diff --git a/CHANGES b/CHANGES
index 63e4b99376..d223b39d78 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2496.	[bug]		Add sanity length checks to NSID option. [RT #18813]
+
 2495.	[bug]		Tighten RRSIG checks. [RT #18795]
 
 2494.	[bug]		isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
diff --git a/bin/named/client.c b/bin/named/client.c
index 756d3c84d7..164af7cf80 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.258 2008/06/23 19:41:18 jinmei Exp $ */
+/* $Id: client.c,v 1.259 2008/11/16 20:57:54 marka Exp $ */
 
 #include <config.h>
 
@@ -1222,7 +1222,7 @@ client_addopt(ns_client_t *client) {
 		 * + 2 bytes for NSID length
 		 * + NSID itself
 		 */
-		char nsid[BUFSIZ];
+		char nsid[BUFSIZ], *nsidp;
 		isc_buffer_t *buffer = NULL;
 
 		if (ns_g_server->server_usehostname) {
@@ -1231,19 +1231,19 @@ client_addopt(ns_client_t *client) {
 			if (result != ISC_R_SUCCESS) {
 				goto no_nsid;
 			}
-		} else {
-			strncpy(nsid, ns_g_server->server_id, sizeof(nsid));
-		}
+			nsidp = nsid;
+		} else
+			nsidp = ns_g_server->server_id;
 
-		rdata->length = strlen(nsid) + 4;
+		rdata->length = strlen(nsidp) + 4;
 		result = isc_buffer_allocate(client->mctx, &buffer,
 					     rdata->length);
 		if (result != ISC_R_SUCCESS)
 			goto no_nsid;
 
 		isc_buffer_putuint16(buffer, DNS_OPT_NSID);
-		isc_buffer_putuint16(buffer, strlen(nsid));
-		isc_buffer_putstr(buffer, nsid);
+		isc_buffer_putuint16(buffer, strlen(nsidp));
+		isc_buffer_putstr(buffer, nsidp);
 		rdata->data = buffer->base;
 		dns_message_takebuffer(client->message, &buffer);
 	} else {
diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index f067e530cd..27843aca65 100644
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.93 2008/09/12 06:02:31 each Exp $ */
+/* $Id: check.c,v 1.94 2008/11/16 20:57:55 marka Exp $ */
 
 /*! \file */
 
@@ -792,6 +792,19 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
 		}
 	}
 
+	/*
+	 * Check that server-id is not too long.
+	 * 1024 bytes should be big enough.
+	 */
+	obj = NULL;
+	(void)cfg_map_get(options, "server-id", &obj);
+	if (obj != NULL && cfg_obj_isstring(obj) &&
+	    strlen(cfg_obj_asstring(obj)) > 1024) {
+		cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+			    "'server-id' too big (>1024 bytes)");
+		result = ISC_R_FAILURE;
+	}
+
 	return (result);
 }