rdataclass_in, &rdclass));
@@ -11344,7 +11376,7 @@ delete_zoneconf(dns_view_t *view, cfg_parser_t *pctx,
 
 	cfg_map_get(config, "zone", &zl);
 
-	if (! cfg_obj_islist(zl))
+	if (!cfg_obj_islist(zl))
 		CHECK(ISC_R_FAILURE);
 
 	DE_CONST(&zl->value.list, list);
@@ -11446,8 +11478,8 @@ do_addzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 	/* Mark view unfrozen and configure zone */
 	dns_view_thaw(view);
 	result = configure_zone(cfg->config, zoneobj, cfg->vconfig,
-				server->mctx, view, NULL, cfg->actx,
-				ISC_TRUE, ISC_FALSE, ISC_FALSE);
+				server->mctx, view, &server->viewlist,
+				cfg->actx, ISC_TRUE, ISC_FALSE, ISC_FALSE);
 	dns_view_freeze(view);
 
 	isc_task_endexclusive(server->task);
@@ -11594,8 +11626,8 @@ do_modzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 	/* Reconfigure the zone */
 	dns_view_thaw(view);
 	result = configure_zone(cfg->config, zoneobj, cfg->vconfig,
-				server->mctx, view, NULL, cfg->actx,
-				ISC_TRUE, ISC_FALSE, ISC_TRUE);
+				server->mctx, view, &server->viewlist,
+				cfg->actx, ISC_TRUE, ISC_FALSE, ISC_TRUE);
 	dns_view_freeze(view);
 
 	exclusive = ISC_FALSE;
@@ -11754,7 +11786,8 @@ ns_server_changezone(ns_server_t *server, char *command, isc_buffer_t **text) {
 		addzone = ISC_FALSE;
 	}
 
-	CHECK(newzone_parse(server, command, &view, &zoneconf, &zoneobj, text));
+	CHECK(newzone_parse(server, command, &view, &zoneconf,
+			    &zoneobj, text));
 
 	/* Are we accepting new zones in this view? */
 #ifdef HAVE_LMDB
diff --git a/bin/tests/system/addzone/ns2/hints.db b/bin/tests/system/addzone/ns2/hints.db
new file mode 100644
index 0000000000..274ec9a845
--- /dev/null
+++ b/bin/tests/system/addzone/ns2/hints.db
@@ -0,0 +1,11 @@
+; Copyright (C) 2000, 2001, 2004, 2007, 2016  Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+; $Id: root.hint,v 1.5 2007/06/19 23:47:01 tbox Exp $
+
+$TTL 999999
+.			 IN NS	a.root-servers.nil.
+a.root-servers.nil.	 IN A	10.53.0.1
diff --git a/bin/tests/system/addzone/ns2/redirect.db b/bin/tests/system/addzone/ns2/redirect.db
new file mode 100644
index 0000000000..63a371b4be
--- /dev/null
+++ b/bin/tests/system/addzone/ns2/redirect.db
@@ -0,0 +1,7 @@
+; Copyright (C) 2016  Internet Systems Consortium, Inc. ("ISC")
+; 
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+@	0	SOA	. . 0 0 0 0 0
+@	0	NS	.
diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh
index c1e3c28932..6f3e1bbeff 100755
--- a/bin/tests/system/addzone/tests.sh
+++ b/bin/tests/system/addzone/tests.sh
@@ -179,8 +179,12 @@ status=`expr $status + $ret`
 
 echo "I:delete a normally-loaded zone ($n)"
 ret=0
-$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example 2> rndc.out.ns2.$n
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example > rndc.out.ns2.$n 2>&1
 $DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n
+grep "is no longer active and will be deleted" rndc.out.ns2.$n > /dev/null || ret=1
+grep "To keep it from returning when the server is restarted" rndc.out.ns2.$n > /dev/null || ret=1
+grep "must also be removed from named.conf." rndc.out.ns2.$n > /dev/null || ret=1
+
 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
 n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
@@ -288,6 +292,68 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:check that adding a 'stub' zone works ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'stub.example { type stub; masters { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that adding a 'static-stub' zone works ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that zone type 'redirect' (master) is properly rejected ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type redirect; file "redirect.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that zone type 'redirect' (slave) is properly rejected ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type redirect; masters { 1.2.3.4; }; file "redirect.bk"; };' > rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that zone type 'hint' is properly rejected ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that zone type 'forward' is properly rejected ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that zone type 'delegation-only' is properly rejected ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'in-view' zones are properly rejected ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
+grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:reconfiguring server with multiple views"
 rm -f ns2/named.conf 
 cp -f ns2/named2.conf ns2/named.conf
@@ -352,7 +418,7 @@ echo "I:checking rndc showzone with newly added zone ($n)"
 # loaded from the NZDB at this point.
 for try in 0 1 2 3 4 5; do
     ret=0
-    $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone added.example in external > rndc.out.ns2.$n
+    $RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null
     if [ -z "$NZD" ]; then
       expected='zone "added.example" in external { type master; file "added.db"; };'
     else