diff --git a/CHANGES b/CHANGES
index f062fe064d..a9084d2338 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+3745.	[func]		"configure --with-tuning=large" adjusts various
+			compiled-in constants and default settings to
+			values suited to large servers with abundant
+			memory. [RT #29538]
+
 3744.	[experimental]	SIT: send and process Source Identity Tokens
 			(similar to DNS Cookies by Donald Eastlake 3rd),
 			which are designed to help clients detect off-path
diff --git a/README b/README
index abfbc58c56..87b2f64dc8 100644
--- a/README
+++ b/README
@@ -71,6 +71,11 @@ BIND 9.10.0
 	   DNSSEC problems.
 	 - Improved EDNS(0) processing for better resolver performance
 	   and reliability over slow or lossy connections.
+	 - A new "configure --with-tuning=large" option tunes certain
+	   compiled-in constants and default settings to values better
+	   suited to large servers with abundant memory.  This can
+	   improve performance on such servers, but will consume more
+	   memory and may degrade performance on smaller systems.
 	 - Substantial improvement in response-policy zone (RPZ)
 	   performance.  Up to 32 response-policy zones can be
 	   configured with minimal performance loss.
@@ -119,7 +124,7 @@ BIND 9.10.0
 	   by default.
 	 - "named" now preserves the capitalization of names when
 	   responding to queries.  The former behavior can be restored
-           for specific clients via the new "no-case-compress" ACL.
+	   for specific clients via the new "no-case-compress" ACL.
 	 - new "dnssec-importkey" command allows the use of offline
 	   DNSSEC keys with automatic DNSKEY management.
 	 - New "named-rrchecker" tool to verify the syntactic
@@ -297,6 +302,14 @@ Building
 	To build shared libraries, specify "--with-libtool" on the
 	configure command line.
 
+	Certain compiled-in constants and default settings can be
+	increased to values better suited to large servers with abundant
+	memory resources (e.g, 64-bit servers with 12G or more of memory)
+	by specifying "--with-tuning=large" on the configure command
+	line. This can improve performance on big servers, but will
+	consume more memory and may degrade performance on smaller
+	systems.
+
 	For the server to support DNSSEC, you need to build it
 	with crypto support.  You must have OpenSSL 0.9.5a
 	or newer installed and specify "--with-openssl" on the
diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
index 2dece8e633..150114e50e 100644
--- a/bin/named/interfacemgr.c
+++ b/bin/named/interfacemgr.c
@@ -56,6 +56,12 @@
 #endif
 #endif
 
+#ifdef TUNE_LARGE
+#define UDPBUFFERS 32768 
+#else
+#define UDPBUFFERS 1000
+#endif /* TUNE_LARGE */
+
 #define IFMGR_MAGIC			ISC_MAGIC('I', 'F', 'M', 'G')
 #define NS_INTERFACEMGR_VALID(t)	ISC_MAGIC_VALID(t, IFMGR_MAGIC)
 
@@ -424,7 +430,8 @@ ns_interface_listenudp(ns_interface_t *ifp) {
 		result = dns_dispatch_getudp_dup(ifp->mgr->dispatchmgr,
 						 ns_g_socketmgr,
 						 ns_g_taskmgr, &ifp->addr,
-						 4096, 1000, 32768, 8219, 8237,
+						 4096, UDPBUFFERS,
+						 32768, 8219, 8237,
 						 attrs, attrmask,
 						 &ifp->udpdispatch[disp],
 						 disp == 0
diff --git a/bin/named/named.docbook b/bin/named/named.docbook
index f35432e853..f70787b142 100644
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -262,6 +262,9 @@
 	  <para>
 	    Allow <command>named</command> to use up to
 	    <replaceable class="parameter">#max-socks</replaceable> sockets.
+            The default value is 4096 on systems built with default
+            configuration options, and 21000 on systems built with
+            "configure --with-tuning=large".
 	  </para>
           <warning>
             <para>
diff --git a/bin/named/server.c b/bin/named/server.c
index 675e200f2c..494df97fff 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -132,6 +132,16 @@
 #define SIZE_MAX ((size_t)-1)
 #endif
 
+#ifdef TUNE_LARGE
+#define RESOLVER_NTASKS 523
+#define UDPBUFFERS 32768
+#define EXCLBUFFERS 32768
+#else
+#define RESOLVER_NTASKS 31
+#define UDPBUFFERS 1000
+#define EXCLBUFFERS 4096
+#endif /* TUNE_LARGE */
+
 /*%
  * Check an operation for failure.  Assumes that the function
  * using it has a 'result' variable and a 'cleanup' label.
@@ -960,7 +970,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af,
 	isc_sockaddr_t sa;
 	unsigned int attrs, attrmask;
 	const cfg_obj_t *obj = NULL;
-	unsigned int maxdispatchbuffers;
+	unsigned int maxdispatchbuffers = UDPBUFFERS;
 	isc_dscp_t dscp = -1;
 
 	switch (af) {
@@ -1014,7 +1024,7 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af,
 	}
 	if (isc_sockaddr_getport(&sa) == 0) {
 		attrs |= DNS_DISPATCHATTR_EXCLUSIVE;
-		maxdispatchbuffers = 4096;
+		maxdispatchbuffers = EXCLBUFFERS;
 	} else {
 		INSIST(obj != NULL);
 		if (is_firstview) {
@@ -1023,7 +1033,6 @@ get_view_querysource_dispatch(const cfg_obj_t **maps, int af,
 				    "suppresses port randomization and can be "
 				    "insecure.");
 		}
-		maxdispatchbuffers = 1000;
 	}
 
 	attrmask = 0;
@@ -2929,8 +2938,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
 	dns_view_setresquerystats(view, resquerystats);
 
 	ndisp = 4 * ISC_MIN(ns_g_udpdisp, MAX_UDP_DISPATCH);
-	CHECK(dns_view_createresolver(view, ns_g_taskmgr, 31, ndisp,
-				      ns_g_socketmgr, ns_g_timermgr,
+	CHECK(dns_view_createresolver(view, ns_g_taskmgr, RESOLVER_NTASKS,
+				      ndisp, ns_g_socketmgr, ns_g_timermgr,
 				      resopts, ns_g_dispatchmgr,
 				      dispatch4, dispatch6));
 
@@ -6898,7 +6907,7 @@ ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr) {
 
 	result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
 				     ns_g_taskmgr, &dispatch->addr, 4096,
-				     1000, 32768, 16411, 16433,
+				     UDPBUFFERS, 32768, 16411, 16433,
 				     attrs, attrmask, &dispatch->dispatch);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
diff --git a/config.h.in b/config.h.in
index c6dd731812..c65d8911bc 100644
--- a/config.h.in
+++ b/config.h.in
@@ -491,6 +491,9 @@ int sigwait(const unsigned int *set, int *sig);
 /* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
 #undef TIME_WITH_SYS_TIME
 
+/* Define to use large-system tuning. */
+#undef TUNE_LARGE
+
 /* Defined if you need to use ioctl(FIONBIO) instead a fcntl call to make
    non-blocking. */
 #undef USE_FIONBIO_IOCTL
diff --git a/configure b/configure
index 094c19c02a..aa75e79686 100755
--- a/configure
+++ b/configure
@@ -1014,6 +1014,7 @@ with_libiconv
 with_iconv
 with_idnlib
 with_atf
+with_tuning
 with_dlopen
 with_dlz_postgres
 with_dlz_mysql
@@ -1711,6 +1712,7 @@ Optional Packages:
   --with-iconv=LIBSPEC    specify iconv library default -liconv
   --with-idnlib=ARG       specify libidnkit
   --with-atf=ARG          support Automated Test Framework
+  --with-tuning=ARG       Specify server tuning (large or default)
   --with-dlopen=ARG       support dynamically loadable DLZ drivers
   --with-dlz-postgres=PATH   Build with Postgres DLZ driver yes|no|path.
 			       (Required to use Postgres with DLZ)
@@ -19868,6 +19870,38 @@ fi
 done
 
 
+#
+# was --with-tuning specified?
+#
+
+# Check whether --with-tuning was given.
+if test "${with_tuning+set}" = set; then :
+  withval=$with_tuning; use_tuning="$withval"
+else
+  use_tuning="no"
+fi
+
+
+case "$use_tuning" in
+	large)
+		if ! $use_threads; then
+			as_fn_error $? "Large-system tuning requires threads." "$LINENO" 5
+		fi
+
+$as_echo "#define TUNE_LARGE 1" >>confdefs.h
+
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using large-system tuning" >&5
+$as_echo "using large-system tuning" >&6; }
+		;;
+	no|default)
+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using default tuning" >&5
+$as_echo "using default tuning" >&6; }
+		;;
+	yes|*)
+                as_fn_error $? "You must specify \"large\" or \"default\" for --with-tuning." "$LINENO" 5
+		;;
+esac
+
 #
 # Substitutions
 #
@@ -23552,6 +23586,7 @@ echo "Configuration summary:"
 echo "------------------------------------------------------------------------"
 echo "Optional features enabled:"
 $use_threads && echo "    Multiprocessing support (--enable-threads)"
+test "$use_tuning" = "large" && echo "    Large-system tuning (--with-tuning)"
 test "$use_geoip" = "no" || echo "    GeoIP access control (--with-geoip)"
 test "$use_gssapi" = "no" || echo "    GSS-API (--with-gssapi)"
 if test "$enable_sit" != "no"; then
@@ -23620,6 +23655,7 @@ echo "Features disabled or unavailable on this platform:"
 $use_threads || echo "    Multiprocessing support (--enable-threads)"
 test "$enable_ipv6" = "no" -o "$found_ipv6" = "no" && \
 	echo "    IPv6 support (--enable-ipv6)"
+test "$use_tuning" = "large" || echo "    Large-system tuning (--with-tuning)"
 
 test "$use_geoip" = "no" && echo "    GeoIP access control (--with-geoip)"
 test "$use_gssapi" = "no" && echo "    GSS-API (--with-gssapi)"
diff --git a/configure.in b/configure.in
index 853d436cbc..4027e40cc5 100644
--- a/configure.in
+++ b/configure.in
@@ -3739,6 +3739,29 @@ AC_SUBST(UNITTESTS)
 AC_CHECK_HEADERS(locale.h)
 AC_CHECK_FUNCS(setlocale)
 
+#
+# was --with-tuning specified?
+#
+AC_ARG_WITH(tuning,
+	[  --with-tuning=ARG       Specify server tuning (large or default)],
+	use_tuning="$withval", use_tuning="no")
+
+case "$use_tuning" in
+	large)
+		if ! $use_threads; then
+			AC_MSG_ERROR([Large-system tuning requires threads.])
+		fi
+                AC_DEFINE(TUNE_LARGE, 1, [Define to use large-system tuning.])
+		AC_MSG_RESULT(using large-system tuning)
+		;;
+	no|default)
+		AC_MSG_RESULT(using default tuning)
+		;;
+	yes|*)
+                AC_MSG_ERROR([You must specify "large" or "default" for --with-tuning.])
+		;;
+esac
+
 #
 # Substitutions
 #
@@ -4289,6 +4312,7 @@ echo "Configuration summary:"
 echo "------------------------------------------------------------------------"
 echo "Optional features enabled:"
 $use_threads && echo "    Multiprocessing support (--enable-threads)"
+test "$use_tuning" = "large" && echo "    Large-system tuning (--with-tuning)"
 test "$use_geoip" = "no" || echo "    GeoIP access control (--with-geoip)"
 test "$use_gssapi" = "no" || echo "    GSS-API (--with-gssapi)"
 if test "$enable_sit" != "no"; then
@@ -4357,6 +4381,7 @@ echo "Features disabled or unavailable on this platform:"
 $use_threads || echo "    Multiprocessing support (--enable-threads)"
 test "$enable_ipv6" = "no" -o "$found_ipv6" = "no" && \
 	echo "    IPv6 support (--enable-ipv6)"
+test "$use_tuning" = "large" || echo "    Large-system tuning (--with-tuning)"
 
 test "$use_geoip" = "no" && echo "    GeoIP access control (--with-geoip)"
 test "$use_gssapi" = "no" && echo "    GSS-API (--with-gssapi)"
diff --git a/lib/dns/client.c b/lib/dns/client.c
index 867f2c6322..f37f6f36c0 100644
--- a/lib/dns/client.c
+++ b/lib/dns/client.c
@@ -68,6 +68,12 @@
 
 #define MAX_RESTARTS 16
 
+#ifdef TUNE_LARGE
+#define RESOLVER_NTASKS 523
+#else
+#define RESOLVER_NTASKS 31
+#endif /* TUNE_LARGE */
+
 /*%
  * DNS client object
  */
@@ -509,9 +515,9 @@ dns_client_createx2(isc_mem_t *mctx, isc_appctx_t *actx,
 	}
 
 	/* Create the default view for class IN */
-	result = createview(mctx, dns_rdataclass_in, options, taskmgr, 31,
-			    socketmgr, timermgr, dispatchmgr,
-			    dispatchv4, dispatchv6, &view);
+	result = createview(mctx, dns_rdataclass_in, options, taskmgr,
+			    RESOLVER_NTASKS, socketmgr, timermgr,
+			    dispatchmgr, dispatchv4, dispatchv6, &view);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
 	ISC_LIST_INIT(client->viewlist);
diff --git a/lib/dns/request.c b/lib/dns/request.c
index d50eaf833d..b21786875c 100644
--- a/lib/dns/request.c
+++ b/lib/dns/request.c
@@ -619,7 +619,7 @@ find_udp_dispatch(dns_requestmgr_t *requestmgr, isc_sockaddr_t *srcaddr,
 				    requestmgr->socketmgr,
 				    requestmgr->taskmgr,
 				    srcaddr, 4096,
-				    1000, 32768, 16411, 16433,
+				    32768, 32768, 16411, 16433,
 				    attrs, attrmask,
 				    dispatchp));
 }
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index e0c765d51e..fa188c1287 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -1545,7 +1545,7 @@ fctx_query(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo,
 			result = dns_dispatch_getudp(res->dispatchmgr,
 						     res->socketmgr,
 						     res->taskmgr, &addr,
-						     4096, 1000, 32768, 16411,
+						     4096, 20000, 32768, 16411,
 						     16433, attrs, attrmask,
 						     &query->dispatch);
 			if (result != ISC_R_SUCCESS)
diff --git a/lib/isc/unix/socket.c b/lib/isc/unix/socket.c
index b0ef546465..78ff4d7fd2 100644
--- a/lib/isc/unix/socket.c
+++ b/lib/isc/unix/socket.c
@@ -158,7 +158,11 @@ int isc_dscp_check_value = -1;
  */
 #ifndef ISC_SOCKET_MAXSOCKETS
 #if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL)
+#ifdef TUNE_LARGE
+#define ISC_SOCKET_MAXSOCKETS 21000
+#else
 #define ISC_SOCKET_MAXSOCKETS 4096
+#endif /* TUNE_LARGE */
 #elif defined(USE_SELECT)
 #define ISC_SOCKET_MAXSOCKETS FD_SETSIZE
 #endif	/* USE_KQUEUE... */
@@ -220,7 +224,11 @@ typedef enum { poll_idle, poll_active, poll_checking } pollstate_t;
  */
 #if defined(USE_KQUEUE) || defined(USE_EPOLL) || defined(USE_DEVPOLL)
 #ifndef ISC_SOCKET_MAXEVENTS
+#ifdef TUNE_LARGE
+#define ISC_SOCKET_MAXEVENTS	2048
+#else
 #define ISC_SOCKET_MAXEVENTS	64
+#endif /* TUNE_LARGE */
 #endif
 #endif
 
@@ -296,7 +304,11 @@ typedef isc_event_t intev_t;
 /*%
  * The size to raise the receive buffer to (from BIND 8).
  */
+#ifdef TUNE_LARGE
+#define RCVBUFSIZE (16*1024*1024)
+#else
 #define RCVBUFSIZE (32*1024)
+#endif /* TUNE_LARGE */
 
 /*%
  * The number of times a send operation is repeated if the result is EINTR.