diff --git a/CHANGES b/CHANGES
index 23e67dd4d2..1730a040de 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3103.	[bug]		Configuring 'dnssec-validation auto' in a view
+			instead of in the options statement could trigger
+			an assertion failure in named-checkconf. [RT #24382]
+
 3102.	[func]		New 'dnssec-loadkeys-interval' option configures
 			how often, in minutes, to check the key repository
 			for updates when using automatic key maintenance.
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 4cce2bbbc3..37a986e093 100644
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: good.conf,v 1.6 2010/06/02 01:28:40 tbox Exp $ */
+/* $Id: good.conf,v 1.7 2011/05/05 16:13:35 each Exp $ */
 
 /*
  * This is just a random selection of configuration options.
@@ -55,8 +55,24 @@ options {
 	server-id none;
 };
 
-zone "example1" {
-	type master;
-	file "xxx";
-	update-policy local;
+view first {
+        match-clients { none; };
+        dnssec-validation auto;
+        dnssec-lookaside auto;
+        zone "example1" {
+                type master;
+                file "xxx";
+                update-policy local;
+        };
+};
+
+view second {
+        match-clients { any; };
+        dnssec-validation auto;
+        dnssec-lookaside auto;
+        zone "example1" {
+                type master;
+                file "yyy";
+                update-policy local;
+        };
 };
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 84c9c974b3..f8b60f20e9 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.129 2011/04/29 21:37:15 each Exp $ */
+/* $Id: check.c,v 1.130 2011/05/05 16:13:35 each Exp $ */
 
 /*! \file */
 
@@ -2101,6 +2101,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	cfg_aclconfctx_t actx;
 	const cfg_obj_t *obj;
 	isc_boolean_t enablednssec, enablevalidation;
+	const char *valstr = "no";
 
 	/*
 	 * Check that all zone statements are syntactically correct and
@@ -2227,13 +2228,20 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	if (obj == NULL)
 		(void)cfg_map_get(config, "dnssec-validation", &obj);
 	if (obj == NULL)
-		enablevalidation = ISC_FALSE;	/* XXXMPA Change for 9.5. */
-	else
+		enablevalidation = ISC_TRUE;
+		valstr = "yes";
+	else if (cfg_obj_isboolean(obj)) {
 		enablevalidation = cfg_obj_asboolean(obj);
+		valstr = enablevalidation ? "yes" : "no";
+	} else {
+		enablevalidation = ISC_TRUE;
+		valstr = "auto";
+	}
 
 	if (enablevalidation && !enablednssec)
 		cfg_obj_log(obj, logctx, ISC_LOG_WARNING,
-			    "'dnssec-validation yes;' and 'dnssec-enable no;'");
+			    "'dnssec-validation %s;' and 'dnssec-enable no;'",
+			    valstr);
 
 	/*
 	 * Check trusted-keys and managed-keys.