Description of problem:
Current release 9.11.4-P2 is not latest ESV release. Few features are not available. However, more imporant code change happened in 9.11.5  release.
- Many types in source code were changed, making most backported patches, including relative simple ones, not applicable without manual handwork.
- Adds also support for kerberos based ACL rules: krb5-selfsub and ms-selfsub.
Release 9.11.6-P1  contains:
- Fix for CVE-2019-6465 (bug #1683010)
- Fix for CVE-2018-5745 (bug #1683016)
- Fixes possible broken NSEC and NSEC3 signatures 
Version-Release number of selected component (if applicable):
According to release notes, only IDN features are changed in those releases. That part is originally from Red Hat, we already have downstream patches for it, it does not change behaviour of our version. Otherwise, should be safe.
Complete upstream release notes  list few more. Includes GeoIP2 feature, documented separately in bug #1564443.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.