diff --git a/4045.patch b/4045.patch
new file mode 100644
index 0000000..62c36f4
--- /dev/null
+++ b/4045.patch
@@ -0,0 +1,46 @@
+From cf8ab60234a263d2d813701ad07d71132b0b845e Mon Sep 17 00:00:00 2001
+From: Thomas Woerner <twoerner@redhat.com>
+Date: Mon, 16 Dec 2019 14:39:51 +0100
+Subject: [PATCH] DNS install check: Fix overlapping DNS zone from the master
+ itself
+
+The change to allow overlapping zone to be from the master itself has
+introduced two issues: The check for the master itself should only executed
+if options.force and options.allow_zone_overlap are both false and the
+reverse zone check later on was still handling ValueError instead of
+dnsutil.DNSZoneAlreadyExists.
+
+Both issues have been fixed and the deployment with existing name servers
+is properly working again.
+
+Fixes: https://pagure.io/freeipa/issue/8150
+Signed-off-by: Thomas Woerner <twoerner@redhat.com>
+---
+ ipaserver/install/dns.py | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/ipaserver/install/dns.py b/ipaserver/install/dns.py
+index 36ba6f899d..9f08e86f9b 100644
+--- a/ipaserver/install/dns.py
++++ b/ipaserver/install/dns.py
+@@ -135,15 +135,15 @@ def install_check(standalone, api, replica, options, hostname):
+                 logger.warning("%s Please make sure that the domain is "
+                                "properly delegated to this IPA server.",
+                                e)
+-
+-            hst = dnsutil.DNSName(hostname).make_absolute().to_text()
+-            if hst not in e.kwargs['ns']:
+-                raise ValueError(str(e))
++            else:
++                hst = dnsutil.DNSName(hostname).make_absolute().to_text()
++                if hst not in e.kwargs['ns']:
++                    raise ValueError(str(e))
+ 
+     for reverse_zone in options.reverse_zones:
+         try:
+             dnsutil.check_zone_overlap(reverse_zone)
+-        except ValueError as e:
++        except dnsutil.DNSZoneAlreadyExists as e:
+             if options.force or options.allow_zone_overlap:
+                 logger.warning('%s', str(e))
+             else:
diff --git a/freeipa.spec b/freeipa.spec
index 5601997..f7ceb3d 100644
--- a/freeipa.spec
+++ b/freeipa.spec
@@ -142,7 +142,7 @@
 
 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        The Identity, Policy and Audit system
 
 License:        GPLv3+
@@ -150,6 +150,10 @@ URL:            http://www.freeipa.org/
 Source0:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz
 Source1:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.asc
 
+# https://github.com/freeipa/freeipa/pull/4045
+# Fix bugs in the overlapping DNS zone check
+Patch0:         4045.patch
+
 # For the timestamp trick in patch application
 BuildRequires:  diffstat
 
@@ -1355,6 +1359,9 @@ fi
 
 
 %changelog
+* Mon Dec 16 2019 Adam Williamson <awilliam@redhat.com> - 4.8.4-2
+- Backport PR #4045 to fix overlapping DNS zone check bugs
+
 * Sat Dec 14 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.8.4-1
 - New upstream release 4.8.4