diff --git a/CHANGES b/CHANGES
index 8587a64ab9..a77b8cea2a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,19 @@
+6401.	[security]	An excessively large number of rrtypes per owner can
+			slow down database query processing, so a limit has been
+			placed on the number of rrtypes that can be stored per
+			owner (node) in a cache or zone database. This is
+			configured with the new "max-rrtypes-per-name" option,
+			and defaults to 100. (CVE-2024-1737)
+			[GL #3403] [GL #4548]
+
+6400.	[security]	Excessively large rdatasets can slow down database
+			query processing, so a limit has been placed on the
+			number of records that can be stored per rdataset
+			in a cache or zone database. This is configured
+			with the new "max-records-per-type" option, and
+			defaults to 100. (CVE-2024-1737)
+			[GL #497] [GL #3405]
+
 6399.	[security]	Malicious DNS client that sends many queries over
 			TCP but never reads responses can cause server to
 			respond slowly or not respond at all for other
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 58fe4ad959..9440dd6d8c 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -19,6 +19,21 @@ Security Fixes
   responses can cause server to respond slowly or not respond at all for other
   clients. :cve:`2024-0760` :gl:`#4481`
 
+- Excessively large resource record sets can be crafted to slow down
+  database processing. This has been addressed by adding a configurable
+  limit to the number of records that can be stored per name and type in
+  a cache or zone database. The default is 100, but it can be tuned with
+  the new ``max-records-per-type`` option. :gl:`#497` :gl:`#3405`
+
+  An excessively large number of resource record types for a single owner name can
+  be crafted to slow down database processing. This has been addressed by adding
+  a configurable limit to the number of records that can be stored per name and
+  type in a cache or zone database.  The default is 100, and can be tuned with
+  the new ``max-rrtypes-per-name`` option. :cve:`2024-1737` :gl:`#3403`
+
+  ISC would like to thank Toshifumi Sakaguchi who independently discovered
+  and responsibly reported the issue to ISC. :gl:`#4548`
+
 - Named could trigger an assertion failure when looking up the NS
   records of parent zones as part of looking up DS records.  This
   has been fixed. :gl:`#4661`