diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 37f4ef975c..e915799054 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -349,6 +349,7 @@ options {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
 	};
 	max\-journal\-size \fIsize_no_default\fR;
+	max\-records \fIinteger\fR;
 	max\-transfer\-time\-in \fIinteger\fR;
 	max\-transfer\-time\-out \fIinteger\fR;
 	max\-transfer\-idle\-in \fIinteger\fR;
@@ -528,6 +529,7 @@ view \fIstring\fR \fIoptional_class\fR {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
 	};
 	max\-journal\-size \fIsize_no_default\fR;
+	max\-records \fIinteger\fR;
 	max\-transfer\-time\-in \fIinteger\fR;
 	max\-transfer\-time\-out \fIinteger\fR;
 	max\-transfer\-idle\-in \fIinteger\fR;
@@ -619,6 +621,7 @@ zone \fIstring\fR \fIoptional_class\fR {
 		( \fIipv4_address\fR | \fIipv6_address\fR ) [ port \fIinteger\fR ]; \&.\&.\&.
 	};
 	max\-journal\-size \fIsize_no_default\fR;
+	max\-records \fIinteger\fR;
 	max\-transfer\-time\-in \fIinteger\fR;
 	max\-transfer\-time\-out \fIinteger\fR;
 	max\-transfer\-idle\-in \fIinteger\fR;
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index a3ac9f0515..1cd01baafe 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -300,6 +300,7 @@ options
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -493,6 +494,7 @@ view
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -589,6 +591,7 @@ zone
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 562d8bfa08..3f004bdb7a 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -2267,6 +2267,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
     [<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
     [<span class="optional"> queryport-pool-ports <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> queryport-pool-updateinterval <em class="replaceable"><code>number</code></em>; </span>]
+    [<span class="optional"> max-records <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-transfer-time-in <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-transfer-time-out <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-transfer-idle-in <em class="replaceable"><code>number</code></em>; </span>]
@@ -4877,6 +4878,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   means 2 gigabytes.
                   This may also be set on a per-zone basis.
                 </p></dd>
+<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
+<dd><p>
+                  The maximum number of records permitted in a zone.
+                  The default is zero which means unlimited.
+                </p></dd>
 <dt><span class="term"><span class="command"><strong>host-statistics-max</strong></span></span></dt>
 <dd><p>
                   In BIND 8, specifies the maximum number of host statistics
@@ -8047,6 +8053,11 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
                     See the description of
                     <span class="command"><strong>max-journal-size</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server  Resource Limits&#8221;</a>.
                   </p></dd>
+<dt><span class="term"><span class="command"><strong>max-records</strong></span></span></dt>
+<dd><p>
+                    See the description of
+                    <span class="command"><strong>max-records</strong></span> in <a class="xref" href="Bv9ARM.ch06.html#server_resource_limits" title="Server Resource Limits">the section called &#8220;Server  Resource Limits&#8221;</a>.
+                  </p></dd>
 <dt><span class="term"><span class="command"><strong>max-transfer-time-in</strong></span></span></dt>
 <dd><p>
                     See the description of
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 53a3c861fb..c8e05d1f65 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -88,6 +88,13 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Added the ability to specify the maximum number of records
+	  permitted in a zone (max-records #;).  This provides a mechanism
+	  to block overly large zone transfers, which is a potential risk
+	  with slave zones from other parties, as described in CVE-2016-6170.
+	  [RT #42143]
+	</p></li>
 <li class="listitem"><p>
 	  It was possible to trigger a assertion when rendering a
 	  message using a specially crafted request. This flaw is
diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
index d71a6605b2..15b6ea6b73 100644
--- a/doc/arm/man.named.conf.html
+++ b/doc/arm/man.named.conf.html
@@ -319,6 +319,7 @@ options
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -512,6 +513,7 @@ view
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
@@ -608,6 +610,7 @@ zone
 	};<br>
 <br>
 	max-journal-size <em class="replaceable"><code>size_no_default</code></em>;<br>
+	max-records <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-in <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-time-out <em class="replaceable"><code>integer</code></em>;<br>
 	max-transfer-idle-in <em class="replaceable"><code>integer</code></em>;<br>
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index a7f6b3de88..df1dbbbcb4 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -48,6 +48,13 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Added the ability to specify the maximum number of records
+	  permitted in a zone (max-records #;).  This provides a mechanism
+	  to block overly large zone transfers, which is a potential risk
+	  with slave zones from other parties, as described in CVE-2016-6170.
+	  [RT #42143]
+	</p></li>
 <li class="listitem"><p>
 	  It was possible to trigger a assertion when rendering a
 	  message using a specially crafted request. This flaw is
diff --git a/doc/misc/options b/doc/misc/options
index f23568cda1..9d23c62e72 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -2,15 +2,17 @@
 This is a summary of the named.conf options supported by 
 this version of BIND 9.
 
-acl <string> { <address_match_element>; ... };
+acl <string> { <address_match_element>; ... }; // may occur multiple times
 
 controls {
-        inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
-            ) ] allow { <address_match_element>; ... } [ keys { <string>;
-            ... } ];
-        unix <quoted_string> perm <integer> owner <integer> group <integer>
-            [ keys { <string>; ... } ];
-};
+        inet ( <ipv4_address> | <ipv6_address> |
+            * ) [ port ( <integer> | * ) ] allow
+            { <address_match_element>; ... } [
+            keys { <string>; ... } ]; // may occur multiple times
+        unix <quoted_string> perm <integer>
+            owner <integer> group <integer> [
+            keys { <string>; ... } ]; // may occur multiple times
+}; // may occur multiple times
 
 dlz <string> {
         database <string>;
@@ -19,10 +21,10 @@ dlz <string> {
 key <string> {
         algorithm <string>;
         secret <string>;
-};
+}; // may occur multiple times
 
 logging {
-        category <string> { <string>; ... };
+        category <string> { <string>; ... }; // may occur multiple times
         channel <string> {
                 file <quoted_string> [ versions ( "unlimited" | <integer> )
                     ] [ size <size> ];
@@ -33,7 +35,7 @@ logging {
                 severity <log_severity>;
                 stderr;
                 syslog [ <syslog_facility> ];
-        };
+        }; // may occur multiple times
 };
 
 lwres {
@@ -42,13 +44,15 @@ lwres {
         ndots <integer>;
         search { <string>; ... };
         view <string> [ <class> ];
-};
+}; // may occur multiple times
 
-managed-keys { <string> <string> <integer> <integer> <integer>
-    <quoted_string>; ... };
+managed-keys { <string> <string> <integer>
+    <integer> <integer> <quoted_string>; ... }; // may occur multiple times
 
-masters <string> [ port <integer> ] { ( <masters> | <ipv4_address> [ port
-    <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ]; ... };
+masters <string> [ port <integer> ] { (
+    <masters> | <ipv4_address> [ port <integer>
+    ] | <ipv6_address> [ port <integer> ] ) [
+    key <string> ]; ... }; // may occur multiple times
 
 options {
         acache-cleaning-interval <integer>;
@@ -85,7 +89,8 @@ options {
         check-integrity <boolean>;
         check-mx ( fail | warn | ignore );
         check-mx-cname ( fail | warn | ignore );
-        check-names ( master | slave | response ) ( fail | warn | ignore );
+        check-names ( master | slave | response
+            ) ( fail | warn | ignore ); // may occur multiple times
         check-sibling <boolean>;
         check-spf ( warn | ignore );
         check-srv-cname ( fail | warn | ignore );
@@ -101,8 +106,9 @@ options {
             <quoted_string>; ... } ];
         dialup ( notify | notify-passive | refresh | passive | <boolean> );
         directory <quoted_string>;
-        disable-algorithms <string> { <string>; ... };
-        disable-empty-zone <string>;
+        disable-algorithms <string> { <string>;
+            ... }; // may occur multiple times
+        disable-empty-zone <string>; // may occur multiple times
         dns64 <netprefix> {
                 break-dnssec <boolean>;
                 clients { <address_match_element>; ... };
@@ -110,15 +116,16 @@ options {
                 mapped { <address_match_element>; ... };
                 recursive-only <boolean>;
                 suffix <ipv6_address>;
-        };
+        }; // may occur multiple times
         dns64-contact <string>;
         dns64-server <string>;
         dnssec-accept-expired <boolean>;
         dnssec-dnskey-kskonly <boolean>;
         dnssec-enable <boolean>;
         dnssec-loadkeys-interval <integer>;
-        dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
-        dnssec-must-be-secure <string> <boolean>;
+        dnssec-lookaside ( <string> trust-anchor
+            <string> | auto | no ); // may occur multiple times
+        dnssec-must-be-secure <string> <boolean>; // may occur multiple times
         dnssec-secure-to-insecure <boolean>;
         dnssec-update-mode ( maintain | no-resign );
         dnssec-validation ( yes | no | auto );
@@ -153,8 +160,10 @@ options {
         ixfr-from-differences ( master | slave | <boolean> );
         key-directory <quoted_string>;
         lame-ttl <integer>;
-        listen-on [ port <integer> ] { <address_match_element>; ... };
-        listen-on-v6 [ port <integer> ] { <address_match_element>; ... };
+        listen-on [ port <integer> ] {
+            <address_match_element>; ... }; // may occur multiple times
+        listen-on-v6 [ port <integer> ] {
+            <address_match_element>; ... }; // may occur multiple times
         maintain-ixfr-base <boolean>; // obsolete
         managed-keys-directory <quoted_string>;
         masterfile-format ( text | raw );
@@ -166,6 +175,7 @@ options {
         max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
         max-ncache-ttl <integer>;
+        max-records <integer>;
         max-recursion-depth <integer>;
         max-recursion-queries <integer>;
         max-refresh-time <integer>;
@@ -280,14 +290,17 @@ server <netprefix> {
         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
         transfers <integer>;
-};
+}; // may occur multiple times
 
 statistics-channels {
-        inet ( <ipv4_address> | <ipv6_address> | * ) [ port ( <integer> | *
-            ) ] [ allow { <address_match_element>; ... } ];
-};
+        inet ( <ipv4_address> | <ipv6_address> |
+            * ) [ port ( <integer> | * ) ] [
+            allow { <address_match_element>; ...
+            } ]; // may occur multiple times
+}; // may occur multiple times
 
-trusted-keys { <string> <integer> <integer> <integer> <quoted_string>; ... };
+trusted-keys { <string> <integer> <integer>
+    <integer> <quoted_string>; ... }; // may occur multiple times
 
 view <string> [ <class> ] {
         acache-cleaning-interval <integer>;
@@ -320,7 +333,8 @@ view <string> [ <class> ] {
         check-integrity <boolean>;
         check-mx ( fail | warn | ignore );
         check-mx-cname ( fail | warn | ignore );
-        check-names ( master | slave | response ) ( fail | warn | ignore );
+        check-names ( master | slave | response
+            ) ( fail | warn | ignore ); // may occur multiple times
         check-sibling <boolean>;
         check-spf ( warn | ignore );
         check-srv-cname ( fail | warn | ignore );
@@ -332,8 +346,9 @@ view <string> [ <class> ] {
         deny-answer-aliases { <quoted_string>; ... } [ except-from {
             <quoted_string>; ... } ];
         dialup ( notify | notify-passive | refresh | passive | <boolean> );
-        disable-algorithms <string> { <string>; ... };
-        disable-empty-zone <string>;
+        disable-algorithms <string> { <string>;
+            ... }; // may occur multiple times
+        disable-empty-zone <string>; // may occur multiple times
         dlz <string> {
                 database <string>;
         };
@@ -344,15 +359,16 @@ view <string> [ <class> ] {
                 mapped { <address_match_element>; ... };
                 recursive-only <boolean>;
                 suffix <ipv6_address>;
-        };
+        }; // may occur multiple times
         dns64-contact <string>;
         dns64-server <string>;
         dnssec-accept-expired <boolean>;
         dnssec-dnskey-kskonly <boolean>;
         dnssec-enable <boolean>;
         dnssec-loadkeys-interval <integer>;
-        dnssec-lookaside ( <string> trust-anchor <string> | auto | no );
-        dnssec-must-be-secure <string> <boolean>;
+        dnssec-lookaside ( <string> trust-anchor
+            <string> | auto | no ); // may occur multiple times
+        dnssec-must-be-secure <string> <boolean>; // may occur multiple times
         dnssec-secure-to-insecure <boolean>;
         dnssec-update-mode ( maintain | no-resign );
         dnssec-validation ( yes | no | auto );
@@ -378,12 +394,13 @@ view <string> [ <class> ] {
         key <string> {
                 algorithm <string>;
                 secret <string>;
-        };
+        }; // may occur multiple times
         key-directory <quoted_string>;
         lame-ttl <integer>;
         maintain-ixfr-base <boolean>; // obsolete
-        managed-keys { <string> <string> <integer> <integer> <integer>
-            <quoted_string>; ... };
+        managed-keys { <string> <string>
+            <integer> <integer> <integer>
+            <quoted_string>; ... }; // may occur multiple times
         masterfile-format ( text | raw );
         match-clients { <address_match_element>; ... };
         match-destinations { <address_match_element>; ... };
@@ -395,6 +412,7 @@ view <string> [ <class> ] {
         max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
         max-ncache-ttl <integer>;
+        max-records <integer>;
         max-recursion-depth <integer>;
         max-recursion-queries <integer>;
         max-refresh-time <integer>;
@@ -457,7 +475,7 @@ view <string> [ <class> ] {
                 transfer-source-v6 ( <ipv6_address> | * ) [ port (
                     <integer> | * ) ];
                 transfers <integer>;
-        };
+        }; // may occur multiple times
         sig-signing-nodes <integer>;
         sig-signing-signatures <integer>;
         sig-signing-type <integer>;
@@ -468,8 +486,9 @@ view <string> [ <class> ] {
         transfer-format ( many-answers | one-answer );
         transfer-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ];
         transfer-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
-        trusted-keys { <string> <integer> <integer> <integer>
-            <quoted_string>; ... };
+        trusted-keys { <string> <integer>
+            <integer> <integer> <quoted_string>;
+            ... }; // may occur multiple times
         try-tcp-refresh <boolean>;
         update-check-ksk <boolean>;
         use-alt-transfer-source <boolean>;
@@ -526,6 +545,7 @@ view <string> [ <class> ] {
                 max-ixfr-log-size ( unlimited | default |
                     <sizeval> ); // obsolete
                 max-journal-size <size_no_default>;
+                max-records <integer>;
                 max-refresh-time <integer>;
                 max-retry-time <integer>;
                 max-transfer-idle-in <integer>;
@@ -543,8 +563,10 @@ view <string> [ <class> ] {
                     | * ) ];
                 notify-to-soa <boolean>;
                 nsec3-test-zone <boolean>; // test only
-                pubkey <integer> <integer> <integer>
-                    <quoted_string>; // obsolete
+                pubkey <integer>
+                    <integer>
+                    <integer>
+                    <quoted_string>; // obsolete, may occur multiple times
                 request-ixfr <boolean>;
                 serial-update-method ( increment | unixtime );
                 server-addresses { ( <ipv4_address> | <ipv6_address> ) [
@@ -570,9 +592,9 @@ view <string> [ <class> ] {
                 use-alt-transfer-source <boolean>;
                 zero-no-soa-ttl <boolean>;
                 zone-statistics ( full | terse | none | <boolean> );
-        };
+        }; // may occur multiple times
         zone-statistics ( full | terse | none | <boolean> );
-};
+}; // may occur multiple times
 
 zone <string> [ <class> ] {
         allow-notify { <address_match_element>; ... };
@@ -621,6 +643,7 @@ zone <string> [ <class> ] {
             <string> ]; ... };
         max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
+        max-records <integer>;
         max-refresh-time <integer>;
         max-retry-time <integer>;
         max-transfer-idle-in <integer>;
@@ -636,7 +659,8 @@ zone <string> [ <class> ] {
         notify-source-v6 ( <ipv6_address> | * ) [ port ( <integer> | * ) ];
         notify-to-soa <boolean>;
         nsec3-test-zone <boolean>; // test only
-        pubkey <integer> <integer> <integer> <quoted_string>; // obsolete
+        pubkey <integer> <integer>
+            <integer> <quoted_string>; // obsolete, may occur multiple times
         request-ixfr <boolean>;
         serial-update-method ( increment | unixtime );
         server-addresses { ( <ipv4_address> | <ipv6_address> ) [ port
@@ -659,5 +683,5 @@ zone <string> [ <class> ] {
         use-alt-transfer-source <boolean>;
         zero-no-soa-ttl <boolean>;
         zone-statistics ( full | terse | none | <boolean> );
-};
+}; // may occur multiple times