diff --git a/CHANGES b/CHANGES
index af5a8dec18..0dadfa32ee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+5201.	[bug]		Fix a possible deadlock in RPZ update code. [GL #973]
+
 5200.	[placeholder]
 
 5199.	[placeholder]
diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c
index 3af65e74d6..5aaab10d1d 100644
--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@@ -1732,6 +1732,16 @@ setup_update(dns_rpz_zone_t *rpz) {
 		goto cleanup;
 	}
 
+	result = dns_dbiterator_pause(rpz->updbit);
+	if (result != ISC_R_SUCCESS) {
+		isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
+			      DNS_LOGMODULE_MASTER, ISC_LOG_ERROR,
+			      "rpz: %s: failed to pause db iterator - %s",
+			      domain, isc_result_totext(result));
+		goto cleanup;
+	}
+
+
  cleanup:
 	if (result != ISC_R_SUCCESS) {
 		if (rpz->updbit != NULL)