diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 12eddd79c2..41c1a598db 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -730,22 +730,27 @@ strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) {
 static void
 checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
 	   const cfg_obj_t **objp) {
-	const char *zone = NULL;
 	isc_result_t result;
 
 	switch (ztype) {
 	case dns_zone_slave:
 	case dns_zone_mirror:
-		zone = "slave";
+		result = named_checknames_get(maps, "secondary", objp);
+		if (result != ISC_R_SUCCESS) {
+			result = named_checknames_get(maps, "slave", objp);
+		}
 		break;
 	case dns_zone_master:
-		zone = "master";
+		result = named_checknames_get(maps, "primary", objp);
+		if (result != ISC_R_SUCCESS) {
+			result = named_checknames_get(maps, "master", objp);
+		}
 		break;
 	default:
 		INSIST(0);
 		ISC_UNREACHABLE();
 	}
-	result = named_checknames_get(maps, zone, objp);
+
 	INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);
 }
 
diff --git a/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf b/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf
new file mode 100644
index 0000000000..5ac12cce9c
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	check-names primary warn;
+	check-names primary fail;
+};
diff --git a/bin/tests/system/checkconf/bad-checknames-primary-dup.conf b/bin/tests/system/checkconf/bad-checknames-primary-dup.conf
new file mode 100644
index 0000000000..b0934fac69
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-checknames-primary-dup.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	check-names master warn;
+	check-names primary fail;
+};
diff --git a/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf b/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf
new file mode 100644
index 0000000000..f60a84dfac
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	check-names slave ignore;
+	check-names secondary warn;
+};
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 4f65c0621e..8c3c239456 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -72,6 +72,8 @@ options {
 	recursive-clients 3000;
 	serial-query-rate 100;
 	server-id none;
+	check-names primary warn;
+	check-names secondary ignore;
 	max-cache-size 20000000000000;
 	nta-lifetime 604800;
 	nta-recheck 604800;
diff --git a/bin/tests/system/checknames/ns4/named.conf.in b/bin/tests/system/checknames/ns4/named.conf.in
index d4065cafab..8ae4a8ecca 100644
--- a/bin/tests/system/checknames/ns4/named.conf.in
+++ b/bin/tests/system/checknames/ns4/named.conf.in
@@ -19,7 +19,7 @@ options {
 	listen-on-v6 { none; };
 	recursion yes;
 	dnssec-validation yes;
-	check-names master ignore;
+	check-names primary ignore;
 	notify yes;
 };
 
diff --git a/bin/tests/system/checknames/tests.sh b/bin/tests/system/checknames/tests.sh
index 74f783e4d3..2ca2f1ae1a 100644
--- a/bin/tests/system/checknames/tests.sh
+++ b/bin/tests/system/checknames/tests.sh
@@ -127,7 +127,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 n=`expr $n + 1`
 
-echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
+echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)"
 ret=0
 not=1
 $NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index e01b58a294..6cc4b39a42 100644
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2051,7 +2051,7 @@ Boolean Options
    This option is used to restrict the character set and syntax of
    certain domain names in master files and/or DNS responses received
    from the network. The default varies according to usage area. For
-   ``master`` zones the default is ``fail``. For ``slave`` zones the
+   ``primary`` zones the default is ``fail``. For ``secondary`` zones the
    default is ``warn``. For answers received from the network
    (``response``), the default is ``ignore``.
 
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 40192669ad..c676ff4d22 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1567,6 +1567,81 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
 		}
 	}
 
+	obj = NULL;
+	(void)cfg_map_get(options, "check-names", &obj);
+	if (obj != NULL && !cfg_obj_islist(obj)) {
+		obj = NULL;
+	}
+	if (obj != NULL) {
+		enum { MAS = 1, PRI = 2, SLA = 4, SEC = 8 } values = 0;
+		for (const cfg_listelt_t *el = cfg_list_first(obj); el != NULL;
+		     el = cfg_list_next(el))
+		{
+			const cfg_obj_t *tuple = cfg_listelt_value(el);
+			const cfg_obj_t *type = cfg_tuple_get(tuple, "type");
+			const char *keyword = cfg_obj_asstring(type);
+			if (strcasecmp(keyword, "primary") == 0) {
+				if ((values & PRI) == PRI) {
+					cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+						    "'check-names primary' "
+						    "duplicated");
+					if (result == ISC_R_SUCCESS) {
+						result = ISC_R_FAILURE;
+					}
+				}
+				values |= PRI;
+			} else if (strcasecmp(keyword, "master") == 0) {
+				if ((values & MAS) == MAS) {
+					cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+						    "'check-names master' "
+						    "duplicated");
+					if (result == ISC_R_SUCCESS) {
+						result = ISC_R_FAILURE;
+					}
+				}
+				values |= MAS;
+			} else if (strcasecmp(keyword, "secondary") == 0) {
+				if ((values & SEC) == SEC) {
+					cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+						    "'check-names secondary' "
+						    "duplicated");
+					if (result == ISC_R_SUCCESS) {
+						result = ISC_R_FAILURE;
+					}
+				}
+				values |= SEC;
+			} else if (strcasecmp(keyword, "slave") == 0) {
+				if ((values & SLA) == SLA) {
+					cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+						    "'check-names slave' "
+						    "duplicated");
+					if (result == ISC_R_SUCCESS) {
+						result = ISC_R_FAILURE;
+					}
+				}
+				values |= SLA;
+			}
+		}
+
+		if ((values & (PRI | MAS)) == (PRI | MAS)) {
+			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+				    "'check-names' cannot take both "
+				    "'primary' and 'master'");
+			if (result == ISC_R_SUCCESS) {
+				result = ISC_R_FAILURE;
+			}
+		}
+
+		if ((values & (SEC | SLA)) == (SEC | SLA)) {
+			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+				    "'check-names' cannot take both "
+				    "'secondary' and 'slave'");
+			if (result == ISC_R_SUCCESS) {
+				result = ISC_R_FAILURE;
+			}
+		}
+	}
+
 	return (result);
 }