diff --git a/CHANGES b/CHANGES
index 4d69ed5372..1ef3b55bf8 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+5445.	[cleanup]	Disable and disallow static linking. [GL #1933]
+
 5444.	[bug]		'rndc dnstap -roll <value>' was not limiting the
 			number of saved files to <value>. [GL !3728]
 
diff --git a/configure.ac b/configure.ac
index 53d2116daa..6a651da2e5 100644
--- a/configure.ac
+++ b/configure.ac
@@ -119,7 +119,10 @@ AX_POSIX_SHELL
 AC_PROG_MKDIR_P
 
 # Initialize libtool
-LT_INIT([dlopen])
+LT_INIT([disable-static dlopen pic-only])
+
+AS_IF([test $enable_static != "no"],
+      [AC_MSG_ERROR([Static linking is not supported as it disables dlopen() and certain security features (e.g. RELRO, ASLR)])])
 
 LT_CONFIG_LTDL_DIR([libltdl])
 LTDL_INIT([recursive])
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 862929d49e..8c6e86a3b9 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -29,7 +29,12 @@ New Features
 Feature Changes
 ~~~~~~~~~~~~~~~
 
-- None.
+- Disable and disallow static linking of BIND 9 binaries and libraries
+  as BIND 9 modules require ``dlopen()`` support and static linking also
+  prevents using security features like read-only relocations (RELRO) or
+  address space layout randomization (ASLR) which are important for
+  programs that interact with the network and process arbitrary user
+  input. [GL #1933]
 
 Bug Fixes
 ~~~~~~~~~