diff --git a/bin/named/server.c b/bin/named/server.c
index 452b38945d..2cd6b10d88 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -11081,9 +11081,9 @@ named_server_validation(named_server_t *server, isc_lex_t *lex,
 		if ((ptr != NULL && strcasecmp(ptr, view->name) != 0)
 		    || strcasecmp("_bind", view->name) == 0)
 			continue;
-		CHECK(dns_view_flushcache(view, false));
 
 		if (set) {
+			CHECK(dns_view_flushcache(view, false));
 			view->enablevalidation = enable;
 			changed = true;
 		} else {
diff --git a/bin/rndc/rndc.docbook b/bin/rndc/rndc.docbook
index acc14ac2cd..c5c1c4e0a2 100644
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -1078,6 +1078,8 @@
 	  <para>
 	    Enable, disable, or check the current status of
 	    DNSSEC validation.  By default, validation is enabled.
+	    The cache is flushed when validation is turned on or off
+	    to avoid using data that might differ between states.
 	  </para>
 	</listitem>
       </varlistentry>