diff --git a/src/knot/dnssec/nsec-chain.c b/src/knot/dnssec/nsec-chain.c
index 4793290ff5b6abf1b1284fa871d19065edcf1aae..cfaa609c77b03033c4914c774a274f3726f36577 100644
--- a/src/knot/dnssec/nsec-chain.c
+++ b/src/knot/dnssec/nsec-chain.c
@@ -408,6 +408,11 @@ static int check_nsec_bitmap(zone_node_t *node, void *ctx)
 	const zone_node_t *nsec_node = node;
 	bool shall_no_nsec = node_no_nsec(node);
 	if (data->nsec3_params != NULL) {
+		if ((node->flags & NODE_FLAGS_DELETED) ||
+		    node_rrtype_exists(node, KNOT_RRTYPE_NSEC3)) {
+			// this can happen when checking nodes from adjust_ptrs
+			return KNOT_EOK;
+		}
 		nsec_node = node_nsec3_get(node);
 		shall_no_nsec = (node->flags & NODE_FLAGS_DELETED) ||
 		                (node->flags & NODE_FLAGS_NONAUTH);
diff --git a/src/knot/dnssec/nsec3-chain.c b/src/knot/dnssec/nsec3-chain.c
index 0a08c8f4075cf0c09918bf072c7671f31def8402..97010be5006ef3f93312e744c7e1ec8c42d153a5 100644
--- a/src/knot/dnssec/nsec3-chain.c
+++ b/src/knot/dnssec/nsec3-chain.c
@@ -724,5 +724,10 @@ int knot_nsec3_check_chain_fix(zone_update_t *update, const dnssec_nsec3_params_
 		return ret;
 	}
 
+	ret = nsec_check_bitmaps(update->a_ctx->adjust_ptrs, &data); // adjust_ptrs contain also NSEC3-nodes. See check_nsec_bitmap() how this is handled.
+	if (ret != KNOT_EOK) {
+		return ret;
+	}
+
 	return nsec_check_new_connects(update->a_ctx->nsec3_ptrs, &data);
 }