Bind 9.9.4-74.el7_6.1 breaking zone transfers

I have updated a working Bind with this update to address a vulnerability CVE-2018-5743

Before that everything was working fine for zone transfers to other systems. Once updated, the zones fail to copy over. Errors are in this format:

xfer-out: error: client AAA.BBB.CCC.DDD #61783 (example.com): view internal: transfer of 'example.com/IN': aborted: timed out

lsof -Pni | grep named | grep WAIT | wc -l

typically shows 90 connections to the remote NS servers in CLOSE_WAIT state.

If I roll back to the prior version of bind: 9.9.4-73.el7_6 then zone transfers resume good function.

We're tried the option "transfers-out 100;" and it makes no difference in the current release 9.9.4-74.el7_6.1

dig with +trace confirms the new hosts are not resolved by remote DNS.

I may have to run this server with the older release until we understand how to make a better configuration or there is a bug fix. Is anyone else seeing a problem? It isn't obvious unless you try a DNS query that happens to be resolved by one of the remote DNS servers and with a freshly added record to check.