diff --git a/OPTIONS b/OPTIONS
index 317f2c3567..21e74d4264 100644
--- a/OPTIONS
+++ b/OPTIONS
@@ -19,9 +19,6 @@ Setting                   Description
                           named-checkzone
 -DNS_RUN_PID_DIR=0        Create default PID files in ${localstatedir}/run
                           rather than ${localstatedir}/run/named/
-                          Increase the maximum number of configurable
--DNS_RPZ_MAX_ZONES=64     response policy zones from 32 to 64; this is the
-                          highest possible setting
                           Disable the use of inline functions to implement
 -DISC_BUFFER_USEINLINE=0  the isc_buffer API: this reduces performance but
                           may be useful when debugging
diff --git a/OPTIONS.md b/OPTIONS.md
index 95709e0e64..0382c6d7fc 100644
--- a/OPTIONS.md
+++ b/OPTIONS.md
@@ -23,6 +23,5 @@ Some of these settings are:
 |`-DCHECK_SIBLING=0`|Don't check sibling glue in `named-checkzone`|
 |`-DCHECK_LOCAL=0`|Don't check out-of-zone addresses in `named-checkzone`|
 |`-DNS_RUN_PID_DIR=0`|Create default PID files in `${localstatedir}/run` rather than `${localstatedir}/run/named/`|
-|`-DNS_RPZ_MAX_ZONES=64`|Increase the maximum number of configurable response policy zones from 32 to 64; this is the highest possible setting|
 |`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |
 |`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|
diff --git a/lib/dns/include/dns/rpz.h b/lib/dns/include/dns/rpz.h
index 7e98837d4d..64311550d2 100644
--- a/lib/dns/include/dns/rpz.h
+++ b/lib/dns/include/dns/rpz.h
@@ -76,15 +76,12 @@ typedef enum {
 
 typedef isc_uint8_t	    dns_rpz_num_t;
 
-#define DNS_RPZ_MAX_ZONES   32
-#if DNS_RPZ_MAX_ZONES > 32
-# if DNS_RPZ_MAX_ZONES > 64
-#  error "rpz zone bit masks must fit in a word"
-# endif
+#define DNS_RPZ_MAX_ZONES   64
+/*
+ * Type dns_rpz_zbits_t must be an unsigned int wide enough to contain
+ * at least DNS_RPZ_MAX_ZONES bits.
+ */
 typedef isc_uint64_t	    dns_rpz_zbits_t;
-#else
-typedef isc_uint32_t	    dns_rpz_zbits_t;
-#endif
 
 #define DNS_RPZ_ALL_ZBITS   ((dns_rpz_zbits_t)-1)
 
diff --git a/lib/dns/rpz.c b/lib/dns/rpz.c
index 97c0a1b7a8..0560f5b242 100644
--- a/lib/dns/rpz.c
+++ b/lib/dns/rpz.c
@@ -283,12 +283,10 @@ zbit_to_num(dns_rpz_zbits_t zbit) {
 
 	REQUIRE(zbit != 0);
 	rpz_num = 0;
-#if DNS_RPZ_MAX_ZONES > 32
-	if ((zbit & 0xffffffff00000000L) != 0) {
+	if ((zbit & 0xffffffff00000000ULL) != 0) {
 		zbit >>= 32;
 		rpz_num += 32;
 	}
-#endif
 	if ((zbit & 0xffff0000) != 0) {
 		zbit >>= 16;
 		rpz_num += 16;
@@ -505,9 +503,7 @@ fix_qname_skip_recurse(dns_rpz_zones_t *rpzs) {
 		req_mask |= req_mask >> 4;
 		req_mask |= req_mask >> 8;
 		req_mask |= req_mask >> 16;
-#if DNS_RPZ_MAX_ZONES > 32
 		req_mask |= req_mask >> 32;
-#endif
 
 		/*
 		 * There's no point in skipping recursion for a later