diff --git a/CHANGES b/CHANGES
index f9601af521..770c01a6f0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+	--- 9.11.4rc2 released ---
+
 4984.	[bug]		Improve handling of very large incremental
 			zone transfers to prevent journal corruption. [GL #339]
 
diff --git a/bin/named/named.conf.5 b/bin/named/named.conf.5
index 7e3514dc3f..cb21f43f77 100644
--- a/bin/named/named.conf.5
+++ b/bin/named/named.conf.5
@@ -10,12 +10,12 @@
 .\"     Title: named.conf
 .\"    Author: 
 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2017-08-15
+.\"      Date: 2018-06-21
 .\"    Manual: BIND9
 .\"    Source: ISC
 .\"  Language: English
 .\"
-.TH "NAMED\&.CONF" "5" "2017\-08\-15" "ISC" "BIND9"
+.TH "NAMED\&.CONF" "5" "2018\-06\-21" "ISC" "BIND9"
 .\" -----------------------------------------------------------------
 .\" * Define some portability stuff
 .\" -----------------------------------------------------------------
@@ -222,6 +222,7 @@ options {
 	    ] [ dscp \fIinteger\fR ];
 	alt\-transfer\-source\-v6 ( \fIipv6_address\fR | * ) [ port ( \fIinteger\fR |
 	    * ) ] [ dscp \fIinteger\fR ];
+	answer\-cookie \fIboolean\fR;
 	attach\-cache \fIstring\fR;
 	auth\-nxdomain \fIboolean\fR; // default changed
 	auto\-dnssec ( allow | maintain | off );
@@ -425,6 +426,7 @@ options {
 	    min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
 	    qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ];
 	root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+	root\-key\-sentinel \fIboolean\fR;
 	rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
 	    \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
 	secroots\-file \fIquoted_string\fR;
@@ -740,6 +742,7 @@ view \fIstring\fR [ \fIclass\fR ] {
 	    min\-ns\-dots \fIinteger\fR ] [ nsip\-wait\-recurse \fIboolean\fR ] [
 	    qname\-wait\-recurse \fIboolean\fR ] [ recursive\-only \fIboolean\fR ];
 	root\-delegation\-only [ exclude { \fIquoted_string\fR; \&.\&.\&. } ];
+	root\-key\-sentinel \fIboolean\fR;
 	rrset\-order { [ class \fIstring\fR ] [ type \fIstring\fR ] [ name
 	    \fIquoted_string\fR ] \fIstring\fR \fIstring\fR; \&.\&.\&. };
 	send\-cookie \fIboolean\fR;
diff --git a/bin/named/named.conf.docbook b/bin/named/named.conf.docbook
index cb84acf1ad..f8c94eb3d8 100644
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -13,7 +13,7 @@
 
 <refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
   <info>
-    <date>2017-08-15</date>
+    <date>2018-06-21</date>
   </info>
   <refentryinfo>
     <corpname>ISC</corpname>
@@ -210,6 +210,7 @@ options {
 	    ] [ dscp <replaceable>integer</replaceable> ];
 	alt-transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
 	    * ) ] [ dscp <replaceable>integer</replaceable> ];
+	answer-cookie <replaceable>boolean</replaceable>;
 	attach-cache <replaceable>string</replaceable>;
 	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
 	auto-dnssec ( allow | maintain | off );
@@ -413,6 +414,7 @@ options {
 	    min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
 	    qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
 	root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+	root-key-sentinel <replaceable>boolean</replaceable>;
 	rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
 	    <replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
 	secroots-file <replaceable>quoted_string</replaceable>;
@@ -712,6 +714,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
 	    min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
 	    qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
 	root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+	root-key-sentinel <replaceable>boolean</replaceable>;
 	rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
 	    <replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
 	send-cookie <replaceable>boolean</replaceable>;
diff --git a/bin/named/named.conf.html b/bin/named/named.conf.html
index 97173e57a1..cfcfe69b83 100644
--- a/bin/named/named.conf.html
+++ b/bin/named/named.conf.html
@@ -199,6 +199,7 @@ options
 	    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
 	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |<br>
 	    * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
+	answer-cookie <em class="replaceable"><code>boolean</code></em>;<br>
 	attach-cache <em class="replaceable"><code>string</code></em>;<br>
 	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
 	auto-dnssec ( allow | maintain | off );<br>
@@ -402,6 +403,7 @@ options
 	    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
 	    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
 	root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+	root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
 	rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
 	    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
 	secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
@@ -705,6 +707,7 @@ view
 	    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
 	    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
 	root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+	root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
 	rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
 	    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
 	send-cookie <em class="replaceable"><code>boolean</code></em>;<br>
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 98405e60fd..dda187880e 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -616,6 +616,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index 9edf8c343f..a3516476fb 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -151,6 +151,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index 5170abc996..c9d2f069ee 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -759,6 +759,6 @@ controls {
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 2710b74077..7720e89892 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index 0c941ba73d..e67579dca7 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -142,6 +142,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 821e649312..42402aeadd 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -2446,6 +2446,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 	    ] [ dscp <em class="replaceable"><code>integer</code></em> ];
 	<span class="command"><strong>alt-transfer-source-v6</strong></span> ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |
 	    * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];
+	<span class="command"><strong>answer-cookie</strong></span> <em class="replaceable"><code>boolean</code></em>;
 	<span class="command"><strong>attach-cache</strong></span> <em class="replaceable"><code>string</code></em>;
 	<span class="command"><strong>auth-nxdomain</strong></span> <em class="replaceable"><code>boolean</code></em>; // default changed
 	<span class="command"><strong>auto-dnssec</strong></span> ( allow | maintain | off );
@@ -2649,6 +2650,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 	    <span class="command"><strong>min-ns-dots</strong></span> <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [
 	    <span class="command"><strong>qname-wait-recurse</strong></span> <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];
 	<span class="command"><strong>root-delegation-only</strong></span> [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];
+	<span class="command"><strong>root-key-sentinel</strong></span> <em class="replaceable"><code>boolean</code></em>;
 	<span class="command"><strong>rrset-order</strong></span> { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name
 	    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };
 	<span class="command"><strong>secroots-file</strong></span> <em class="replaceable"><code>quoted_string</code></em>;
@@ -4308,19 +4310,16 @@ options {
                   options level, not per-view.
                 </p>
                 <p>
-                  <span class="command"><strong>answer-cookie</strong></span> is only available
-                  as a temporary measure, for use when
-                  <span class="command"><strong>named</strong></span> shares an IP address
-                  with other servers that do not yet support DNS
-                  COOKIE.  A mismatch between servers on the same
-                  address is not expected to cause operational
-                  problems, but the option to disable COOKIE responses
-                  so that all servers have the same behavior is
-                  provided out of an abundance of caution. DNS COOKIE
-                  is an important security mechanism and should not be
-                  disabled unless absolutely necessary.  The
-                  <span class="command"><strong>answer-cookie</strong></span> option is obsolete
-                  as of BIND 9.13.
+                  <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
+                  temporary measure, for use when <span class="command"><strong>named</strong></span>
+                  shares an IP address with other servers that do not yet
+                  support DNS COOKIE.  A mismatch between servers on the
+                  same address is not expected to cause operational
+                  problems, but the option to disable COOKIE responses so
+                  that all servers have the same behavior is provided out
+                  of an abundance of caution. DNS COOKIE is an important
+                  security mechanism, and should not be disabled unless
+                  absolutely necessary.
                 </p>
               </dd>
 <dt><span class="term"><span class="command"><strong>send-cookie</strong></span></span></dt>
@@ -14574,6 +14573,6 @@ HOST-127.EXAMPLE. MX 0 .
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index cfe08b0106..d45d225428 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -399,6 +399,6 @@ allow-query { !{ !10/8; any; }; key example; };
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 26059d3aba..6b287586e2 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -136,6 +136,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index a13f20d201..f2038ee6b8 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -36,7 +36,7 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc2</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -54,7 +54,7 @@
 </div>
       <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.4rc1</h2></div></div></div>
+<a name="id-1.10.2"></a>Release Notes for BIND Version 9.11.4rc2</h2></div></div></div>
   
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
@@ -156,7 +156,7 @@
 	  <code class="filename">named.conf</code>. [GL #173]
 	</p>
 	<p>
-	  <span class="command"><strong>answer-cookie</strong></span> is only available as a
+	  <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
 	  temporary measure, for use when <span class="command"><strong>named</strong></span>
 	  shares an IP address with other servers that do not yet
 	  support DNS COOKIE.  A mismatch between servers on the
@@ -164,9 +164,8 @@
 	  but the option to disable COOKIE responses so that all
 	  servers have the same behavior is provided out of an
 	  abundance of caution. DNS COOKIE is an important security
-	  mechanism and should not be disabled unless absolutely
-	  necessary.  The <span class="command"><strong>answer-cookie</strong></span> option
-	  is obsolete as of BIND 9.13.
+	  mechanism, and should not be disabled unless absolutely
+	  necessary.
 	</p>
       </li>
 </ul></div>
@@ -212,14 +211,24 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> now rejects excessively large
+	  incremental (IXFR) zone transfers in order to prevent
+	  possible corruption of journal files which could cause
+	  <span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
+	</p>
+      </li>
+<li class="listitem">
 	<p>
 	  <span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
 	  to leak memory if it was invoked before the zone loading actions
 	  from a previous <span class="command"><strong>rndc reload</strong></span> command were
 	  completed. [RT #47076]
 	</p>
-      </li></ul></div>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
@@ -262,6 +271,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 51e1158a75..b30a84ffa6 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -148,6 +148,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html
index 5dec487781..dd9bab9b78 100644
--- a/doc/arm/Bv9ARM.ch11.html
+++ b/doc/arm/Bv9ARM.ch11.html
@@ -914,6 +914,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index 5f3577050e..2d4b469952 100644
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html
index a93cb3e18b..a06f2dfe25 100644
--- a/doc/arm/Bv9ARM.ch13.html
+++ b/doc/arm/Bv9ARM.ch13.html
@@ -213,6 +213,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index c45afdbcd9..dc1245a0f5 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -32,7 +32,7 @@
 <div>
 <div><h1 class="title">
 <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.11.4rc1</p></div>
+<div><p class="releaseinfo">BIND Version 9.11.4rc2</p></div>
 <div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
 </div>
 <hr>
@@ -241,7 +241,7 @@
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
 <dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc1</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch09.html#id-1.10.2">Release Notes for BIND Version 9.11.4rc2</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -443,6 +443,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index 955027f100..267e3c1cc3 100644
Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index 2aa0c0ea12..2c44007e35 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -91,6 +91,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index bd7dc15fba..b70be78ff2 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -236,6 +236,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html
index 373a949418..d201a3cbf2 100644
--- a/doc/arm/man.delv.html
+++ b/doc/arm/man.delv.html
@@ -624,6 +624,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 3e073d9e3a..a5add223f3 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -1108,6 +1108,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 390b33ee59..bd6a4dc4a3 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -148,6 +148,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index e030a71cda..6f4a98e691 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -270,6 +270,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index e932737b9b..f84451600e 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -289,6 +289,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
index 9ea768cbf7..9bdeff4fd2 100644
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -250,6 +250,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index b0fd463b1d..c977e8a19c 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -492,6 +492,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 3d3c0d8687..c598db0eb7 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -579,6 +579,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-keymgr.html b/doc/arm/man.dnssec-keymgr.html
index 7483c47a13..cfa0b13b28 100644
--- a/doc/arm/man.dnssec-keymgr.html
+++ b/doc/arm/man.dnssec-keymgr.html
@@ -398,6 +398,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 0565d25e5b..a620ea9d70 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -171,6 +171,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 3a05282ff5..35ca5a20b4 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -349,6 +349,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index b13f1ba08f..ffc4b5db78 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -708,6 +708,6 @@ db.example.com.signed
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index bd3b8c2267..2e35c4581f 100644
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -202,6 +202,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html
index 1134ca57a0..ac59018277 100644
--- a/doc/arm/man.dnstap-read.html
+++ b/doc/arm/man.dnstap-read.html
@@ -134,6 +134,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html
index c9447b10ac..3bcdd5535a 100644
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -127,6 +127,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 749b4813f5..5ea361f7c4 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -366,6 +366,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index 2c9c4d9fc3..1ade3f5ecc 100644
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -126,6 +126,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.lwresd.html b/doc/arm/man.lwresd.html
index bd4f94044c..4d17b2c326 100644
--- a/doc/arm/man.lwresd.html
+++ b/doc/arm/man.lwresd.html
@@ -329,6 +329,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html
index 3f86da27b1..0927b7b5b1 100644
--- a/doc/arm/man.mdig.html
+++ b/doc/arm/man.mdig.html
@@ -609,6 +609,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 39846b47c2..f3e463c395 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -192,6 +192,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 0bc243e0d3..395109aa61 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -463,6 +463,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index 996759f6ff..e248adcf2f 100644
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -117,6 +117,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html
index 6e7e31284b..783acf4e28 100644
--- a/doc/arm/man.named-nzd2nzf.html
+++ b/doc/arm/man.named-nzd2nzf.html
@@ -119,6 +119,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html
index 2e3691883b..7b61f3b4cd 100644
--- a/doc/arm/man.named-rrchecker.html
+++ b/doc/arm/man.named-rrchecker.html
@@ -121,6 +121,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
index e91839129e..2c6e289738 100644
--- a/doc/arm/man.named.conf.html
+++ b/doc/arm/man.named.conf.html
@@ -217,6 +217,7 @@ options
 	    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
 	alt-transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> |<br>
 	    * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
+	answer-cookie <em class="replaceable"><code>boolean</code></em>;<br>
 	attach-cache <em class="replaceable"><code>string</code></em>;<br>
 	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
 	auto-dnssec ( allow | maintain | off );<br>
@@ -420,6 +421,7 @@ options
 	    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
 	    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
 	root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+	root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
 	rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
 	    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
 	secroots-file <em class="replaceable"><code>quoted_string</code></em>;<br>
@@ -723,6 +725,7 @@ view
 	    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
 	    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ];<br>
 	root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
+	root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
 	rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
 	    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
 	send-cookie <em class="replaceable"><code>boolean</code></em>;<br>
@@ -1032,6 +1035,6 @@ zone
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 4eecdfb6ee..fb59ed6c09 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -490,6 +490,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html
index 61638477e2..11b36e41a2 100644
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -131,6 +131,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html
index 53eb1d854f..2f43655001 100644
--- a/doc/arm/man.nslookup.html
+++ b/doc/arm/man.nslookup.html
@@ -419,6 +419,6 @@ nslookup -query=hinfo  -timeout=10
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 224d8b9766..73f2586451 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -817,6 +817,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html
index a25f2efa28..0390a46c94 100644
--- a/doc/arm/man.pkcs11-destroy.html
+++ b/doc/arm/man.pkcs11-destroy.html
@@ -162,6 +162,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html
index 30f88b8a2b..b45d894a51 100644
--- a/doc/arm/man.pkcs11-keygen.html
+++ b/doc/arm/man.pkcs11-keygen.html
@@ -200,6 +200,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html
index 387c93e296..531dd43256 100644
--- a/doc/arm/man.pkcs11-list.html
+++ b/doc/arm/man.pkcs11-list.html
@@ -158,6 +158,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html
index 49d8caff0f..8db31f8d54 100644
--- a/doc/arm/man.pkcs11-tokens.html
+++ b/doc/arm/man.pkcs11-tokens.html
@@ -119,6 +119,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index d0a88209fc..627aedce08 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -277,6 +277,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 9102faf18c..f3b0b85342 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -268,6 +268,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 568b02b8f8..6a50533af8 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -889,6 +889,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc1 (Extended Support Version)</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.4rc2 (Extended Support Version)</p>
 </body>
 </html>
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index c17059fb3e..14648f6b46 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -15,7 +15,7 @@
 
   <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.11.4rc1</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.11.4rc2</h2></div></div></div>
   
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
@@ -117,7 +117,7 @@
 	  <code class="filename">named.conf</code>. [GL #173]
 	</p>
 	<p>
-	  <span class="command"><strong>answer-cookie</strong></span> is only available as a
+	  <span class="command"><strong>answer-cookie no</strong></span> is only intended as a
 	  temporary measure, for use when <span class="command"><strong>named</strong></span>
 	  shares an IP address with other servers that do not yet
 	  support DNS COOKIE.  A mismatch between servers on the
@@ -125,9 +125,8 @@
 	  but the option to disable COOKIE responses so that all
 	  servers have the same behavior is provided out of an
 	  abundance of caution. DNS COOKIE is an important security
-	  mechanism and should not be disabled unless absolutely
-	  necessary.  The <span class="command"><strong>answer-cookie</strong></span> option
-	  is obsolete as of BIND 9.13.
+	  mechanism, and should not be disabled unless absolutely
+	  necessary.
 	</p>
       </li>
 </ul></div>
@@ -173,14 +172,24 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>named</strong></span> now rejects excessively large
+	  incremental (IXFR) zone transfers in order to prevent
+	  possible corruption of journal files which could cause
+	  <span class="command"><strong>named</strong></span> to abort when loading zones. [GL #339]
+	</p>
+      </li>
+<li class="listitem">
 	<p>
 	  <span class="command"><strong>rndc reload</strong></span> could cause <span class="command"><strong>named</strong></span>
 	  to leak memory if it was invoked before the zone loading actions
 	  from a previous <span class="command"><strong>rndc reload</strong></span> command were
 	  completed. [RT #47076]
 	</p>
-      </li></ul></div>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf
index 1a5491f832..67c0eedf33 100644
Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ
diff --git a/doc/arm/notes.txt b/doc/arm/notes.txt
index abdab2f414..fbc2687be5 100644
--- a/doc/arm/notes.txt
+++ b/doc/arm/notes.txt
@@ -1,4 +1,4 @@
-Release Notes for BIND Version 9.11.4rc1
+Release Notes for BIND Version 9.11.4rc2
 
 Introduction
 
@@ -59,14 +59,14 @@ New Features
     present in the request. To prevent a cookie being returned, add
     answer-cookie no; to named.conf. [GL #173]
 
-    answer-cookie is only available as a temporary measure, for use when
+    answer-cookie no is only intended as a temporary measure, for use when
     named shares an IP address with other servers that do not yet support
     DNS COOKIE. A mismatch between servers on the same address is not
     expected to cause operational problems, but the option to disable
     COOKIE responses so that all servers have the same behavior is
     provided out of an abundance of caution. DNS COOKIE is an important
-    security mechanism and should not be disabled unless absolutely
-    necessary. The answer-cookie option is obsolete as of BIND 9.13.
+    security mechanism, and should not be disabled unless absolutely
+    necessary.
 
 Removed Features
 
@@ -86,6 +86,10 @@ Feature Changes
 
 Bug Fixes
 
+  * named now rejects excessively large incremental (IXFR) zone transfers
+    in order to prevent possible corruption of journal files which could
+    cause named to abort when loading zones. [GL #339]
+
   * rndc reload could cause named to leak memory if it was invoked before
     the zone loading actions from a previous rndc reload command were
     completed. [RT #47076]
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index 528ae6da7a..220a20e696 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -109,7 +109,7 @@
 	  <filename>named.conf</filename>. [GL #173]
 	</para>
 	<para>
-	  <command>answer-cookie</command> is only available as a
+	  <command>answer-cookie no</command> is only intended as a
 	  temporary measure, for use when <command>named</command>
 	  shares an IP address with other servers that do not yet
 	  support DNS COOKIE.  A mismatch between servers on the
@@ -117,7 +117,7 @@
 	  but the option to disable COOKIE responses so that all
 	  servers have the same behavior is provided out of an
 	  abundance of caution. DNS COOKIE is an important security
-	  mechanism and should not be disabled unless absolutely
+	  mechanism, and should not be disabled unless absolutely
 	  necessary.
 	</para>
       </listitem>
@@ -134,26 +134,6 @@
 	  using (now obsolete) idnkit-1 library.
 	</para>
       </listitem>
-      <listitem>
-	<para>
-	  Add the ability to not return a DNS COOKIE option when one
-	  is present in the request.  To prevent a cookie being returned
-	  add <command>answer-cookie no;</command> to
-	  <filename>named.conf</filename>. [GL #173]
-	</para>
-	<para>
-	  <command>answer-cookie no</command> is only intended as a
-	  temporary measure, for use when <command>named</command>
-	  shares an IP address with other servers that do not yet
-	  support DNS COOKIE.  A mismatch between servers on the
-	  same address is not expected to cause operational problems,
-	  but the option to disable COOKIE responses so that all
-	  servers have the same behavior is provided out of an
-	  abundance of caution. DNS COOKIE is an important security
-	  mechanism, and should not be disabled unless absolutely
-	  necessary.
-	</para>
-      </listitem>
     </itemizedlist>
   </section>
 
diff --git a/doc/arm/options.grammar.xml b/doc/arm/options.grammar.xml
index bccc6eeaa0..16d332ad66 100644
--- a/doc/arm/options.grammar.xml
+++ b/doc/arm/options.grammar.xml
@@ -35,6 +35,7 @@
 	    ] [ dscp <replaceable>integer</replaceable> ];
 	<command>alt-transfer-source-v6</command> ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> |
 	    * ) ] [ dscp <replaceable>integer</replaceable> ];
+	<command>answer-cookie</command> <replaceable>boolean</replaceable>;
 	<command>attach-cache</command> <replaceable>string</replaceable>;
 	<command>auth-nxdomain</command> <replaceable>boolean</replaceable>; // default changed
 	<command>auto-dnssec</command> ( allow | maintain | off );
@@ -238,6 +239,7 @@
 	    <command>min-ns-dots</command> <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
 	    <command>qname-wait-recurse</command> <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ];
 	<command>root-delegation-only</command> [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
+	<command>root-key-sentinel</command> <replaceable>boolean</replaceable>;
 	<command>rrset-order</command> { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
 	    <replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
 	<command>secroots-file</command> <replaceable>quoted_string</replaceable>;
diff --git a/lib/bind9/api b/lib/bind9/api
index 530ab103ca..0f454b5e22 100644
--- a/lib/bind9/api
+++ b/lib/bind9/api
@@ -9,5 +9,5 @@
 # 9.11: 160-169,1100-1199
 # 9.12: 1200-1299
 LIBINTERFACE = 160
-LIBREVISION = 7
+LIBREVISION = 8
 LIBAGE = 0
diff --git a/lib/dns/api b/lib/dns/api
index c19bf0dc1c..e89674a0f7 100644
--- a/lib/dns/api
+++ b/lib/dns/api
@@ -8,6 +8,6 @@
 # 9.10-sub: 180-189
 # 9.11: 160-169,1100-1199
 # 9.12: 1200-1299
-LIBINTERFACE = 1102
+LIBINTERFACE = 1103
 LIBREVISION = 0
-LIBAGE = 0
+LIBAGE = 1
diff --git a/lib/isc/api b/lib/isc/api
index 369bbafa3a..8cdd04666f 100644
--- a/lib/isc/api
+++ b/lib/isc/api
@@ -9,5 +9,5 @@
 # 9.11: 160-169,1100-1199
 # 9.12: 1200-1299
 LIBINTERFACE = 169
-LIBREVISION = 2
+LIBREVISION = 3
 LIBAGE = 0
diff --git a/lib/isc/tests/Atffile b/lib/isc/tests/Atffile
index 506c656e8f..8681844d41 100644
--- a/lib/isc/tests/Atffile
+++ b/lib/isc/tests/Atffile
@@ -29,5 +29,5 @@ tp: socket_test
 tp: symtab_test
 tp: task_test
 tp: taskpool_test
-tp: timer_test
 tp: time_test
+tp: timer_test
diff --git a/lib/isccfg/api b/lib/isccfg/api
index 82129c690e..5da02bc2d4 100644
--- a/lib/isccfg/api
+++ b/lib/isccfg/api
@@ -9,5 +9,5 @@
 # 9.11: 160-169,1100-1199
 # 9.12: 1200-1299
 LIBINTERFACE = 162
-LIBREVISION = 0
+LIBREVISION = 1
 LIBAGE = 2
diff --git a/version b/version
index b5cc75fe19..f895690fdb 100644
--- a/version
+++ b/version
@@ -7,5 +7,5 @@ MAJORVER=9
 MINORVER=11
 PATCHVER=4
 RELEASETYPE=rc
-RELEASEVER=1
+RELEASEVER=2
 EXTENSIONS=