diff --git a/bin/tests/system/nsec3/ns3/named.conf.in b/bin/tests/system/nsec3/ns3/named.conf.in
index 791881225b..2241bc87bf 100644
--- a/bin/tests/system/nsec3/ns3/named.conf.in
+++ b/bin/tests/system/nsec3/ns3/named.conf.in
@@ -111,3 +111,11 @@ zone "nsec3-to-nsec.kasp" {
 	file "nsec3-to-nsec.kasp.db";
 	dnssec-policy "nsec3";
 };
+
+/* The zone fails to load, this should not prevent shutdown. */
+zone "nsec3-fails-to-load.kasp" {
+	type primary;
+	file "nsec3-fails-to-load.kasp.db";
+	dnssec-policy "nsec3";
+	allow-update { any; };
+};
diff --git a/bin/tests/system/nsec3/ns3/named2.conf.in b/bin/tests/system/nsec3/ns3/named2.conf.in
index 5c1094e276..380e56654c 100644
--- a/bin/tests/system/nsec3/ns3/named2.conf.in
+++ b/bin/tests/system/nsec3/ns3/named2.conf.in
@@ -118,7 +118,7 @@ zone "nsec3-to-nsec.kasp" {
 	dnssec-policy "nsec";
 };
 
-/* Add a zone that fails to load, should not prevent shutdown. */
+/* The zone fails to load, but is fixed after a reload. */
 zone "nsec3-fails-to-load.kasp" {
 	type primary;
 	file "nsec3-fails-to-load.kasp.db";
diff --git a/bin/tests/system/nsec3/tests.sh b/bin/tests/system/nsec3/tests.sh
index 62c49e5904..ac3a3c13cd 100644
--- a/bin/tests/system/nsec3/tests.sh
+++ b/bin/tests/system/nsec3/tests.sh
@@ -218,7 +218,6 @@ echo_i "reconfig dnssec-policy to trigger nsec3 rollovers"
 copy_setports ns3/named2.conf.in ns3/named.conf
 rndc_reconfig ns3 10.53.0.3
 
-
 # Zone: nsec-to-nsec3.kasp. (reconfigured)
 set_zone_policy "nsec-to-nsec3.kasp" "nsec3"
 set_nsec3param "0" "5" "8"
@@ -324,5 +323,15 @@ echo_i "check zone ${ZONE} after restart has salt ${SALT}"
 check_nsec3
 dnssec_verify
 
+# Zone: nsec3-fails-to-load.kasp. (should be fixed after reload)
+cp ns3/template.db.in ns3/nsec3-fails-to-load.kasp.db
+rndc_reload ns3 10.53.0.3
+
+set_zone_policy "nsec3-fails-to-load.kasp" "nsec3"
+set_nsec3param "0" "5" "8"
+echo_i "check zone ${ZONE} after reload"
+check_nsec3
+dnssec_verify
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 0755baf636..3d24967577 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -21228,6 +21228,7 @@ static void
 setnsec3param(isc_task_t *task, isc_event_t *event) {
 	const char *me = "setnsec3param";
 	dns_zone_t *zone = event->ev_arg;
+	bool loadpending;
 
 	INSIST(DNS_ZONE_VALID(zone));
 
@@ -21235,6 +21236,10 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
 
 	ENTER;
 
+	LOCK_ZONE(zone);
+	loadpending = DNS_ZONE_FLAG(zone, DNS_ZONEFLG_LOADPENDING);
+	UNLOCK_ZONE(zone);
+
 	/*
 	 * If receive_secure_serial is still processing or we have a
 	 * queued event append rss_post queue.
@@ -21252,7 +21257,7 @@ setnsec3param(isc_task_t *task, isc_event_t *event) {
 		 * be picked up later. This turns this function into a busy
 		 * wait, but it only happens at startup.
 		 */
-		if (zone->db == NULL) {
+		if (zone->db == NULL && loadpending) {
 			rescheduled = true;
 			isc_task_send(task, &event);
 		}