diff --git a/plugin/proxy/upstream.go b/plugin/proxy/upstream.go
index 151fcad60..bcb921973 100644
--- a/plugin/proxy/upstream.go
+++ b/plugin/proxy/upstream.go
@@ -53,6 +53,10 @@ func NewStaticUpstreams(c *caddyfile.Dispenser) ([]Upstream, error) {
 			return upstreams, err
 		}
 
+		if len(toHosts) > max {
+			return upstreams, fmt.Errorf("more than %d TOs configured: %d", max, len(toHosts))
+		}
+
 		for c.NextBlock() {
 			if err := parseBlock(c, upstream); err != nil {
 				return upstreams, err
@@ -192,3 +196,5 @@ func (u *staticUpstream) IsAllowedDomain(name string) bool {
 
 func (u *staticUpstream) Exchanger() Exchanger { return u.ex }
 func (u *staticUpstream) From() string         { return u.from }
+
+const max = 15
diff --git a/plugin/proxy/upstream_test.go b/plugin/proxy/upstream_test.go
index 98509f738..6fec3e30a 100644
--- a/plugin/proxy/upstream_test.go
+++ b/plugin/proxy/upstream_test.go
@@ -259,7 +259,7 @@ proxy . FILE
 proxy example.org 2.2.2.2:1234
 `,
 			`
-junky resolve.conf
+junky resolv.conf
 `,
 			false,
 			[]string{"1.1.1.1:5000", "2.2.2.2:1234"},
@@ -303,6 +303,16 @@ junky resolve.conf
 	}
 }
 
+func TestMaxTo(t *testing.T) {
+	// Has 16 IP addresses.
+	config := `proxy . 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1 1.1.1.1`
+	c := caddy.NewTestController("dns", config)
+	_, err := NewStaticUpstreams(&c.Dispenser)
+	if err == nil {
+		t.Error("Expected to many TOs configured, but nil")
+	}
+}
+
 func getPEMFiles(t *testing.T) (rmFunc func(), cert, key, ca string) {
 	tempDir, rmFunc, err := test.WritePEMFiles("")
 	if err != nil {