diff --git a/CHANGES b/CHANGES
index 65f68e4858..b89081ef1b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4429.	[bug]		Address potential use after free on fclose() error.
+			[RT #42976]
+
 4428.	[bug]		The "test dispatch getnext" unit test could fail
 			in a threaded build. [RT #42979]
 
diff --git a/bin/named/main.c b/bin/named/main.c
index 8c01d75ba4..a455c1856a 100644
--- a/bin/named/main.c
+++ b/bin/named/main.c
@@ -1421,7 +1421,7 @@ main(int argc, char *argv[]) {
 		if (result == ISC_R_SUCCESS) {
 			isc_mem_stats(ns_g_mctx, fp);
 			isc_mutex_stats(fp);
-			isc_stdio_close(fp);
+			(void) isc_stdio_close(fp);
 		}
 	}
 	isc_mem_destroy(&ns_g_mctx);
diff --git a/bin/named/server.c b/bin/named/server.c
index 67fa33f2fb..e0ebf18f98 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -6268,7 +6268,10 @@ generate_session_key(const char *filename, const char *keynamestr,
 		(char*) isc_buffer_base(&key_txtbuffer));
 
 	CHECK(isc_stdio_flush(fp));
-	CHECK(isc_stdio_close(fp));
+	result = isc_stdio_close(fp);
+	fp = NULL;
+	if (result != ISC_R_SUCCESS)
+		goto cleanup;
 
 	dst_key_free(&key);
 
@@ -10750,7 +10753,7 @@ nzf_append(dns_view_t *view, const cfg_obj_t *zconfig) {
 	cfg_printx(zconfig, CFG_PRINTER_ONELINE, dumpzone, fp);
 	CHECK(isc_stdio_write(";\n", 2, 1, fp, NULL));
 	CHECK(isc_stdio_flush(fp));
-	CHECK(isc_stdio_close(fp));
+	result = isc_stdio_close(fp);
 	fp = NULL;
 
  cleanup:
@@ -10795,15 +10798,17 @@ nzf_writeconf(const cfg_obj_t *config, dns_view_t *view) {
 	cfg_printx(config, CFG_PRINTER_ONELINE, dumpzone, fp);
 
 	CHECK(isc_stdio_flush(fp));
-	CHECK(isc_stdio_close(fp));
+	result = isc_stdio_close(fp);
 	fp = NULL;
+	if (result != ISC_R_SUCCESS)
+		goto cleanup;
 	CHECK(isc_file_rename(tmp, view->new_zone_file));
 	return (result);
 
  cleanup:
 	if (fp != NULL)
-		(void) isc_stdio_close(fp);
-	isc_file_remove(tmp);
+		(void)isc_stdio_close(fp);
+	(void)isc_file_remove(tmp);
 	return (result);
 }
 
@@ -11343,7 +11348,7 @@ do_addzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 		goto cleanup;
 	}
 
-	isc_stdio_close(fp);
+	(void)isc_stdio_close(fp);
 	fp = NULL;
 #else /* HAVE_LMDB */
 	/* Make sure we can open the NZD database */
@@ -11435,7 +11440,7 @@ do_addzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 
 #ifndef HAVE_LMDB
 	if (fp != NULL)
-		(void) isc_stdio_close(fp);
+		(void)isc_stdio_close(fp);
 #else /* HAVE_LMDB */
 	if (txn != NULL)
 		(void) nzd_close(&txn, ISC_FALSE);
@@ -11494,7 +11499,7 @@ do_modzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 		TCHECK(putstr(text, isc_result_totext(result)));
 		goto cleanup;
 	}
-	isc_stdio_close(fp);
+	(void)isc_stdio_close(fp);
 	fp = NULL;
 #else /* HAVE_LMDB */
 	/* Make sure we can open the NZD database */
@@ -11636,7 +11641,7 @@ do_modzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
 
 #ifndef HAVE_LMDB
 	if (fp != NULL)
-		(void) isc_stdio_close(fp);
+		(void)isc_stdio_close(fp);
 #else /* HAVE_LMDB */
 	if (txn != NULL)
 		(void) nzd_close(&txn, ISC_FALSE);
diff --git a/lib/dns/view.c b/lib/dns/view.c
index 67b90afcbf..5436820374 100644
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@@ -2197,6 +2197,9 @@ dns_view_saventa(dns_view_t *view) {
 	if (result == ISC_R_NOTFOUND) {
 		removefile = ISC_TRUE;
 		result = ISC_R_SUCCESS;
+	} else if (result == ISC_R_SUCCESS) {
+		result = isc_stdio_close(fp);
+		fp = NULL;
 	}
 
  cleanup:
@@ -2204,7 +2207,7 @@ dns_view_saventa(dns_view_t *view) {
 		dns_ntatable_detach(&ntatable);
 
 	if (fp != NULL)
-		isc_stdio_close(fp);
+		(void)isc_stdio_close(fp);
 
 	/* Don't leave half-baked NTA save files lying around. */
 	if (result != ISC_R_SUCCESS || removefile)