diff --git a/.gitignore b/.gitignore
index 2b80fc3..26be166 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,4 @@ nsd-3.2.6.tar.gz
 /nsd-4.1.8.tar.gz
 /nsd-4.1.9.tar.gz
 /nsd-4.1.10.tar.gz
+/nsd-4.1.11.tar.gz
diff --git a/nsd.conf b/nsd.conf
index f04e02b..0185aff 100644
--- a/nsd.conf
+++ b/nsd.conf
@@ -264,6 +264,15 @@ remote-control:
 	# set local interface for sending zone transfer requests.
 	# default is let the OS choose.
 	#outgoing-interface: 10.0.0.10
+	# limit the refresh and retry interval in seconds.
+	#max-refresh-time: 2419200
+	#min-refresh-time: 0
+	#max-retry-time: 1209600
+	#min-retry-time: 0
+
+	# limit the zone transfer size (in bytes), stops very large transfers
+	# 0 is no limits enforced.
+	# size-limit-xfr: 0
 
 	# if compiled with --enable-zone-stats, give name of stat block for
 	# this zone (or group of zones).  Output from nsd-control stats.
diff --git a/nsd.spec b/nsd.spec
index bf9bc80..74be421 100644
--- a/nsd.spec
+++ b/nsd.spec
@@ -6,8 +6,8 @@
 
 Summary: Fast and lean authoritative DNS Name Server
 Name: nsd
-Version: 4.1.10
-Release: 2%{?dist}
+Version: 4.1.11
+Release: 1%{?dist}
 License: BSD
 Url: http://www.nlnetlabs.nl/nsd/
 Group: System Environment/Daemons
@@ -156,6 +156,10 @@ fi
 chown nsd:nsd %{_sharedstatedir}/nsd/* 2>&1 || :
 
 %changelog
+* Wed Aug 10 2016 Paul Wouters <pwouters@redhat.com> - 4.1.11-1
+- Updated to 4.1.11 for the unlimited AXFR vulnerability
+- Updated nsd.conf with new options
+
 * Sun Jul 03 2016 Paul Wouters <pwouters@redhat.com> - 4.1.10-2
 - Do not use db files anymore, use --with-zonelistfile
 - Documentation utf fixes are upstreamed
diff --git a/sources b/sources
index 6e49414..f17d2d7 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-21a21105222c3deb4c1d8ebf7e7d099d  nsd-4.1.10.tar.gz
+d48ebba02082a9be87ba5c935901ed71  nsd-4.1.11.tar.gz