diff --git a/CHANGES b/CHANGES
index 0d3f2edc13..c4382a1912 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,19 @@
+4199.	[protocol]	Add support for NINFO, RKEY, TA.
+			[RT #40545] [RT #40547] [RT #40563]
+
+4198.	[placeholder]
+
+4197.	[bug]		'named-checkconf -z' didn't handle 'in-view' clauses.
+			[RT #40603]
+
+4196.	[doc]		Improve how "enum + other" types are documented.
+			[RT #40608]
+
+4195.	[bug]		'max-zone-ttl unlimited;' was broken. [RT #40608]
+
+4194.	[bug]		named-checkconf -p failed to properly print a port
+			range.  [RT #40634]
+
 4193.	[bug]		Handle broken servers that return BADVERS incorrectly.
 			[RT #40427]
 
diff --git a/autogen.sh b/autogen.sh
new file mode 100755
index 0000000000..3eaecd7734
--- /dev/null
+++ b/autogen.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# Run this script after modifying configure.in to generate configure
+autoreconf -i
diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
index f6d8178204..62f7433a52 100644
--- a/bin/check/named-checkconf.c
+++ b/bin/check/named-checkconf.c
@@ -180,6 +180,7 @@ configure_zone(const char *vclass, const char *view,
 	const char *zfile = NULL;
 	const cfg_obj_t *maps[4];
 	const cfg_obj_t *mastersobj = NULL;
+	const cfg_obj_t *inviewobj = NULL;
 	const cfg_obj_t *zoptions = NULL;
 	const cfg_obj_t *classobj = NULL;
 	const cfg_obj_t *typeobj = NULL;
@@ -211,6 +212,10 @@ configure_zone(const char *vclass, const char *view,
 	}
 	maps[i] = NULL;
 
+	cfg_map_get(zoptions, "in-view", &inviewobj);
+	if (inviewobj != NULL)
+		return (ISC_R_SUCCESS);
+
 	cfg_map_get(zoptions, "type", &typeobj);
 	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 7592e6d440..e46c52e1c7 100644
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -991,7 +991,10 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			      "with 'masterfile-format map'", zname);
 		return (ISC_R_FAILURE);
 	} else if (result == ISC_R_SUCCESS) {
-		dns_ttl_t maxttl = cfg_obj_asuint32(obj);
+		dns_ttl_t maxttl = 0;	/* unlimited */
+
+		if (cfg_obj_isuint32(obj))
+			maxttl = cfg_obj_asuint32(obj);
 		dns_zone_setmaxttl(zone, maxttl);
 		if (raw != NULL)
 			dns_zone_setmaxttl(raw, maxttl);
diff --git a/bin/tests/system/checkconf/in-view-good.conf b/bin/tests/system/checkconf/in-view-good.conf
new file mode 100644
index 0000000000..3a6b63b001
--- /dev/null
+++ b/bin/tests/system/checkconf/in-view-good.conf
@@ -0,0 +1,12 @@
+view internal {
+	zone shared.example {
+		type master;
+		file "shared.example.db";
+	};
+};
+
+view external {
+	zone shared.example {
+		in-view internal;
+	};
+};
diff --git a/bin/tests/system/checkconf/portrange-good.conf b/bin/tests/system/checkconf/portrange-good.conf
new file mode 100644
index 0000000000..fe25efa62b
--- /dev/null
+++ b/bin/tests/system/checkconf/portrange-good.conf
@@ -0,0 +1,9 @@
+options {
+	avoid-v4-udp-ports {
+                1935;
+                2605;
+                4321;
+                6514;
+                range 8610 8614;
+        };
+};
diff --git a/bin/tests/system/checkconf/shared.example.db b/bin/tests/system/checkconf/shared.example.db
new file mode 100644
index 0000000000..0d90a0795a
--- /dev/null
+++ b/bin/tests/system/checkconf/shared.example.db
@@ -0,0 +1,2 @@
+@	0	SOA	. . 0 0 0 0 0
+@	0	NS	.
diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh
index 6a77f7738b..031f6fe5de 100644
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -247,5 +247,19 @@ grep "zone check-mx-cname/IN: loaded serial" < checkconf.out6 > /dev/null && ret
 if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
 status=`expr $status + $ret`
 
+echo "I: check that named-checkconf -p properly print a port range"
+ret=0
+$CHECKCONF -p portrange-good.conf > checkconf.out7 2>&1 || ret=1
+grep "range 8610 8614;" checkconf.out7 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+
+echo "I: check that named-checkconf -z handles in-view"
+ret=0
+$CHECKCONF -z in-view-good.conf > checkconf.out7 2>&1 || ret=1
+grep "zone shared.example/IN: loaded serial" < checkconf.out7 > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh
index ce8d742b3e..95a65c3e71 100644
--- a/bin/tests/system/genzone.sh
+++ b/bin/tests/system/genzone.sh
@@ -241,6 +241,29 @@ dnskey01		DNSKEY	512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
 				sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
 				a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )
 
+; type 56
+ninfo01			NINFO	"foo"
+ninfo02			NINFO	"foo" "bar"
+ninfo03			NINFO	foo
+ninfo04			NINFO	foo bar
+ninfo05			NINFO	"foo bar"
+ninfo06			NINFO	"foo\032bar"
+ninfo07			NINFO	foo\032bar
+ninfo08			NINFO	"foo\010bar"
+ninfo09			NINFO	foo\010bar
+ninfo10			NINFO	foo\ bar
+ninfo11			NINFO	"\"foo\""
+ninfo12			NINFO	\"foo\"
+ninfo13			NINFO	"foo;"
+ninfo14			NINFO	"foo\;"
+ninfo15			NINFO	"bar\\;"
+
+; type 57
+rkey01			RKEY	512 ( 255 1 AQMFD5raczCJHViKtLYhWGz8hMY
+				9UGRuniJDBzC7w0aRyzWZriO6i2odGWWQVucZqKV
+				sENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esg
+				a60zyGW6LFe9r8n6paHrlG5ojqf0BaqHT+8= )
+
 ; type 59
 cds01			CDS	30795 1 1 (
 					310D27F4D82C1FC2400704EA9939FE6E1CEA
@@ -316,9 +339,19 @@ uri02			URI	30 40 "https://www.isc.org/HolyCowThisSureIsAVeryLongURIRecordIDontE
 uri03			URI	30 40 ""
 
 ; type 257
-caa01                   CAA     0 issue "ca.example.net; policy=ev"
-caa02                   CAA     128 tbs "Unknown"
-caa03                   CAA     128 tbs ""
+caa01			CAA	0 issue "ca.example.net; policy=ev"
+caa02			CAA	128 tbs "Unknown"
+caa03			CAA	128 tbs ""
+
+; type 32768
+ta			TA	30795 1 1 (
+					310D27F4D82C1FC2400704EA9939FE6E1CEA
+					A3B9 )
+
+; type 32769
+dlv			DLV	30795 1 1 (
+					310D27F4D82C1FC2400704EA9939FE6E1CEA
+					A3B9 )
 
 ; keydata (internal type used for managed-keys)
 keydata			TYPE65533	\# 0
diff --git a/bin/tests/system/resolver/ns1/named.conf b/bin/tests/system/resolver/ns1/named.conf
index 96f4aa1923..4fe510c064 100644
--- a/bin/tests/system/resolver/ns1/named.conf
+++ b/bin/tests/system/resolver/ns1/named.conf
@@ -35,6 +35,7 @@ options {
 		except-from { "goodcname.example.net";
 			      "gooddname.example.net"; };
 	allow-query {!10.53.0.8; any; };
+	max-zone-ttl unlimited;
 };
 
 server 10.42.23.3/32 {
diff --git a/bin/tests/system/rrchecker/typelist.good b/bin/tests/system/rrchecker/typelist.good
index ad2a914bba..0bbb0cb57b 100644
--- a/bin/tests/system/rrchecker/typelist.good
+++ b/bin/tests/system/rrchecker/typelist.good
@@ -49,6 +49,8 @@ NSEC3
 NSEC3PARAM
 TLSA
 HIP
+NINFO
+RKEY
 CDS
 CDNSKEY
 OPENPGPKEY
@@ -65,4 +67,5 @@ EUI48
 EUI64
 URI
 CAA
+TA
 DLV
diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good
index 24367c4878..9b1ff5a2c2 100644
--- a/bin/tests/system/xfer/dig1.good
+++ b/bin/tests/system/xfer/dig1.good
@@ -18,6 +18,7 @@ cert01.example.		3600	IN	CERT	65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu
 cname01.example.	3600	IN	CNAME	cname-target.
 cname02.example.	3600	IN	CNAME	cname-target.example.
 cname03.example.	3600	IN	CNAME	.
+dlv.example.		3600	IN	DLV	30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 dname01.example.	3600	IN	DNAME	dname-target.
 dname02.example.	3600	IN	DNAME	dname-target.example.
 dname03.example.	3600	IN	DNAME	.
@@ -57,6 +58,21 @@ mx01.example.		3600	IN	MX	10 mail.example.
 mx02.example.		3600	IN	MX	10 .
 naptr01.example.	3600	IN	NAPTR	0 0 "" "" "" .
 naptr02.example.	3600	IN	NAPTR	65535 65535 "blurgh" "blorf" "blllbb" foo.
+ninfo01.example.	3600	IN	NINFO	"foo"
+ninfo02.example.	3600	IN	NINFO	"foo" "bar"
+ninfo03.example.	3600	IN	NINFO	"foo"
+ninfo04.example.	3600	IN	NINFO	"foo" "bar"
+ninfo05.example.	3600	IN	NINFO	"foo bar"
+ninfo06.example.	3600	IN	NINFO	"foo bar"
+ninfo07.example.	3600	IN	NINFO	"foo bar"
+ninfo08.example.	3600	IN	NINFO	"foo\010bar"
+ninfo09.example.	3600	IN	NINFO	"foo\010bar"
+ninfo10.example.	3600	IN	NINFO	"foo bar"
+ninfo11.example.	3600	IN	NINFO	"\"foo\""
+ninfo12.example.	3600	IN	NINFO	"\"foo\""
+ninfo13.example.	3600	IN	NINFO	"foo;"
+ninfo14.example.	3600	IN	NINFO	"foo;"
+ninfo15.example.	3600	IN	NINFO	"bar\\;"
 ns2.example.		3600	IN	A	10.53.0.2
 ns3.example.		3600	IN	A	10.53.0.3
 nsap-ptr01.example.	3600	IN	NSAP-PTR .
@@ -71,6 +87,7 @@ openpgpkey.example.	3600	IN	OPENPGPKEY  AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7
 ptr01.example.		3600	IN	PTR	example.
 px01.example.		3600	IN	PX	65535 foo. bar.
 px02.example.		3600	IN	PX	65535 . .
+rkey01.example.		3600	IN	RKEY	512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 rp01.example.		3600	IN	RP	mbox-dname.example. txt-dname.example.
 rp02.example.		3600	IN	RP	. .
 rt01.example.		3600	IN	RT	0 intermediate-host.example.
@@ -78,6 +95,7 @@ rt02.example.		3600	IN	RT	65535 .
 rrsig01.example.		3600	IN	RRSIG	NSEC 1 3 3600 20000102030405 19961211100908 2143 foo.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
 srv01.example.		3600	IN	SRV	0 0 0 .
 srv02.example.		3600	IN	SRV	65535 65535 65535 old-slow-box.example.
+ta.example.		3600	IN	TA	30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 tlsa.example.		3600	IN	TLSA	1 1 2 92003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA3 46BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE 51FFD48C43326CBC
 txt01.example.		3600	IN	TXT	"foo"
 txt02.example.		3600	IN	TXT	"foo" "bar"
diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good
index 30e8146bba..c85d765625 100644
--- a/bin/tests/system/xfer/dig2.good
+++ b/bin/tests/system/xfer/dig2.good
@@ -18,6 +18,7 @@ cert01.example.		3600	IN	CERT	65534 65535 PRIVATEOID MxFcby9k/yvedMfQgKzhH5er0Mu
 cname01.example.	3600	IN	CNAME	cname-target.
 cname02.example.	3600	IN	CNAME	cname-target.example.
 cname03.example.	3600	IN	CNAME	.
+dlv.example.		3600	IN	DLV	30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 dname01.example.	3600	IN	DNAME	dname-target.
 dname02.example.	3600	IN	DNAME	dname-target.example.
 dname03.example.	3600	IN	DNAME	.
@@ -57,6 +58,21 @@ mx01.example.		3600	IN	MX	10 mail.example.
 mx02.example.		3600	IN	MX	10 .
 naptr01.example.	3600	IN	NAPTR	0 0 "" "" "" .
 naptr02.example.	3600	IN	NAPTR	65535 65535 "blurgh" "blorf" "blllbb" foo.
+ninfo01.example.	3600	IN	NINFO	"foo"
+ninfo02.example.	3600	IN	NINFO	"foo" "bar"
+ninfo03.example.	3600	IN	NINFO	"foo"
+ninfo04.example.	3600	IN	NINFO	"foo" "bar"
+ninfo05.example.	3600	IN	NINFO	"foo bar"
+ninfo06.example.	3600	IN	NINFO	"foo bar"
+ninfo07.example.	3600	IN	NINFO	"foo bar"
+ninfo08.example.	3600	IN	NINFO	"foo\010bar"
+ninfo09.example.	3600	IN	NINFO	"foo\010bar"
+ninfo10.example.	3600	IN	NINFO	"foo bar"
+ninfo11.example.	3600	IN	NINFO	"\"foo\""
+ninfo12.example.	3600	IN	NINFO	"\"foo\""
+ninfo13.example.	3600	IN	NINFO	"foo;"
+ninfo14.example.	3600	IN	NINFO	"foo;"
+ninfo15.example.	3600	IN	NINFO	"bar\\;"
 ns2.example.		3600	IN	A	10.53.0.2
 ns3.example.		3600	IN	A	10.53.0.3
 nsap-ptr01.example.	3600	IN	NSAP-PTR .
@@ -71,6 +87,7 @@ openpgpkey.example.	3600	IN	OPENPGPKEY  AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7
 ptr01.example.		3600	IN	PTR	example.
 px01.example.		3600	IN	PX	65535 foo. bar.
 px02.example.		3600	IN	PX	65535 . .
+rkey01.example.		3600	IN	RKEY	512 255 1 AQMFD5raczCJHViKtLYhWGz8hMY9UGRuniJDBzC7w0aRyzWZriO6i2od GWWQVucZqKVsENW91IOW4vqudngPZsY3GvQ/xVA8/7pyFj6b7Esga60z yGW6LFe9r8n6paHrlG5ojqf0BaqHT+8=
 rp01.example.		3600	IN	RP	mbox-dname.example. txt-dname.example.
 rp02.example.		3600	IN	RP	. .
 rt01.example.		3600	IN	RT	0 intermediate-host.example.
@@ -78,6 +95,7 @@ rt02.example.		3600	IN	RT	65535 .
 rrsig01.example.	3600	IN	RRSIG	NSEC 1 3 3600 20000102030405 19961211100908 2143 foo.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
 srv01.example.		3600	IN	SRV	0 0 0 .
 srv02.example.		3600	IN	SRV	65535 65535 65535 old-slow-box.example.
+ta.example.		3600	IN	TA	30795 1 1 310D27F4D82C1FC2400704EA9939FE6E1CEAA3B9
 tlsa.example.		3600	IN	TLSA	1 1 2 92003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA3 46BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE 51FFD48C43326CBC
 txt01.example.		3600	IN	TXT	"foo"
 txt02.example.		3600	IN	TXT	"foo" "bar"
diff --git a/bin/tests/system/xfer/tests.sh b/bin/tests/system/xfer/tests.sh
index 14189f9b61..90d4a9b4d2 100644
--- a/bin/tests/system/xfer/tests.sh
+++ b/bin/tests/system/xfer/tests.sh
@@ -246,10 +246,10 @@ zone "nil" {
 };
 EOF
 
-$RNDCCMD reload | sed 's/^/I:ns4 /'
-
 cur=`awk 'END {print NR}' ns4/named.run`
 
+$RNDCCMD reload | sed 's/^/I:ns4 /'
+
 for i in 0 1 2 3 4 5 6 7 8 9
 do
 	$DIGCMD nil. SOA > dig.out.ns4
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index 5e067eefb8..732a4d3ffc 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4932,7 +4932,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
     <optional> lame-ttl <replaceable>number</replaceable>; </optional>
     <optional> max-ncache-ttl <replaceable>number</replaceable>; </optional>
     <optional> max-cache-ttl <replaceable>number</replaceable>; </optional>
-    <optional> max-zone-ttl <replaceable>number</replaceable> ; </optional>
+    <optional> max-zone-ttl ( <constant>unlimited</constant> | <replaceable>number</replaceable> ; </optional>
     <optional> servfail-ttl <replaceable>number</replaceable>; </optional>
     <optional> sig-validity-interval <replaceable>number</replaceable> <optional><replaceable>number</replaceable></optional> ; </optional>
     <optional> sig-signing-nodes <replaceable>number</replaceable> ; </optional>
@@ -5913,6 +5913,11 @@ options {
 		load directly into memory, this option cannot be
 		used with them.)
 	      </para>
+	      <para>
+		The default value is <constant>unlimited</constant>.
+		A <option>max-zone-ttl</option> of zero is treated as
+		<constant>unlimited</constant>.
+	      </para>
 	    </listitem>
 	  </varlistentry>
 
@@ -14271,6 +14276,18 @@ view external {
 		      </para>
 		    </entry>
 		  </row>
+		  <row rowsep="0">
+		    <entry colname="1">
+		      <para>
+			TA
+		      </para>
+		    </entry>
+		    <entry colname="2">
+		      <para>
+			Trust Anchor. Experimental.
+		      </para>
+		    </entry>
+		  </row>
 		  <row rowsep="0">
 		    <entry colname="1">
 		      <para>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index eea36ce572..0b283555e9 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -70,39 +70,39 @@
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613620">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563790">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563901">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563939">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563952">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573610">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573637">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573646">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573724">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573737">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573774">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573788">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613705">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563703">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563739">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563987">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564024">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573662">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573696">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573722">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573732">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573741">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573754">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613045">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613059">NSEC3 and OPTOUT</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573880">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573902">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613492">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613514">Authoritative Server</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668489">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668499">Native PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613690">OpenSSL-based PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641006">PKCS#11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641043">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641329">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641377">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668643">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668652">Native PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613844">OpenSSL-based PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641228">PKCS#11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641265">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641550">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641598">Running named with automatic zone re-signing</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613958">Configuring DLZ</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614032">Sample DLZ Driver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641691">Configuring DLZ</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614117">Sample DLZ Driver</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571523">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
 <dd><dl>
@@ -1080,7 +1080,7 @@ options {
   from insecure to signed and back again. A secure zone can use
   either NSEC or NSEC3 chains.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2613620"></a>Converting from insecure to secure</h3></div></div></div></div>
+<a name="id2613705"></a>Converting from insecure to secure</h3></div></div></div></div>
 <p>Changing a zone from insecure to secure can be done in two
   ways: using a dynamic DNS update, or the 
   <span><strong class="command">auto-dnssec</strong></span> zone option.</p>
@@ -1106,7 +1106,7 @@ options {
   well. An NSEC chain will be generated as part of the initial
   signing process.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563754"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563703"></a>Dynamic DNS update method</h3></div></div></div></div>
 <p>To insert the keys via dynamic update:</p>
 <pre class="screen">
         % nsupdate
@@ -1142,7 +1142,7 @@ options {
 <p>While the initial signing and NSEC/NSEC3 chain generation
   is happening, other updates are possible as well.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563790"></a>Fully automatic zone signing</h3></div></div></div></div>
+<a name="id2563739"></a>Fully automatic zone signing</h3></div></div></div></div>
 <p>To enable automatic signing, add the 
   <span><strong class="command">auto-dnssec</strong></span> option to the zone statement in 
   <code class="filename">named.conf</code>. 
@@ -1205,7 +1205,7 @@ options {
   configuration. If this has not been done, the configuration will
   fail.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563901"></a>Private-type records</h3></div></div></div></div>
+<a name="id2563987"></a>Private-type records</h3></div></div></div></div>
 <p>The state of the signing process is signaled by
   private-type records (with a default type value of 65534). When
   signing is complete, these records will have a nonzero value for
@@ -1246,12 +1246,12 @@ options {
 <p>
   </p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563939"></a>DNSKEY rollovers</h3></div></div></div></div>
+<a name="id2564024"></a>DNSKEY rollovers</h3></div></div></div></div>
 <p>As with insecure-to-secure conversions, rolling DNSSEC
   keys can be done in two ways: using a dynamic DNS update, or the 
   <span><strong class="command">auto-dnssec</strong></span> zone option.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563952"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2573662"></a>Dynamic DNS update method</h3></div></div></div></div>
 <p> To perform key rollovers via dynamic update, you need to add
   the <code class="filename">K*</code> files for the new keys so that 
   <span><strong class="command">named</strong></span> can find them. You can then add the new
@@ -1273,7 +1273,7 @@ options {
   <span><strong class="command">named</strong></span> will clean out any signatures generated
   by the old key after the update completes.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573610"></a>Automatic key rollovers</h3></div></div></div></div>
+<a name="id2573696"></a>Automatic key rollovers</h3></div></div></div></div>
 <p>When a new key reaches its activation date (as set by
   <span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
   if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to 
@@ -1288,27 +1288,27 @@ options {
   completes in 30 days, after which it will be safe to remove the
   old key from the DNSKEY RRset.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573637"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
+<a name="id2573722"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
 <p>Add the new NSEC3PARAM record via dynamic update. When the
   new NSEC3 chain has been generated, the NSEC3PARAM flag field
   will be zero. At this point you can remove the old NSEC3PARAM
   record. The old chain will be removed after the update request
   completes.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573646"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
+<a name="id2573732"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
 <p>To do this, you just need to add an NSEC3PARAM record. When
   the conversion is complete, the NSEC chain will have been removed
   and the NSEC3PARAM record will have a zero flag field. The NSEC3
   chain will be generated before the NSEC chain is
   destroyed.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573724"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
+<a name="id2573741"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
 <p>To do this, use <span><strong class="command">nsupdate</strong></span> to
   remove all NSEC3PARAM records with a zero flag
   field. The NSEC chain will be generated before the NSEC3 chain is
   removed.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573737"></a>Converting from secure to insecure</h3></div></div></div></div>
+<a name="id2573754"></a>Converting from secure to insecure</h3></div></div></div></div>
 <p>To convert a signed zone to unsigned using dynamic DNS,
   delete all the DNSKEY records from the zone apex using
   <span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@@ -1323,14 +1323,14 @@ options {
   <span><strong class="command">allow</strong></span> instead (or it will re-sign).
   </p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573774"></a>Periodic re-signing</h3></div></div></div></div>
+<a name="id2613045"></a>Periodic re-signing</h3></div></div></div></div>
 <p>In any secure zone which supports dynamic updates, <span><strong class="command">named</strong></span>
   will periodically re-sign RRsets which have not been re-signed as
   a result of some update action. The signature lifetimes will be
   adjusted so as to spread the re-sign load over time rather than
   all at once.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573788"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
+<a name="id2613059"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
 <p>
   <span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
   where all the NSEC3 records in the zone have the same OPTOUT
@@ -1352,7 +1352,7 @@ options {
   configuration files.</p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2573880"></a>Validating Resolver</h3></div></div></div>
+<a name="id2613492"></a>Validating Resolver</h3></div></div></div>
 <p>To configure a validating resolver to use RFC 5011 to
     maintain a trust anchor, configure the trust anchor using a 
     <span><strong class="command">managed-keys</strong></span> statement. Information about
@@ -1363,7 +1363,7 @@ options {
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2573902"></a>Authoritative Server</h3></div></div></div>
+<a name="id2613514"></a>Authoritative Server</h3></div></div></div>
 <p>To set up an authoritative zone for RFC 5011 trust anchor
     maintenance, generate two (or more) key signing keys (KSKs) for
     the zone. Sign the zone with one of them; this is the "active"
@@ -1460,7 +1460,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
   </p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2668489"></a>Prerequisites</h3></div></div></div>
+<a name="id2668643"></a>Prerequisites</h3></div></div></div>
 <p>
       See the documentation provided by your HSM vendor for
       information about installing, initializing, testing and
@@ -1469,7 +1469,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2668499"></a>Native PKCS#11</h3></div></div></div>
+<a name="id2668652"></a>Native PKCS#11</h3></div></div></div>
 <p>
       Native PKCS#11 mode will only work with an HSM capable of carrying
       out <span class="emphasis"><em>every</em></span> cryptographic operation BIND 9 may
@@ -1502,7 +1502,7 @@ $ <strong class="userinput"><code>./configure --enable-native-pkcs11 \
     </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613556"></a>Building SoftHSMv2</h4></div></div></div>
+<a name="id2613641"></a>Building SoftHSMv2</h4></div></div></div>
 <p>
 	SoftHSMv2, the latest development version of SoftHSM, is available
 	from
@@ -1540,7 +1540,7 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613690"></a>OpenSSL-based PKCS#11</h3></div></div></div>
+<a name="id2613844"></a>OpenSSL-based PKCS#11</h3></div></div></div>
 <p>
       OpenSSL-based PKCS#11 mode uses a modified version of the
       OpenSSL library; stock OpenSSL does not fully support PKCS#11.
@@ -1598,7 +1598,7 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
     </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613864"></a>Patching OpenSSL</h4></div></div></div>
+<a name="id2613949"></a>Patching OpenSSL</h4></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>wget <a href="" target="_top">http://www.openssl.org/source/openssl-0.9.8zc.tar.gz</a></code></strong>
   </pre>
@@ -1631,7 +1631,7 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8zc \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613923"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
+<a name="id2614213"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
 <p>
 	The AEP Keyper is a highly secure key storage device,
 	but does not provide hardware cryptographic acceleration. It
@@ -1673,7 +1673,7 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614129"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
+<a name="id2614282"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
 <p>
 	The SCA-6000 PKCS#11 provider is installed as a system
 	library, libpkcs11. It is a true crypto accelerator, up to 4
@@ -1702,7 +1702,7 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614178"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
+<a name="id2614331"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
 <p>
 	SoftHSM (version 1) is a software library developed by the
 	OpenDNSSEC project
@@ -1777,7 +1777,7 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
     </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2640821"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
+<a name="id2641043"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
 <p>
 	To link with the PKCS#11 provider, threads must be
 	enabled in the BIND 9 build.
@@ -1797,7 +1797,7 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2640853"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
+<a name="id2641075"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
 <p>
 	To link with the PKCS#11 provider, threads must be
 	enabled in the BIND 9 build.
@@ -1819,7 +1819,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2640889"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
+<a name="id2641179"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>cd ../bind9</code></strong>
 $ <strong class="userinput"><code>./configure --enable-threads \
@@ -1840,7 +1840,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2641006"></a>PKCS#11 Tools</h3></div></div></div>
+<a name="id2641228"></a>PKCS#11 Tools</h3></div></div></div>
 <p>
       BIND 9 includes a minimal set of tools to operate the
       HSM, including 
@@ -1863,7 +1863,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2641043"></a>Using the HSM</h3></div></div></div>
+<a name="id2641265"></a>Using the HSM</h3></div></div></div>
 <p>
       For OpenSSL-based PKCS#11, we must first set up the runtime
       environment so the OpenSSL and PKCS#11 libraries can be loaded:
@@ -1984,7 +1984,7 @@ example.net.signed
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2641329"></a>Specifying the engine on the command line</h3></div></div></div>
+<a name="id2641550"></a>Specifying the engine on the command line</h3></div></div></div>
 <p>
       When using OpenSSL-based PKCS#11, the "engine" to be used by
       OpenSSL can be specified in <span><strong class="command">named</strong></span> and all of
@@ -2016,7 +2016,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2641377"></a>Running named with automatic zone re-signing</h3></div></div></div>
+<a name="id2641598"></a>Running named with automatic zone re-signing</h3></div></div></div>
 <p>
       If you want <span><strong class="command">named</strong></span> to dynamically re-sign zones
       using HSM keys, and/or to to sign new records inserted via nsupdate,
@@ -2103,7 +2103,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
   </p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613958"></a>Configuring DLZ</h3></div></div></div>
+<a name="id2641691"></a>Configuring DLZ</h3></div></div></div>
 <p>
       A DLZ database is configured with a <span><strong class="command">dlz</strong></span>
       statement in <code class="filename">named.conf</code>:
@@ -2152,7 +2152,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2614032"></a>Sample DLZ Driver</h3></div></div></div>
+<a name="id2614117"></a>Sample DLZ Driver</h3></div></div></div>
 <p>
       For guidance in implementation of DLZ modules, the directory
       <code class="filename">contrib/dlz/example</code> contains a basic
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index a64cba17ac..942258d80c 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -78,28 +78,28 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
             Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592924"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593078"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
             Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593427"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593580"><span><strong class="command">trusted-keys</strong></span> Statement Definition
             and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593480"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593634"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
             and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593847"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594001"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
             Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595795"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596017"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
 </dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599639">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599724">Zone File</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602625">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602642">Discussion of MX Records</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603240">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603367">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603640"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603325">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603589">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603794"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -2392,7 +2392,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
     [<span class="optional"> lame-ttl <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-ncache-ttl <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> max-cache-ttl <em class="replaceable"><code>number</code></em>; </span>]
-    [<span class="optional"> max-zone-ttl <em class="replaceable"><code>number</code></em> ; </span>]
+    [<span class="optional"> max-zone-ttl ( <code class="constant">unlimited</code> | <em class="replaceable"><code>number</code></em> ; </span>]
     [<span class="optional"> servfail-ttl <em class="replaceable"><code>number</code></em>; </span>]
     [<span class="optional"> sig-validity-interval <em class="replaceable"><code>number</code></em> [<span class="optional"><em class="replaceable"><code>number</code></em></span>] ; </span>]
     [<span class="optional"> sig-signing-nodes <em class="replaceable"><code>number</code></em> ; </span>]
@@ -3207,6 +3207,11 @@ options {
                 load directly into memory, this option cannot be
                 used with them.)
               </p>
+<p>
+                The default value is <code class="constant">unlimited</code>.
+                A <code class="option">max-zone-ttl</code> of zero is treated as
+                <code class="constant">unlimited</code>.
+              </p>
 </dd>
 <dt><span class="term"><span><strong class="command">zone-statistics</strong></span></span></dt>
 <dd>
@@ -3976,12 +3981,16 @@ options {
                 </p></dd>
 <dt><span class="term"><span><strong class="command">dnssec-enable</strong></span></span></dt>
 <dd><p>
-                  Enable DNSSEC support in <span><strong class="command">named</strong></span>.  Unless set to <strong class="userinput"><code>yes</code></strong>,
-                  <span><strong class="command">named</strong></span> behaves as if it does not support DNSSEC.
+                  This indicates whether DNSSEC-related resource
+                  records are to be returned by <span><strong class="command">named</strong></span>.
+                  If set to <strong class="userinput"><code>no</code></strong>,
+                  <span><strong class="command">named</strong></span> will not return DNSSEC-related
+                  resource records unless specifically queried for.
                   The default is <strong class="userinput"><code>yes</code></strong>.
                 </p></dd>
 <dt><span class="term"><span><strong class="command">dnssec-validation</strong></span></span></dt>
-<dd><p>
+<dd>
+<p>
                   Enable DNSSEC validation in <span><strong class="command">named</strong></span>.
                   Note <span><strong class="command">dnssec-enable</strong></span> also needs to be
                   set to <strong class="userinput"><code>yes</code></strong> to be effective.
@@ -3994,7 +4003,17 @@ options {
                   a <span><strong class="command">trusted-keys</strong></span> or
                   <span><strong class="command">managed-keys</strong></span> statement.  The default
                   is <strong class="userinput"><code>yes</code></strong>.
-                </p></dd>
+                </p>
+<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
+<h3 class="title">Note</h3>
+<p>
+                    Whenever the resolver sends out queries to an
+                    EDNS-compliant server, it always sets the DO bit
+                    indicating it can support DNSSEC responses even if
+                    <span><strong class="command">dnssec-validation</strong></span> is off.
+                  </p>
+</div>
+</dd>
 <dt><span class="term"><span><strong class="command">dnssec-accept-expired</strong></span></span></dt>
 <dd><p>
                   Accept expired signatures when verifying DNSSEC signatures.
@@ -4223,7 +4242,7 @@ options {
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2584628"></a>Forwarding</h4></div></div></div>
+<a name="id2584654"></a>Forwarding</h4></div></div></div>
 <p>
             The forwarding facility can be used to create a large site-wide
             cache on a few servers, reducing traffic over links to external
@@ -4267,7 +4286,7 @@ options {
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2584755"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2584850"></a>Dual-stack Servers</h4></div></div></div>
 <p>
             Dual-stack servers are used as servers of last resort to work
             around
@@ -4545,7 +4564,7 @@ options {
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2585515"></a>Interfaces</h4></div></div></div>
+<a name="id2585610"></a>Interfaces</h4></div></div></div>
 <p>
             The interfaces and ports that the server will answer queries
             from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@@ -5022,7 +5041,7 @@ avoid-v6-udp-ports {};
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2586739"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2586834"></a>UDP Port Lists</h4></div></div></div>
 <p>
             <span><strong class="command">use-v4-udp-ports</strong></span>,
             <span><strong class="command">avoid-v4-udp-ports</strong></span>,
@@ -5064,7 +5083,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2586798"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2586893"></a>Operating System Resource Limits</h4></div></div></div>
 <p>
             The server's usage of many system resources can be limited.
             Scaled values are allowed when specifying resource limits.  For
@@ -5405,7 +5424,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2587634"></a>Periodic Task Intervals</h4></div></div></div>
+<a name="id2587729"></a>Periodic Task Intervals</h4></div></div></div>
 <div class="variablelist"><dl>
 <dt><span class="term"><span><strong class="command">cleaning-interval</strong></span></span></dt>
 <dd><p>
@@ -6447,7 +6466,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2590382"></a>Content Filtering</h4></div></div></div>
+<a name="id2590341"></a>Content Filtering</h4></div></div></div>
 <p>
             <acronym class="acronym">BIND</acronym> 9 provides the ability to filter
             out DNS responses from external DNS servers containing
@@ -6570,7 +6589,7 @@ deny-answer-aliases { "example.net"; };
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2590645"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
+<a name="id2590672"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
 <p>
             <acronym class="acronym">BIND</acronym> 9 includes a limited
             mechanism to modify DNS responses for requests
@@ -6948,7 +6967,7 @@ example.com                 CNAME   rpz-tcp-only.
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2591429"></a>Response Rate Limiting</h4></div></div></div>
+<a name="id2591456"></a>Response Rate Limiting</h4></div></div></div>
 <p>
             Excessive almost identical UDP <span class="emphasis"><em>responses</em></span>
             can be controlled by configuring a
@@ -7248,7 +7267,7 @@ example.com                 CNAME   rpz-tcp-only.
     [<span class="optional"> tcp-only <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
     [<span class="optional"> transfers <em class="replaceable"><code>number</code></em> ; </span>]
     [<span class="optional"> transfer-format <em class="replaceable"><code>( one-answer | many-answers )</code></em> ; ]</span>]
-    [<span class="optional"> keys <em class="replaceable"><code>{ string ; [<span class="optional"> string ; [<span class="optional">...</span>]</span>] }</code></em> ; </span>]
+    [<span class="optional"> keys { <em class="replaceable"><code>key_id</code></em> }; </span>]
     [<span class="optional"> transfer-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
     [<span class="optional"> transfer-source-v6 (<em class="replaceable"><code>ip6_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
     [<span class="optional"> notify-source (<em class="replaceable"><code>ip4_addr</code></em> | <code class="constant">*</code>) [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
@@ -7442,11 +7461,7 @@ example.com                 CNAME   rpz-tcp-only.
             to be signed by this key.
           </p>
 <p>
-            Although the grammar of the <span><strong class="command">keys</strong></span>
-            clause
-            allows for multiple keys, only a single key per server is
-            currently
-            supported.
+            Only a single key per server is currently supported.
           </p>
 <p>
             The <span><strong class="command">transfer-source</strong></span> and
@@ -7511,7 +7526,7 @@ example.com                 CNAME   rpz-tcp-only.
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2592924"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<a name="id2593078"></a><span><strong class="command">statistics-channels</strong></span> Statement Definition and
             Usage</h3></div></div></div>
 <p>
           The <span><strong class="command">statistics-channels</strong></span> statement
@@ -7631,7 +7646,7 @@ example.com                 CNAME   rpz-tcp-only.
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2593427"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2593580"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
             and Usage</h3></div></div></div>
 <p>
             The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -7675,7 +7690,7 @@ example.com                 CNAME   rpz-tcp-only.
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2593480"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2593634"></a><span><strong class="command">managed-keys</strong></span> Statement Grammar</h3></div></div></div>
 <pre class="programlisting"><span><strong class="command">managed-keys</strong></span> {
     <em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ;
     [<span class="optional"> <em class="replaceable"><code>name</code></em> initial-key <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key-data</code></em> ; [<span class="optional">...</span>]</span>]
@@ -7813,7 +7828,7 @@ example.com                 CNAME   rpz-tcp-only.
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2593847"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2594001"></a><span><strong class="command">view</strong></span> Statement Definition and Usage</h3></div></div></div>
 <p>
             The <span><strong class="command">view</strong></span> statement is a powerful
             feature
@@ -8135,10 +8150,10 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2595795"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
+<a name="id2596017"></a><span><strong class="command">zone</strong></span> Statement Definition and Usage</h3></div></div></div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2595802"></a>Zone Types</h4></div></div></div>
+<a name="id2596024"></a>Zone Types</h4></div></div></div>
 <div class="informaltable"><table border="1">
 <colgroup>
 <col>
@@ -8456,7 +8471,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2596547"></a>Class</h4></div></div></div>
+<a name="id2596632"></a>Class</h4></div></div></div>
 <p>
               The zone's name may optionally be followed by a class. If
               a class is not specified, class <code class="literal">IN</code> (for <code class="varname">Internet</code>),
@@ -8478,7 +8493,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2596580"></a>Zone Options</h4></div></div></div>
+<a name="id2596733"></a>Zone Options</h4></div></div></div>
 <div class="variablelist"><dl>
 <dt><span class="term"><span><strong class="command">allow-notify</strong></span></span></dt>
 <dd><p>
@@ -9409,7 +9424,7 @@ example.com. NS ns2.example.net.
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2599441"></a>Multiple views</h4></div></div></div>
+<a name="id2599662"></a>Multiple views</h4></div></div></div>
 <p>
               When multiple views are in use, a zone may be
               referenced by more than one of them. Often, the views
@@ -9471,7 +9486,7 @@ view external {
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599639"></a>Zone File</h2></div></div></div>
+<a name="id2599724"></a>Zone File</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -9484,7 +9499,7 @@ view external {
           </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2599657"></a>Resource Records</h4></div></div></div>
+<a name="id2599742"></a>Resource Records</h4></div></div></div>
 <p>
               A domain name identifies a node.  Each node has a set of
               resource information, which may be empty.  The set of resource
@@ -10584,7 +10599,7 @@ view external {
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2602036"></a>Textual expression of RRs</h4></div></div></div>
+<a name="id2602121"></a>Textual expression of RRs</h4></div></div></div>
 <p>
               RRs are represented in binary form in the packets of the DNS
               protocol, and are usually represented in highly encoded form
@@ -10787,7 +10802,7 @@ view external {
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2602625"></a>Discussion of MX Records</h3></div></div></div>
+<a name="id2602642"></a>Discussion of MX Records</h3></div></div></div>
 <p>
             As described above, domain servers store information as a
             series of resource records, each of which contains a particular
@@ -11042,7 +11057,7 @@ view external {
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2603240"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2603325"></a>Inverse Mapping in IPv4</h3></div></div></div>
 <p>
             Reverse name resolution (that is, translation from IP address
             to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -11103,7 +11118,7 @@ view external {
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2603367"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2603589"></a>Other Zone File Directives</h3></div></div></div>
 <p>
             The Master File Format was initially defined in RFC 1035 and
             has subsequently been extended. While the Master File Format
@@ -11118,7 +11133,7 @@ view external {
           </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2603389"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="id2603611"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
 <p>
               When used in the label (or name) field, the asperand or
               at-sign (@) symbol represents the current origin.
@@ -11129,7 +11144,7 @@ view external {
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2603405"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2603627"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
 <p>
               Syntax: <span><strong class="command">$ORIGIN</strong></span>
               <em class="replaceable"><code>domain-name</code></em>
@@ -11158,7 +11173,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2603466"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2603688"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
 <p>
               Syntax: <span><strong class="command">$INCLUDE</strong></span>
               <em class="replaceable"><code>filename</code></em>
@@ -11194,7 +11209,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2603604"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2603757"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
 <p>
               Syntax: <span><strong class="command">$TTL</strong></span>
               <em class="replaceable"><code>default-ttl</code></em>
@@ -11213,7 +11228,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2603640"></a><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2603794"></a><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
 <p>
             Syntax: <span><strong class="command">$GENERATE</strong></span>
             <em class="replaceable"><code>range</code></em>
@@ -11656,7 +11671,7 @@ HOST-127.EXAMPLE. MX 0 .
           </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2604702"></a>Name Server Statistics Counters</h4></div></div></div>
+<a name="id2604856"></a>Name Server Statistics Counters</h4></div></div></div>
 <div class="informaltable"><table border="1">
 <colgroup>
 <col>
@@ -12279,7 +12294,7 @@ HOST-127.EXAMPLE. MX 0 .
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2606472"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="id2606557"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
 <div class="informaltable"><table border="1">
 <colgroup>
 <col>
@@ -12433,7 +12448,7 @@ HOST-127.EXAMPLE. MX 0 .
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2606923"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="id2607009"></a>Resolver Statistics Counters</h4></div></div></div>
 <div class="informaltable"><table border="1">
 <colgroup>
 <col>
@@ -12816,7 +12831,7 @@ HOST-127.EXAMPLE. MX 0 .
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2607877"></a>Socket I/O Statistics Counters</h4></div></div></div>
+<a name="id2608030"></a>Socket I/O Statistics Counters</h4></div></div></div>
 <p>
               Socket I/O statistics counters are defined per socket
               types, which are
@@ -12971,7 +12986,7 @@ HOST-127.EXAMPLE. MX 0 .
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2608387"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="id2608540"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
 <p>
               Most statistics counters that were available
               in <span><strong class="command">BIND</strong></span> 8 are also supported in
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 410b275986..f948b9b626 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -46,10 +46,10 @@
 <p><b>Table of Contents</b></p>
 <dl>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2608797"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2608951"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608878">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608938">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609032">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609092">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
 </dl>
@@ -245,7 +245,7 @@ allow-query { !{ !10/8; any; }; key example; };
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2608797"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
+<a name="id2608951"></a><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span>
 </h2></div></div></div>
 <p>
           On UNIX servers, it is possible to run <acronym class="acronym">BIND</acronym>
@@ -271,7 +271,7 @@ allow-query { !{ !10/8; any; }; key example; };
         </p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2608878"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2609032"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
 <p>
             In order for a <span><strong class="command">chroot</strong></span> environment
             to
@@ -299,7 +299,7 @@ allow-query { !{ !10/8; any; }; key example; };
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2608938"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2609092"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
 <p>
             Prior to running the <span><strong class="command">named</strong></span> daemon,
             use
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 073315a288..1ee0249ef8 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -45,18 +45,18 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609018">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609024">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609035">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609052">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609172">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609177">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609189">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609206">Where Can I Get Help?</a></span></dt>
 </dl>
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2609018"></a>Common Problems</h2></div></div></div>
+<a name="id2609172"></a>Common Problems</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2609024"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2609177"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
 <p>
             The best solution to solving installation and
             configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2609035"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2609189"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
 <p>
           Zone serial numbers are just numbers &#8212; they aren't
           date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2609052"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2609206"></a>Where Can I Get Help?</h2></div></div></div>
 <p>
           The Internet Systems Consortium
           (<acronym class="acronym">ISC</acronym>) offers a wide range
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index bf118a50c3..0c2b225c73 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -45,7 +45,7 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2613106">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2613091">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -60,7 +60,7 @@
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2613106"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
+<a name="id2613091"></a>Release Notes for BIND Version 9.11.0pre-alpha</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html
index f9b95da2c5..13ec78254f 100644
--- a/doc/arm/Bv9ARM.ch11.html
+++ b/doc/arm/Bv9ARM.ch11.html
@@ -50,7 +50,7 @@
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2612708">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2612793">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
 </dl></dd>
 </dl>
 </div>
@@ -140,17 +140,17 @@
           </p>
 <div class="bibliography">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2609547"></a>Bibliography</h4></div></div></div>
+<a name="id2609769"></a>Bibliography</h4></div></div></div>
 <div class="bibliodiv">
 <h3 class="title">Standards</h3>
 <div class="biblioentry">
-<a name="id2609558"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2609780"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609718"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2609803"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609741"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
+<a name="id2609827"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
                   Specification</i>. </span><span class="pubdate">November 1987. </span></p>
 </div>
 </div>
@@ -158,42 +158,42 @@
 <h3 class="title">
 <a name="proposed_standards"></a>Proposed Standards</h3>
 <div class="biblioentry">
-<a name="id2609778"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
+<a name="id2609863"></a><p>[<abbr class="abbrev">RFC2181</abbr>] <span class="author"><span class="firstname">R., R. Bush</span> <span class="surname">Elz</span>. </span><span class="title"><i>Clarifications to the <acronym class="acronym">DNS</acronym>
                   Specification</i>. </span><span class="pubdate">July 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609804"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
+<a name="id2609890"></a><p>[<abbr class="abbrev">RFC2308</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Andrews</span>. </span><span class="title"><i>Negative Caching of <acronym class="acronym">DNS</acronym>
                   Queries</i>. </span><span class="pubdate">March 1998. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609830"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2609915"></a><p>[<abbr class="abbrev">RFC1995</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Ohta</span>. </span><span class="title"><i>Incremental Zone Transfer in <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">August 1996. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609854"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2609940"></a><p>[<abbr class="abbrev">RFC1996</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A Mechanism for Prompt Notification of Zone Changes</i>. </span><span class="pubdate">August 1996. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609878"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2609963"></a><p>[<abbr class="abbrev">RFC2136</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">Y.</span> <span class="surname">Rekhter</span>, and <span class="firstname">J.</span> <span class="surname">Bound</span>. </span><span class="title"><i>Dynamic Updates in the Domain Name System</i>. </span><span class="pubdate">April 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609933"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
+<a name="id2610087"></a><p>[<abbr class="abbrev">RFC2671</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Extension Mechanisms for DNS (EDNS0)</i>. </span><span class="pubdate">August 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609960"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2610114"></a><p>[<abbr class="abbrev">RFC2672</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Non-Terminal DNS Name Redirection</i>. </span><span class="pubdate">August 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609987"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2610140"></a><p>[<abbr class="abbrev">RFC2845</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>, <span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, and <span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secret Key Transaction Authentication for <acronym class="acronym">DNS</acronym> (TSIG)</i>. </span><span class="pubdate">May 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610117"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2610202"></a><p>[<abbr class="abbrev">RFC2930</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secret Key Establishment for DNS (TKEY RR)</i>. </span><span class="pubdate">September 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610147"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2610232"></a><p>[<abbr class="abbrev">RFC2931</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DNS Request and Transaction Signatures (SIG(0)s)</i>. </span><span class="pubdate">September 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610177"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
+<a name="id2610262"></a><p>[<abbr class="abbrev">RFC3007</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Secure Domain Name System (DNS) Dynamic Update</i>. </span><span class="pubdate">November 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610203"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
+<a name="id2610289"></a><p>[<abbr class="abbrev">RFC3645</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Kwan</span>, <span class="firstname">P.</span> <span class="surname">Garg</span>, <span class="firstname">J.</span> <span class="surname">Gilroy</span>, <span class="firstname">L.</span> <span class="surname">Esibov</span>, <span class="firstname">J.</span> <span class="surname">Westhead</span>, and <span class="firstname">R.</span> <span class="surname">Hall</span>. </span><span class="title"><i>Generic Security Service Algorithm for Secret
                        Key Transaction Authentication for DNS
                        (GSS-TSIG)</i>. </span><span class="pubdate">October 2003. </span></p>
 </div>
@@ -202,19 +202,19 @@
 <h3 class="title">
 <acronym class="acronym">DNS</acronym> Security Proposed Standards</h3>
 <div class="biblioentry">
-<a name="id2610285"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
+<a name="id2610371"></a><p>[<abbr class="abbrev">RFC3225</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Conrad</span>. </span><span class="title"><i>Indicating Resolver Support of DNSSEC</i>. </span><span class="pubdate">December 2001. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610312"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2610397"></a><p>[<abbr class="abbrev">RFC3833</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Atkins</span> and <span class="firstname">R.</span> <span class="surname">Austein</span>. </span><span class="title"><i>Threat Analysis of the Domain Name System (DNS)</i>. </span><span class="pubdate">August 2004. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610348"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2610434"></a><p>[<abbr class="abbrev">RFC4033</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>DNS Security Introduction and Requirements</i>. </span><span class="pubdate">March 2005. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610413"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
+<a name="id2610499"></a><p>[<abbr class="abbrev">RFC4034</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Resource Records for the DNS Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610478"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
+<a name="id2610564"></a><p>[<abbr class="abbrev">RFC4035</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Arends</span>, <span class="firstname">R.</span> <span class="surname">Austein</span>, <span class="firstname">M.</span> <span class="surname">Larson</span>, <span class="firstname">D.</span> <span class="surname">Massey</span>, and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Protocol Modifications for the DNS
                        Security Extensions</i>. </span><span class="pubdate">March 2005. </span></p>
 </div>
 </div>
@@ -222,146 +222,146 @@
 <h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
                 Implementation</h3>
 <div class="biblioentry">
-<a name="id2610552"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2610637"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
                   Deployed <acronym class="acronym">DNS</acronym> Software</i>. </span><span class="pubdate">October 1993. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610578"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id2610731"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
                   Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610714"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
+<a name="id2610800"></a><p>[<abbr class="abbrev">RFC1982</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Elz</span> and <span class="firstname">R.</span> <span class="surname">Bush</span>. </span><span class="title"><i>Serial Number Arithmetic</i>. </span><span class="pubdate">August 1996. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610749"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
+<a name="id2610835"></a><p>[<abbr class="abbrev">RFC4074</abbr>] <span class="authorgroup"><span class="firstname">Y.</span> <span class="surname">Morishita</span> and <span class="firstname">T.</span> <span class="surname">Jinmei</span>. </span><span class="title"><i>Common Misbehaviour Against <acronym class="acronym">DNS</acronym>
                 Queries for IPv6 Addresses</i>. </span><span class="pubdate">May 2005. </span></p>
 </div>
 </div>
 <div class="bibliodiv">
 <h3 class="title">Resource Record Types</h3>
 <div class="biblioentry">
-<a name="id2610795"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
+<a name="id2610881"></a><p>[<abbr class="abbrev">RFC1183</abbr>] <span class="authorgroup"><span class="firstname">C.F.</span> <span class="surname">Everhart</span>, <span class="firstname">L. A.</span> <span class="surname">Mamakos</span>, <span class="firstname">R.</span> <span class="surname">Ullmann</span>, and <span class="firstname">P.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>New <acronym class="acronym">DNS</acronym> RR Definitions</i>. </span><span class="pubdate">October 1990. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610853"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
+<a name="id2610938"></a><p>[<abbr class="abbrev">RFC1706</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">R.</span> <span class="surname">Colella</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> NSAP Resource Records</i>. </span><span class="pubdate">October 1994. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610890"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
+<a name="id2610976"></a><p>[<abbr class="abbrev">RFC2168</abbr>] <span class="authorgroup"><span class="firstname">R.</span> <span class="surname">Daniel</span> and <span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="title"><i>Resolution of Uniform Resource Identifiers using
                   the Domain Name System</i>. </span><span class="pubdate">June 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610925"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
+<a name="id2611011"></a><p>[<abbr class="abbrev">RFC1876</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Davis</span>, <span class="firstname">P.</span> <span class="surname">Vixie</span>, <span class="firstname">T.</span>, and <span class="firstname">I.</span> <span class="surname">Dickinson</span>. </span><span class="title"><i>A Means for Expressing Location Information in the
                   Domain
                   Name System</i>. </span><span class="pubdate">January 1996. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2610980"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
+<a name="id2611065"></a><p>[<abbr class="abbrev">RFC2052</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>A <acronym class="acronym">DNS</acronym> RR for Specifying the
                   Location of
                   Services</i>. </span><span class="pubdate">October 1996. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611018"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
+<a name="id2611104"></a><p>[<abbr class="abbrev">RFC2163</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Allocchio</span>. </span><span class="title"><i>Using the Internet <acronym class="acronym">DNS</acronym> to
                   Distribute MIXER
                   Conformant Global Address Mapping</i>. </span><span class="pubdate">January 1998. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611044"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
+<a name="id2611129"></a><p>[<abbr class="abbrev">RFC2230</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Atkinson</span>. </span><span class="title"><i>Key Exchange Delegation Record for the <acronym class="acronym">DNS</acronym></i>. </span><span class="pubdate">October 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611069"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2611155"></a><p>[<abbr class="abbrev">RFC2536</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>DSA KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611096"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2611181"></a><p>[<abbr class="abbrev">RFC2537</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/MD5 KEYs and SIGs in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611123"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2611208"></a><p>[<abbr class="abbrev">RFC2538</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Storing Certificates in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611162"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2611248"></a><p>[<abbr class="abbrev">RFC2539</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Storage of Diffie-Hellman Keys in the Domain Name System (DNS)</i>. </span><span class="pubdate">March 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611192"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2611277"></a><p>[<abbr class="abbrev">RFC2540</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Detached Domain Name System (DNS) Information</i>. </span><span class="pubdate">March 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611222"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
+<a name="id2611307"></a><p>[<abbr class="abbrev">RFC2782</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gulbrandsen</span>. </span><span class="author"><span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="author"><span class="firstname">L.</span> <span class="surname">Esibov</span>. </span><span class="title"><i>A DNS RR for specifying the location of services (DNS SRV)</i>. </span><span class="pubdate">February 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611265"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2611350"></a><p>[<abbr class="abbrev">RFC2915</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Mealling</span>. </span><span class="author"><span class="firstname">R.</span> <span class="surname">Daniel</span>. </span><span class="title"><i>The Naming Authority Pointer (NAPTR) DNS Resource Record</i>. </span><span class="pubdate">September 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611298"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
+<a name="id2611383"></a><p>[<abbr class="abbrev">RFC3110</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS)</i>. </span><span class="pubdate">May 2001. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611324"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
+<a name="id2611410"></a><p>[<abbr class="abbrev">RFC3123</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Koch</span>. </span><span class="title"><i>A DNS RR Type for Lists of Address Prefixes (APL RR)</i>. </span><span class="pubdate">June 2001. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611348"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
+<a name="id2611433"></a><p>[<abbr class="abbrev">RFC3596</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Thomson</span>, <span class="firstname">C.</span> <span class="surname">Huitema</span>, <span class="firstname">V.</span> <span class="surname">Ksinant</span>, and <span class="firstname">M.</span> <span class="surname">Souissi</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Extensions to support IP
                   version 6</i>. </span><span class="pubdate">October 2003. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611405"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
+<a name="id2611491"></a><p>[<abbr class="abbrev">RFC3597</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Gustafsson</span>. </span><span class="title"><i>Handling of Unknown DNS Resource Record (RR) Types</i>. </span><span class="pubdate">September 2003. </span></p>
 </div>
 </div>
 <div class="bibliodiv">
 <h3 class="title">
 <acronym class="acronym">DNS</acronym> and the Internet</h3>
 <div class="biblioentry">
-<a name="id2611437"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
+<a name="id2611523"></a><p>[<abbr class="abbrev">RFC1101</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Network Names
                   and Other Types</i>. </span><span class="pubdate">April 1989. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611463"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
+<a name="id2611548"></a><p>[<abbr class="abbrev">RFC1123</abbr>] <span class="author"><span class="surname">Braden</span>. </span><span class="title"><i>Requirements for Internet Hosts - Application and
                   Support</i>. </span><span class="pubdate">October 1989. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611485"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
+<a name="id2611571"></a><p>[<abbr class="abbrev">RFC1591</abbr>] <span class="author"><span class="firstname">J.</span> <span class="surname">Postel</span>. </span><span class="title"><i>Domain Name System Structure and Delegation</i>. </span><span class="pubdate">March 1994. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611509"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
+<a name="id2611594"></a><p>[<abbr class="abbrev">RFC2317</abbr>] <span class="authorgroup"><span class="firstname">H.</span> <span class="surname">Eidnes</span>, <span class="firstname">G.</span> <span class="surname">de Groot</span>, and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Classless IN-ADDR.ARPA Delegation</i>. </span><span class="pubdate">March 1998. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611555"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
+<a name="id2611640"></a><p>[<abbr class="abbrev">RFC2826</abbr>] <span class="authorgroup"><span class="surname">Internet Architecture Board</span>. </span><span class="title"><i>IAB Technical Comment on the Unique DNS Root</i>. </span><span class="pubdate">May 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611578"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
+<a name="id2611664"></a><p>[<abbr class="abbrev">RFC2929</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>, <span class="firstname">E.</span> <span class="surname">Brunner-Williams</span>, and <span class="firstname">B.</span> <span class="surname">Manning</span>. </span><span class="title"><i>Domain Name System (DNS) IANA Considerations</i>. </span><span class="pubdate">September 2000. </span></p>
 </div>
 </div>
 <div class="bibliodiv">
 <h3 class="title">
 <acronym class="acronym">DNS</acronym> Operations</h3>
 <div class="biblioentry">
-<a name="id2611636"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2611721"></a><p>[<abbr class="abbrev">RFC1033</abbr>] <span class="author"><span class="firstname">M.</span> <span class="surname">Lottor</span>. </span><span class="title"><i>Domain administrators operations guide</i>. </span><span class="pubdate">November 1987. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611659"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
+<a name="id2611745"></a><p>[<abbr class="abbrev">RFC1537</abbr>] <span class="author"><span class="firstname">P.</span> <span class="surname">Beertema</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Data File
                   Configuration Errors</i>. </span><span class="pubdate">October 1993. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611686"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
+<a name="id2611771"></a><p>[<abbr class="abbrev">RFC1912</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Barr</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Operational and
                   Configuration Errors</i>. </span><span class="pubdate">February 1996. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611713"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers</i>. </span><span class="pubdate">October 1996. </span></p>
+<a name="id2611798"></a><p>[<abbr class="abbrev">RFC2010</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Manning</span> and <span class="firstname">P.</span> <span class="surname">Vixie</span>. </span><span class="title"><i>Operational Criteria for Root Name Servers</i>. </span><span class="pubdate">October 1996. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611749"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
+<a name="id2611834"></a><p>[<abbr class="abbrev">RFC2219</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Hamilton</span> and <span class="firstname">R.</span> <span class="surname">Wright</span>. </span><span class="title"><i>Use of <acronym class="acronym">DNS</acronym> Aliases for
                   Network Services</i>. </span><span class="pubdate">October 1997. </span></p>
 </div>
 </div>
 <div class="bibliodiv">
 <h3 class="title">Internationalized Domain Names</h3>
 <div class="biblioentry">
-<a name="id2611795"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
+<a name="id2611880"></a><p>[<abbr class="abbrev">RFC2825</abbr>] <span class="authorgroup"><span class="surname">IAB</span> and <span class="firstname">R.</span> <span class="surname">Daigle</span>. </span><span class="title"><i>A Tangled Web: Issues of I18N, Domain Names,
                        and the Other Internet protocols</i>. </span><span class="pubdate">May 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611827"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2611912"></a><p>[<abbr class="abbrev">RFC3490</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Faltstrom</span>, <span class="firstname">P.</span> <span class="surname">Hoffman</span>, and <span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Internationalizing Domain Names in Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611873"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
+<a name="id2611958"></a><p>[<abbr class="abbrev">RFC3491</abbr>] <span class="authorgroup"><span class="firstname">P.</span> <span class="surname">Hoffman</span> and <span class="firstname">M.</span> <span class="surname">Blanchet</span>. </span><span class="title"><i>Nameprep: A Stringprep Profile for Internationalized Domain Names</i>. </span><span class="pubdate">March 2003. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611908"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
+<a name="id2611993"></a><p>[<abbr class="abbrev">RFC3492</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Costello</span>. </span><span class="title"><i>Punycode: A Bootstring encoding of Unicode
                        for Internationalized Domain Names in
                        Applications (IDNA)</i>. </span><span class="pubdate">March 2003. </span></p>
 </div>
@@ -377,47 +377,47 @@
                 </p>
 </div>
 <div class="biblioentry">
-<a name="id2611953"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
+<a name="id2612038"></a><p>[<abbr class="abbrev">RFC1464</abbr>] <span class="author"><span class="firstname">R.</span> <span class="surname">Rosenbaum</span>. </span><span class="title"><i>Using the Domain Name System To Store Arbitrary String
                   Attributes</i>. </span><span class="pubdate">May 1993. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2611975"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
+<a name="id2612060"></a><p>[<abbr class="abbrev">RFC1713</abbr>] <span class="author"><span class="firstname">A.</span> <span class="surname">Romao</span>. </span><span class="title"><i>Tools for <acronym class="acronym">DNS</acronym> Debugging</i>. </span><span class="pubdate">November 1994. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612001"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
+<a name="id2612086"></a><p>[<abbr class="abbrev">RFC1794</abbr>] <span class="author"><span class="firstname">T.</span> <span class="surname">Brisco</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Support for Load
                   Balancing</i>. </span><span class="pubdate">April 1995. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612026"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
+<a name="id2612112"></a><p>[<abbr class="abbrev">RFC2240</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Legal Basis for Domain Name Allocation</i>. </span><span class="pubdate">November 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612050"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2612135"></a><p>[<abbr class="abbrev">RFC2345</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>, <span class="firstname">T.</span> <span class="surname">Wolf</span>, and <span class="firstname">G.</span> <span class="surname">Oglesby</span>. </span><span class="title"><i>Domain Names and Company Name Retrieval</i>. </span><span class="pubdate">May 1998. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612096"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
+<a name="id2612181"></a><p>[<abbr class="abbrev">RFC2352</abbr>] <span class="author"><span class="firstname">O.</span> <span class="surname">Vaughan</span>. </span><span class="title"><i>A Convention For Using Legal Names as Domain Names</i>. </span><span class="pubdate">May 1998. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612119"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
+<a name="id2612204"></a><p>[<abbr class="abbrev">RFC3071</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Klensin</span>. </span><span class="title"><i>Reflections on the DNS, RFC 1591, and Categories of Domains</i>. </span><span class="pubdate">February 2001. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612146"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
+<a name="id2612231"></a><p>[<abbr class="abbrev">RFC3258</abbr>] <span class="authorgroup"><span class="firstname">T.</span> <span class="surname">Hardie</span>. </span><span class="title"><i>Distributing Authoritative Name Servers via
                        Shared Unicast Addresses</i>. </span><span class="pubdate">April 2002. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612171"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
+<a name="id2612257"></a><p>[<abbr class="abbrev">RFC3901</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Durand</span> and <span class="firstname">J.</span> <span class="surname">Ihren</span>. </span><span class="title"><i>DNS IPv6 Transport Operational Guidelines</i>. </span><span class="pubdate">September 2004. </span></p>
 </div>
 </div>
 <div class="bibliodiv">
 <h3 class="title">Obsolete and Unimplemented Experimental RFC</h3>
 <div class="biblioentry">
-<a name="id2612215"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
+<a name="id2612300"></a><p>[<abbr class="abbrev">RFC1712</abbr>] <span class="authorgroup"><span class="firstname">C.</span> <span class="surname">Farrell</span>, <span class="firstname">M.</span> <span class="surname">Schulze</span>, <span class="firstname">S.</span> <span class="surname">Pleitner</span>, and <span class="firstname">D.</span> <span class="surname">Baldoni</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> Encoding of Geographical
                   Location</i>. </span><span class="pubdate">November 1994. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612273"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
+<a name="id2612358"></a><p>[<abbr class="abbrev">RFC2673</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span>. </span><span class="title"><i>Binary Labels in the Domain Name System</i>. </span><span class="pubdate">August 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612299"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
+<a name="id2612385"></a><p>[<abbr class="abbrev">RFC2874</abbr>] <span class="authorgroup"><span class="firstname">M.</span> <span class="surname">Crawford</span> and <span class="firstname">C.</span> <span class="surname">Huitema</span>. </span><span class="title"><i>DNS Extensions to Support IPv6 Address Aggregation
                        and Renumbering</i>. </span><span class="pubdate">July 2000. </span></p>
 </div>
 </div>
@@ -431,39 +431,39 @@
                 </p>
 </div>
 <div class="biblioentry">
-<a name="id2612347"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
+<a name="id2612433"></a><p>[<abbr class="abbrev">RFC2065</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span> and <span class="firstname">C.</span> <span class="surname">Kaufman</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">January 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612387"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
+<a name="id2612472"></a><p>[<abbr class="abbrev">RFC2137</abbr>] <span class="author"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Secure Domain Name System Dynamic Update</i>. </span><span class="pubdate">April 1997. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612413"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
+<a name="id2612499"></a><p>[<abbr class="abbrev">RFC2535</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Eastlake</span>, <span class="lineage">3rd</span>. </span><span class="title"><i>Domain Name System Security Extensions</i>. </span><span class="pubdate">March 1999. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612443"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
+<a name="id2612529"></a><p>[<abbr class="abbrev">RFC3008</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span>. </span><span class="title"><i>Domain Name System Security (DNSSEC)
                        Signing Authority</i>. </span><span class="pubdate">November 2000. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612469"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
+<a name="id2612554"></a><p>[<abbr class="abbrev">RFC3090</abbr>] <span class="authorgroup"><span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>DNS Security Extension Clarification on Zone Status</i>. </span><span class="pubdate">March 2001. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612496"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
+<a name="id2612581"></a><p>[<abbr class="abbrev">RFC3445</abbr>] <span class="authorgroup"><span class="firstname">D.</span> <span class="surname">Massey</span> and <span class="firstname">S.</span> <span class="surname">Rose</span>. </span><span class="title"><i>Limiting the Scope of the KEY Resource Record (RR)</i>. </span><span class="pubdate">December 2002. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612532"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
+<a name="id2612617"></a><p>[<abbr class="abbrev">RFC3655</abbr>] <span class="authorgroup"><span class="firstname">B.</span> <span class="surname">Wellington</span> and <span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Redefinition of DNS Authenticated Data (AD) bit</i>. </span><span class="pubdate">November 2003. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612568"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
+<a name="id2612653"></a><p>[<abbr class="abbrev">RFC3658</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Gudmundsson</span>. </span><span class="title"><i>Delegation Signer (DS) Resource Record (RR)</i>. </span><span class="pubdate">December 2003. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612595"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
+<a name="id2612680"></a><p>[<abbr class="abbrev">RFC3755</abbr>] <span class="authorgroup"><span class="firstname">S.</span> <span class="surname">Weiler</span>. </span><span class="title"><i>Legacy Resolver Compatibility for Delegation Signer (DS)</i>. </span><span class="pubdate">May 2004. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612621"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
+<a name="id2612707"></a><p>[<abbr class="abbrev">RFC3757</abbr>] <span class="authorgroup"><span class="firstname">O.</span> <span class="surname">Kolkman</span>, <span class="firstname">J.</span> <span class="surname">Schlyter</span>, and <span class="firstname">E.</span> <span class="surname">Lewis</span>. </span><span class="title"><i>Domain Name System KEY (DNSKEY) Resource Record
                       (RR) Secure Entry Point (SEP) Flag</i>. </span><span class="pubdate">April 2004. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2612666"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
+<a name="id2612752"></a><p>[<abbr class="abbrev">RFC3845</abbr>] <span class="authorgroup"><span class="firstname">J.</span> <span class="surname">Schlyter</span>. </span><span class="title"><i>DNS Security (DNSSEC) NextSECure (NSEC) RDATA Format</i>. </span><span class="pubdate">August 2004. </span></p>
 </div>
 </div>
 </div>
@@ -484,14 +484,14 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2612708"></a>Other Documents About <acronym class="acronym">BIND</acronym>
+<a name="id2612793"></a>Other Documents About <acronym class="acronym">BIND</acronym>
 </h3></div></div></div>
 <p></p>
 <div class="bibliography">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2612717"></a>Bibliography</h4></div></div></div>
+<a name="id2612803"></a>Bibliography</h4></div></div></div>
 <div class="biblioentry">
-<a name="id2612720"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
+<a name="id2612805"></a><p><span class="authorgroup"><span class="firstname">Paul</span> <span class="surname">Albitz</span> and <span class="firstname">Cricket</span> <span class="surname">Liu</span>. </span><span class="title"><i><acronym class="acronym">DNS</acronym> and <acronym class="acronym">BIND</acronym></i>. </span><span class="copyright">Copyright © 1998 Sebastopol, CA: O'Reilly and Associates. </span></p>
 </div>
 </div>
 </div>
diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index 81c7d8b326..cf11592305 100644
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -47,13 +47,13 @@
 <dl>
 <dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615120">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615129">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615154">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615253">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615330">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615356">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2617012">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616092">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616102">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615239">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615270">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615347">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615373">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2617370">Library References</a></span></dt>
 </dl></dd>
 </dl>
 </div>
@@ -89,7 +89,7 @@
 </ul></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615120"></a>Prerequisite</h3></div></div></div>
+<a name="id2616092"></a>Prerequisite</h3></div></div></div>
 <p>GNU make is required to build the export libraries (other
   part of BIND 9 can still be built with other types of make). In
   the reminder of this document, "make" means GNU make. Note that
@@ -98,7 +98,7 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615129"></a>Compilation</h3></div></div></div>
+<a name="id2616102"></a>Compilation</h3></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
 $ <strong class="userinput"><code>make</code></strong>
@@ -113,7 +113,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615154"></a>Installation</h3></div></div></div>
+<a name="id2615239"></a>Installation</h3></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>cd lib/export</code></strong>
 $ <strong class="userinput"><code>make install</code></strong>
@@ -135,7 +135,7 @@ $ <strong class="userinput"><code>make install</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615253"></a>Known Defects/Restrictions</h3></div></div></div>
+<a name="id2615270"></a>Known Defects/Restrictions</h3></div></div></div>
 <div class="itemizedlist"><ul type="disc">
 <li><p>Currently, win32 is not supported for the export
       library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615330"></a>The dns.conf File</h3></div></div></div>
+<a name="id2615347"></a>The dns.conf File</h3></div></div></div>
 <p>The IRS library supports an "advanced" configuration file
   related to the DNS library for configuration parameters that
   would be beyond the capability of the
@@ -193,14 +193,14 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615356"></a>Sample Applications</h3></div></div></div>
+<a name="id2615373"></a>Sample Applications</h3></div></div></div>
 <p>Some sample application programs using this API are
   provided for reference. The following is a brief description of
   these applications.
   </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2615365"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id2615382"></a>sample: a simple stub resolver utility</h4></div></div></div>
 <p>
   It sends a query of a given name (of a given optional RR type) to a
   specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2615592"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id2615473"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
 <p>
   Similar to "sample", but accepts a list
   of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2615645"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id2615526"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
 <p>
   It sends a query to a specified server, and
   prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2615709"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id2615795"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
 <p>
   This is a test program
   to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2615724"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id2615810"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
 <p>
   It accepts a single update command as a
   command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2616948"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id2617238"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
 <p>
   It checks a set
   of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2617012"></a>Library References</h3></div></div></div>
+<a name="id2617370"></a>Library References</h3></div></div></div>
 <p>As of this writing, there is no formal "manual" of the
   libraries, except this document, header files (some of them
   provide pretty detailed explanations), and sample application
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index bcebe21cdf..42e43f4d96 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -114,39 +114,39 @@
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dnssec.dynamic.zones">DNSSEC, Dynamic Zones, and Automatic Signing</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613620">Converting from insecure to secure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563754">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563790">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563901">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563939">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563952">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573610">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573637">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573646">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573724">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573737">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573774">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573788">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613705">Converting from insecure to secure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563703">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563739">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563987">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564024">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573662">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573696">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573722">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573732">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573741">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573754">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613045">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613059">NSEC3 and OPTOUT</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573880">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573902">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613492">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613514">Authoritative Server</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668489">Prerequisites</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668499">Native PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613690">OpenSSL-based PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641006">PKCS#11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641043">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641329">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641377">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668643">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2668652">Native PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613844">OpenSSL-based PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641228">PKCS#11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641265">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641550">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641598">Running named with automatic zone re-signing</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613958">Configuring DLZ</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614032">Sample DLZ Driver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2641691">Configuring DLZ</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2614117">Sample DLZ Driver</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2571523">IPv6 Support in <acronym class="acronym">BIND</acronym> 9</a></span></dt>
 <dd><dl>
@@ -194,28 +194,28 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_definition_and_usage"><span><strong class="command">server</strong></span> Statement Definition and
             Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#statschannels"><span><strong class="command">statistics-channels</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592924"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593078"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
             Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593427"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593580"><span><strong class="command">trusted-keys</strong></span> Statement Definition
             and Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593480"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593634"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
             and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#view_statement_grammar"><span><strong class="command">view</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593847"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2594001"><span><strong class="command">view</strong></span> Statement Definition and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#zone_statement_grammar"><span><strong class="command">zone</strong></span>
             Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595795"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2596017"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
 </dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599639">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599724">Zone File</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602625">Discussion of MX Records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602642">Discussion of MX Records</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603240">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603367">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603640"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603325">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603589">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2603794"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -224,23 +224,23 @@
 <dt><span class="chapter"><a href="Bv9ARM.ch07.html">7. <acronym class="acronym">BIND</acronym> 9 Security Considerations</a></span></dt>
 <dd><dl>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2608797"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2608951"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608878">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608938">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609032">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2609092">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
 </dl></dd>
 <dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
 <dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609018">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609024">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609035">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609052">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609172">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2609177">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609189">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2609206">Where Can I Get Help?</a></span></dt>
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
 <dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2613106">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch09.html#id2613091">Release Notes for BIND Version 9.11.0pre-alpha</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_intro">Introduction</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch09.html#relnotes_download">Download</a></span></dt>
@@ -261,20 +261,20 @@
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch11.html#rfcs">Request for Comments (RFCs)</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch11.html#internet_drafts">Internet Drafts</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2612708">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch11.html#id2612793">Other Documents About <acronym class="acronym">BIND</acronym></a></span></dt>
 </dl></dd>
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch12.html">D. BIND 9 DNS Library Support</a></span></dt>
 <dd><dl>
 <dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615120">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615129">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615154">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615253">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615330">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615356">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2617012">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616092">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616102">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615239">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615270">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615347">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615373">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2617370">Library References</a></span></dt>
 </dl></dd>
 </dl></dd>
 <dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index 46b3579a02..ebbb0db5c6 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -50,20 +50,20 @@
 <div class="cmdsynopsis"><p><code class="command">arpaname</code>  {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625902"></a><h2>DESCRIPTION</h2>
+<a name="id2625442"></a><h2>DESCRIPTION</h2>
 <p>
       <span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
       IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625917"></a><h2>SEE ALSO</h2>
+<a name="id2625457"></a><h2>SEE ALSO</h2>
 <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625931"></a><h2>AUTHOR</h2>
+<a name="id2670868"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index 76faea1e67..a65c84e6e9 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">ddns-confgen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em>  |   -z <em class="replaceable"><code>zone</code></em> ]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2667884"></a><h2>DESCRIPTION</h2>
+<a name="id2667150"></a><h2>DESCRIPTION</h2>
 <p>
       <span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
       are invocation methods for a utility that generates keys for use
@@ -87,7 +87,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2667988"></a><h2>OPTIONS</h2>
+<a name="id2668141"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd><p>
@@ -159,7 +159,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670867"></a><h2>SEE ALSO</h2>
+<a name="id2670747"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -167,7 +167,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670905"></a><h2>AUTHOR</h2>
+<a name="id2670786"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html
index 42742c087d..d2c4dfa659 100644
--- a/doc/arm/man.delv.html
+++ b/doc/arm/man.delv.html
@@ -53,7 +53,7 @@
 <div class="cmdsynopsis"><p><code class="command">delv</code>  [queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2619481"></a><h2>DESCRIPTION</h2>
+<a name="id2620044"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">delv</strong></span>
       (Domain Entity Lookup &amp; Validation) is a tool for sending
       DNS queries and validating the results, using the same internal
@@ -96,7 +96,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2619554"></a><h2>SIMPLE USAGE</h2>
+<a name="id2620117"></a><h2>SIMPLE USAGE</h2>
 <p>
       A typical invocation of <span><strong class="command">delv</strong></span> looks like:
       </p>
@@ -151,7 +151,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2619890"></a><h2>OPTIONS</h2>
+<a name="id2620248"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
 <dd>
@@ -285,7 +285,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2675667"></a><h2>QUERY OPTIONS</h2>
+<a name="id2675752"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">delv</strong></span>
       provides a number of query options which affect the way results are
       displayed, and in some cases the way lookups are performed.
@@ -471,12 +471,12 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676129"></a><h2>FILES</h2>
+<a name="id2676282"></a><h2>FILES</h2>
 <p><code class="filename">/etc/bind.keys</code></p>
 <p><code class="filename">/etc/resolv.conf</code></p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676148"></a><h2>SEE ALSO</h2>
+<a name="id2676301"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <em class="citetitle">RFC4034</em>,
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 6bc9b6fbd9..784e925b69 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -52,7 +52,7 @@
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2617553"></a><h2>DESCRIPTION</h2>
+<a name="id2617706"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dig</strong></span>
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -99,7 +99,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2617655"></a><h2>SIMPLE USAGE</h2>
+<a name="id2617809"></a><h2>SIMPLE USAGE</h2>
 <p>
       A typical invocation of <span><strong class="command">dig</strong></span> looks like:
       </p>
@@ -152,7 +152,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2617781"></a><h2>OPTIONS</h2>
+<a name="id2618344"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-4</span></dt>
 <dd><p>
@@ -280,7 +280,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2668950"></a><h2>QUERY OPTIONS</h2>
+<a name="id2669035"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">dig</strong></span>
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -735,7 +735,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670443"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2670460"></a><h2>MULTIPLE QUERIES</h2>
 <p>
       The BIND 9 implementation of <span><strong class="command">dig </strong></span>
       supports
@@ -781,7 +781,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2674420"></a><h2>IDN SUPPORT</h2>
+<a name="id2670682"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -795,14 +795,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2674449"></a><h2>FILES</h2>
+<a name="id2670711"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 <p><code class="filename">${HOME}/.digrc</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2674470"></a><h2>SEE ALSO</h2>
+<a name="id2674624"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -810,7 +810,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2674507"></a><h2>BUGS</h2>
+<a name="id2674661"></a><h2>BUGS</h2>
 <p>
       There are probably too many query options.
     </p>
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 47f7ce9821..b302196291 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620640"></a><h2>DESCRIPTION</h2>
+<a name="id2621134"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-checkds</strong></span>
       verifies the correctness of Delegation Signer (DS) or DNSSEC
       Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620653"></a><h2>OPTIONS</h2>
+<a name="id2621148"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
 <dd><p>
@@ -88,14 +88,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620756"></a><h2>SEE ALSO</h2>
+<a name="id2621251"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620790"></a><h2>AUTHOR</h2>
+<a name="id2621285"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index 41e37fe828..813d57921a 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code>  [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620933"></a><h2>DESCRIPTION</h2>
+<a name="id2621496"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-coverage</strong></span>
       verifies that the DNSSEC keys for a given zone or a set of zones
       have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620960"></a><h2>OPTIONS</h2>
+<a name="id2621523"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
@@ -192,7 +192,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621337"></a><h2>SEE ALSO</h2>
+<a name="id2621969"></a><h2>SEE ALSO</h2>
 <p>
       <span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
@@ -201,7 +201,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621381"></a><h2>AUTHOR</h2>
+<a name="id2622012"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index 7af30c973f..8c37a0826e 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -52,14 +52,14 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622491"></a><h2>DESCRIPTION</h2>
+<a name="id2622918"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-dsfromkey</strong></span>
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622505"></a><h2>OPTIONS</h2>
+<a name="id2622932"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-1</span></dt>
 <dd><p>
@@ -150,7 +150,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622780"></a><h2>EXAMPLE</h2>
+<a name="id2623344"></a><h2>EXAMPLE</h2>
 <p>
       To build the SHA-256 DS RR from the
       <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -165,7 +165,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622817"></a><h2>FILES</h2>
+<a name="id2624404"></a><h2>FILES</h2>
 <p>
       The keyfile can be designed by the key identification
       <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -179,13 +179,13 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622858"></a><h2>CAVEAT</h2>
+<a name="id2624445"></a><h2>CAVEAT</h2>
 <p>
       A keyfile error can give a "file not found" even if the file exists.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622868"></a><h2>SEE ALSO</h2>
+<a name="id2624455"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -195,7 +195,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2624068"></a><h2>AUTHOR</h2>
+<a name="id2624494"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
index 2eb67db52c..b54d7adca5 100644
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code>  {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623047"></a><h2>DESCRIPTION</h2>
+<a name="id2623542"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-importkey</strong></span>
       reads a public DNSKEY record and generates a pair of
       .key/.private files.  The DNSKEY record may be read from an
@@ -71,7 +71,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623075"></a><h2>OPTIONS</h2>
+<a name="id2623570"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
 <dd>
@@ -114,7 +114,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623281"></a><h2>TIMING OPTIONS</h2>
+<a name="id2624049"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -142,7 +142,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623328"></a><h2>FILES</h2>
+<a name="id2624096"></a><h2>FILES</h2>
 <p>
       A keyfile can be designed by the key identification
       <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -151,7 +151,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623558"></a><h2>SEE ALSO</h2>
+<a name="id2624189"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -159,7 +159,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623591"></a><h2>AUTHOR</h2>
+<a name="id2624222"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index 0d11b3864a..fda3e684aa 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2624605"></a><h2>DESCRIPTION</h2>
+<a name="id2625032"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keyfromlabel</strong></span>
       generates a key pair of files that referencing a key object stored
       in a cryptographic hardware service module (HSM).  The private key
@@ -66,7 +66,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2624631"></a><h2>OPTIONS</h2>
+<a name="id2625194"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
@@ -243,7 +243,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676368"></a><h2>TIMING OPTIONS</h2>
+<a name="id2676453"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -315,7 +315,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676557"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2676574"></a><h2>GENERATED KEY FILES</h2>
 <p>
       When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
       successfully,
@@ -354,7 +354,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676720"></a><h2>SEE ALSO</h2>
+<a name="id2676805"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -363,7 +363,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676757"></a><h2>AUTHOR</h2>
+<a name="id2676842"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 22bc9a5886..c11569b6e9 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625656"></a><h2>DESCRIPTION</h2>
+<a name="id2626288"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625676"></a><h2>OPTIONS</h2>
+<a name="id2626308"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
@@ -287,7 +287,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677152"></a><h2>TIMING OPTIONS</h2>
+<a name="id2677237"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -361,7 +361,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677410"></a><h2>GENERATED KEYS</h2>
+<a name="id2677427"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -407,7 +407,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677586"></a><h2>EXAMPLE</h2>
+<a name="id2677534"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -428,7 +428,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677642"></a><h2>SEE ALSO</h2>
+<a name="id2677591"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2539</em>,
@@ -437,7 +437,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677673"></a><h2>AUTHOR</h2>
+<a name="id2677622"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index 542b426ecf..bd3631b14d 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2638670"></a><h2>DESCRIPTION</h2>
+<a name="id2628994"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-revoke</strong></span>
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2638684"></a><h2>OPTIONS</h2>
+<a name="id2629008"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -109,14 +109,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2638822"></a><h2>SEE ALSO</h2>
+<a name="id2629145"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 5011</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2638846"></a><h2>AUTHOR</h2>
+<a name="id2632720"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index dd499fbef9..a07350c5ab 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-settime</code>  [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2642173"></a><h2>DESCRIPTION</h2>
+<a name="id2638709"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-settime</strong></span>
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -76,7 +76,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2642232"></a><h2>OPTIONS</h2>
+<a name="id2638768"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-f</span></dt>
 <dd><p>
@@ -133,7 +133,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2643874"></a><h2>TIMING OPTIONS</h2>
+<a name="id2642252"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -212,7 +212,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2644695"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2645053"></a><h2>PRINTING OPTIONS</h2>
 <p>
       <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
       timing metadata associated with a key.
@@ -238,7 +238,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2644775"></a><h2>SEE ALSO</h2>
+<a name="id2645133"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -246,7 +246,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646105"></a><h2>AUTHOR</h2>
+<a name="id2645166"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index be436f89c3..26b68ec33d 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-M <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-Q</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646990"></a><h2>DESCRIPTION</h2>
+<a name="id2647554"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-signzone</strong></span>
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2647010"></a><h2>OPTIONS</h2>
+<a name="id2647573"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -512,7 +512,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2679138"></a><h2>EXAMPLE</h2>
+<a name="id2679018"></a><h2>EXAMPLE</h2>
 <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
       zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -542,14 +542,14 @@ db.example.com.signed
 %</pre>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2679285"></a><h2>SEE ALSO</h2>
+<a name="id2679097"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2679313"></a><h2>AUTHOR</h2>
+<a name="id2679125"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index c0ac6e2fa8..cfaed252d6 100644
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-verify</code>  [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2647219"></a><h2>DESCRIPTION</h2>
+<a name="id2647782"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-verify</strong></span>
       verifies that a zone is fully signed for each algorithm found
       in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2647233"></a><h2>OPTIONS</h2>
+<a name="id2647796"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
 <dd><p>
@@ -138,7 +138,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2647416"></a><h2>SEE ALSO</h2>
+<a name="id2648389"></a><h2>SEE ALSO</h2>
 <p>
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -146,7 +146,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2647442"></a><h2>AUTHOR</h2>
+<a name="id2648414"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.genrandom.html b/doc/arm/man.genrandom.html
index 5e304b7132..12e364016d 100644
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">genrandom</code>  [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671426"></a><h2>DESCRIPTION</h2>
+<a name="id2671716"></a><h2>DESCRIPTION</h2>
 <p>
       <span><strong class="command">genrandom</strong></span>
       generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671441"></a><h2>ARGUMENTS</h2>
+<a name="id2671731"></a><h2>ARGUMENTS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
 <dd><p>
@@ -77,14 +77,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671501"></a><h2>SEE ALSO</h2>
+<a name="id2671792"></a><h2>SEE ALSO</h2>
 <p>
       <span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
       <span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671528"></a><h2>AUTHOR</h2>
+<a name="id2671818"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index 428747da2d..c92206c3a2 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2618709"></a><h2>DESCRIPTION</h2>
+<a name="id2618931"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">host</strong></span>
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -214,7 +214,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620433"></a><h2>IDN SUPPORT</h2>
+<a name="id2619426"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -228,12 +228,12 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620461"></a><h2>FILES</h2>
+<a name="id2619454"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620475"></a><h2>SEE ALSO</h2>
+<a name="id2620970"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>
diff --git a/doc/arm/man.isc-hmac-fixup.html b/doc/arm/man.isc-hmac-fixup.html
index 10bc6e6840..55c3a10878 100644
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code>  {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2626119"></a><h2>DESCRIPTION</h2>
+<a name="id2626546"></a><h2>DESCRIPTION</h2>
 <p>
       Versions of BIND 9 up to and including BIND 9.6 had a bug causing
       HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2626147"></a><h2>SECURITY CONSIDERATIONS</h2>
+<a name="id2671971"></a><h2>SECURITY CONSIDERATIONS</h2>
 <p>
       Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
       are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671628"></a><h2>SEE ALSO</h2>
+<a name="id2671987"></a><h2>SEE ALSO</h2>
 <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2104</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671645"></a><h2>AUTHOR</h2>
+<a name="id2672004"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index ed94ccbe07..a4a369a49e 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2647553"></a><h2>DESCRIPTION</h2>
+<a name="id2648798"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       checks the syntax, but not the semantics, of a
       <span><strong class="command">named</strong></span> configuration file.  The file is parsed
@@ -70,7 +70,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2647691"></a><h2>OPTIONS</h2>
+<a name="id2648937"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -119,21 +119,21 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2648262"></a><h2>RETURN VALUES</h2>
+<a name="id2649098"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2648276"></a><h2>SEE ALSO</h2>
+<a name="id2649112"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2648306"></a><h2>AUTHOR</h2>
+<a name="id2649142"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index 8dd3852c94..e85eba0f0f 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2680242"></a><h2>DESCRIPTION</h2>
+<a name="id2681283"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -71,7 +71,7 @@
      </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2680292"></a><h2>OPTIONS</h2>
+<a name="id2681333"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -305,14 +305,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2681267"></a><h2>RETURN VALUES</h2>
+<a name="id2682308"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2681281"></a><h2>SEE ALSO</h2>
+<a name="id2682322"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
@@ -320,7 +320,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2681382"></a><h2>AUTHOR</h2>
+<a name="id2682423"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index 75b30edce1..a97b31e73b 100644
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-journalprint</code>  {<em class="replaceable"><code>journal</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623682"></a><h2>DESCRIPTION</h2>
+<a name="id2658378"></a><h2>DESCRIPTION</h2>
 <p>
       <span><strong class="command">named-journalprint</strong></span>
       prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2656837"></a><h2>SEE ALSO</h2>
+<a name="id2658424"></a><h2>SEE ALSO</h2>
 <p>
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@@ -84,7 +84,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2656868"></a><h2>AUTHOR</h2>
+<a name="id2658455"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html
index ad253010fc..754e8242e0 100644
--- a/doc/arm/man.named-rrchecker.html
+++ b/doc/arm/man.named-rrchecker.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-rrchecker</code>  [<code class="option">-h</code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-u</code>] [<code class="option">-C</code>] [<code class="option">-T</code>] [<code class="option">-P</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623753"></a><h2>DESCRIPTION</h2>
+<a name="id2658518"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-rrchecker</strong></span>
      read a individual DNS resource record from standard input and checks if it
      is syntactically correct.
@@ -78,7 +78,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2657124"></a><h2>SEE ALSO</h2>
+<a name="id2658574"></a><h2>SEE ALSO</h2>
 <p>
       <em class="citetitle">RFC 1034</em>,
       <em class="citetitle">RFC 1035</em>,
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 24f1dd1a7f..8b149e7ce2 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named</code>  [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-D <em class="replaceable"><code>string</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-L <em class="replaceable"><code>logfile</code></em></code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>lock-file</code></em></code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2651160"></a><h2>DESCRIPTION</h2>
+<a name="id2657458"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named</strong></span>
       is a Domain Name System (DNS) server,
       part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2651191"></a><h2>OPTIONS</h2>
+<a name="id2657489"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-4</span></dt>
 <dd><p>
@@ -299,7 +299,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2683838"></a><h2>SIGNALS</h2>
+<a name="id2684060"></a><h2>SIGNALS</h2>
 <p>
       In routine operation, signals should not be used to control
       the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -320,7 +320,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2683889"></a><h2>CONFIGURATION</h2>
+<a name="id2684110"></a><h2>CONFIGURATION</h2>
 <p>
       The <span><strong class="command">named</strong></span> configuration file is too complex
       to describe in detail here.  A complete description is provided
@@ -337,7 +337,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2683938"></a><h2>FILES</h2>
+<a name="id2684160"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
 <dd><p>
@@ -350,7 +350,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2683981"></a><h2>SEE ALSO</h2>
+<a name="id2684203"></a><h2>SEE ALSO</h2>
 <p><em class="citetitle">RFC 1033</em>,
       <em class="citetitle">RFC 1034</em>,
       <em class="citetitle">RFC 1035</em>,
@@ -363,7 +363,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2684052"></a><h2>AUTHOR</h2>
+<a name="id2684274"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html
index 9bbf5c9e02..29a3c18c6c 100644
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -48,7 +48,7 @@
 <div class="cmdsynopsis"><p><code class="command">nsec3hash</code>  {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671690"></a><h2>DESCRIPTION</h2>
+<a name="id2672049"></a><h2>DESCRIPTION</h2>
 <p>
       <span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
       a set of NSEC3 parameters.  This can be used to check the validity
@@ -56,7 +56,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671705"></a><h2>ARGUMENTS</h2>
+<a name="id2672064"></a><h2>ARGUMENTS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">salt</span></dt>
 <dd><p>
@@ -80,14 +80,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671767"></a><h2>SEE ALSO</h2>
+<a name="id2672125"></a><h2>SEE ALSO</h2>
 <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 5155</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671784"></a><h2>AUTHOR</h2>
+<a name="id2672142"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 55adce0a95..002b80a5e5 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-l</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2657370"></a><h2>DESCRIPTION</h2>
+<a name="id2658821"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
       to a name server.
@@ -108,7 +108,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2657459"></a><h2>OPTIONS</h2>
+<a name="id2659114"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -242,7 +242,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2687461"></a><h2>INPUT FORMAT</h2>
+<a name="id2684474"></a><h2>INPUT FORMAT</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       reads input from
       <em class="parameter"><code>filename</code></em>
@@ -555,7 +555,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2688602"></a><h2>EXAMPLES</h2>
+<a name="id2685684"></a><h2>EXAMPLES</h2>
 <p>
       The examples below show how
       <span><strong class="command">nsupdate</strong></span>
@@ -609,7 +609,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2688652"></a><h2>FILES</h2>
+<a name="id2685734"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
 <dd><p>
@@ -632,7 +632,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2688739"></a><h2>SEE ALSO</h2>
+<a name="id2685889"></a><h2>SEE ALSO</h2>
 <p>
       <em class="citetitle">RFC 2136</em>,
       <em class="citetitle">RFC 3007</em>,
@@ -647,7 +647,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2688865"></a><h2>BUGS</h2>
+<a name="id2685946"></a><h2>BUGS</h2>
 <p>
       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index f260fce1d6..baca78008b 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2666430"></a><h2>DESCRIPTION</h2>
+<a name="id2666311"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">rndc-confgen</strong></span>
       generates configuration files
       for <span><strong class="command">rndc</strong></span>.  It can be used as a
@@ -66,7 +66,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2666633"></a><h2>OPTIONS</h2>
+<a name="id2666377"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd>
@@ -180,7 +180,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671201"></a><h2>EXAMPLES</h2>
+<a name="id2666849"></a><h2>EXAMPLES</h2>
 <p>
       To allow <span><strong class="command">rndc</strong></span> to be used with
       no manual configuration, run
@@ -197,7 +197,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671257"></a><h2>SEE ALSO</h2>
+<a name="id2671342"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -205,7 +205,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671296"></a><h2>AUTHOR</h2>
+<a name="id2671381"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 72c01c67f3..b6e7d72166 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2664733"></a><h2>DESCRIPTION</h2>
+<a name="id2623790"></a><h2>DESCRIPTION</h2>
 <p><code class="filename">rndc.conf</code> is the configuration file
       for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2664905"></a><h2>EXAMPLE</h2>
+<a name="id2664581"></a><h2>EXAMPLE</h2>
 <pre class="programlisting">
       options {
         default-server  localhost;
@@ -210,7 +210,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2665163"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2665112"></a><h2>NAME SERVER CONFIGURATION</h2>
 <p>
       The name server must be configured to accept rndc connections and
       to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -220,7 +220,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2665189"></a><h2>SEE ALSO</h2>
+<a name="id2665138"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@@ -228,7 +228,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2665227"></a><h2>AUTHOR</h2>
+<a name="id2665176"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 36c884e70a..e53e90249d 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r</code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2662807"></a><h2>DESCRIPTION</h2>
+<a name="id2659889"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">rndc</strong></span>
       controls the operation of a name
       server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -81,7 +81,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2662925"></a><h2>OPTIONS</h2>
+<a name="id2659939"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
 <dd><p>
@@ -158,7 +158,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2664407"></a><h2>COMMANDS</h2>
+<a name="id2664834"></a><h2>COMMANDS</h2>
 <p>
       A list of commands supported by <span><strong class="command">rndc</strong></span> can
       be seen by running <span><strong class="command">rndc</strong></span> without arguments.
@@ -744,7 +744,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2692484"></a><h2>LIMITATIONS</h2>
+<a name="id2689429"></a><h2>LIMITATIONS</h2>
 <p>
       There is currently no way to provide the shared secret for a
       <code class="option">key_id</code> without using the configuration file.
@@ -754,7 +754,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2692502"></a><h2>SEE ALSO</h2>
+<a name="id2689447"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
       <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -764,7 +764,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2692557"></a><h2>AUTHOR</h2>
+<a name="id2689502"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
index b18b4a6aca..e54e1b7ae4 100644
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -75,12 +75,12 @@
 	  This flaw was discovered by Breno Silveira Soares, and is
 	  disclosed in CVE-2015-4620. [RT #39795]
 	</para>
-      </listitem> 
+      </listitem>
       <listitem>
 	<para>
 	  On servers configured to perform DNSSEC validation using
 	  managed trust anchors (i.e., keys configured explicitly
-	  via <command>managed-keys</command>, or implicitly 
+	  via <command>managed-keys</command>, or implicitly
 	  via <command>dnssec-validation auto;</command> or
 	  <command>dnssec-lookaside auto;</command>), revoking
 	  a trust anchor and sending a new untrusted replacement
@@ -379,7 +379,7 @@
       <listitem>
 	<para>
 	  <command>rndc modzone</command> can be used to reconfigure
-	  a zone, using similar syntax to <command>rndc addzone</command>. 
+	  a zone, using similar syntax to <command>rndc addzone</command>.
 	</para>
       </listitem>
       <listitem>
@@ -440,7 +440,7 @@
       <listitem>
 	<para>
 	  The <command>nxdomain-redirect</command> option specifies
-	  a DNS namespace to use for NXDOMAIN redirection. When a 
+	  a DNS namespace to use for NXDOMAIN redirection. When a
 	  recursive lookup returns NXDOMAIN, a second lookup is
 	  initiated with the specified name appended to the query
 	  name. This allows NXDOMAIN redirection data to be supplied
@@ -450,6 +450,11 @@
 	  better average performance but is less flexible.) [RT #37989]
 	</para>
       </listitem>
+      <listitem>
+	<para>
+	  The following types have been implemented: NINFO, RKEY, TA.
+	</para>
+      </listitem>
     </itemizedlist>
   </sect2>
   <sect2 id="relnotes_changes">
diff --git a/doc/misc/options b/doc/misc/options
index 26e409e975..b661ecf023 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -101,14 +101,14 @@ options {
         clients-per-query <integer>;
         cookie-algorithm ( aes | sha1 | sha256 );
         cookie-secret <string>;
-        coresize <size>;
-        datasize <size>;
+        coresize ( unlimited | default | <sizeval> );
+        datasize ( unlimited | default | <sizeval> );
         deallocate-on-exit <boolean>; // obsolete
         deny-answer-addresses { <address_match_element>; ... } [
             except-from { <quoted_string>; ... } ];
         deny-answer-aliases { <quoted_string>; ... } [ except-from {
             <quoted_string>; ... } ];
-        dialup <dialuptype>;
+        dialup ( notify | notify-passive | refresh | passive | <boolean> );
         directory <quoted_string>;
         disable-algorithms <string> { <string>; ... };
         disable-ds-digests <string> { <string>; ... };
@@ -147,10 +147,10 @@ options {
         fetch-quota-params <integer> <fixedpoint> <fixedpoint> <fixedpoint>;
         fetches-per-server <integer> [ ( drop | fail ) ];
         fetches-per-zone <integer> [ ( drop | fail ) ];
-        files <size>;
+        files ( unlimited | default | <sizeval> );
         filter-aaaa { <address_match_element>; ... }; // not configured
-        filter-aaaa-on-v4 <filter_aaaa>; // not configured
-        filter-aaaa-on-v6 <filter_aaaa>; // not configured
+        filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
+        filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
         flush-zones-on-shutdown <boolean>;
         forward ( first | only );
         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
@@ -164,7 +164,7 @@ options {
         hostname ( <quoted_string> | none );
         inline-signing <boolean>;
         interface-interval <integer>;
-        ixfr-from-differences <ixfrdiff>;
+        ixfr-from-differences ( master | slave | <boolean> );
         keep-response-order { <address_match_element>; ... };
         key-directory <quoted_string>;
         lame-ttl <ttlval>;
@@ -182,7 +182,7 @@ options {
         max-cache-size <size_no_default>;
         max-cache-ttl <integer>;
         max-clients-per-query <integer>;
-        max-ixfr-log-size <size>; // obsolete
+        max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
         max-ncache-ttl <integer>;
         max-recursion-depth <integer>;
@@ -195,7 +195,7 @@ options {
         max-transfer-time-in <integer>;
         max-transfer-time-out <integer>;
         max-udp-size <integer>;
-        max-zone-ttl <maxttl_no_default>;
+        max-zone-ttl ( unlimited | <ttlval> );
         memstatistics <boolean>;
         memstatistics-file <quoted_string>;
         min-refresh-time <integer>;
@@ -208,7 +208,7 @@ options {
         no-case-compress { <address_match_element>; ... };
         nocookie-udp-size <integer>;
         nosit-udp-size <integer>; // obsolete
-        notify <notifytype>;
+        notify ( explicit | master-only | <boolean> );
         notify-delay <integer>;
         notify-rate <integer>;
         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
@@ -285,7 +285,7 @@ options {
         sig-validity-interval <integer> [ <integer> ];
         sit-secret <string>; // obsolete
         sortlist { <address_match_element>; ... };
-        stacksize <size>;
+        stacksize ( unlimited | default | <sizeval> );
         startup-notify-rate <integer>;
         statistics-file <quoted_string>;
         statistics-interval <integer>; // not yet implemented
@@ -317,7 +317,7 @@ options {
         version ( <quoted_string> | none );
         zero-no-soa-ttl <boolean>;
         zero-no-soa-ttl-cache <boolean>;
-        zone-statistics <zonestat>;
+        zone-statistics ( full | terse | none | <boolean> );
 };
 
 server <netprefix> {
@@ -399,7 +399,7 @@ view <string> <optional_class> {
             except-from { <quoted_string>; ... } ];
         deny-answer-aliases { <quoted_string>; ... } [ except-from {
             <quoted_string>; ... } ];
-        dialup <dialuptype>;
+        dialup ( notify | notify-passive | refresh | passive | <boolean> );
         disable-algorithms <string> { <string>; ... };
         disable-ds-digests <string> { <string>; ... };
         disable-empty-zone <string>;
@@ -439,13 +439,13 @@ view <string> <optional_class> {
         fetches-per-server <integer> [ ( drop | fail ) ];
         fetches-per-zone <integer> [ ( drop | fail ) ];
         filter-aaaa { <address_match_element>; ... }; // not configured
-        filter-aaaa-on-v4 <filter_aaaa>; // not configured
-        filter-aaaa-on-v6 <filter_aaaa>; // not configured
+        filter-aaaa-on-v4 ( break-dnssec | <boolean> ); // not configured
+        filter-aaaa-on-v6 ( break-dnssec | <boolean> ); // not configured
         forward ( first | only );
         forwarders [ port <integer> ] [ dscp <integer> ] { ( <ipv4_address>
             | <ipv6_address> ) [ port <integer> ] [ dscp <integer> ]; ... };
         inline-signing <boolean>;
-        ixfr-from-differences <ixfrdiff>;
+        ixfr-from-differences ( master | slave | <boolean> );
         key <string> {
                 algorithm <string>;
                 secret <string>;
@@ -464,7 +464,7 @@ view <string> <optional_class> {
         max-cache-size <size_no_default>;
         max-cache-ttl <integer>;
         max-clients-per-query <integer>;
-        max-ixfr-log-size <size>; // obsolete
+        max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
         max-ncache-ttl <integer>;
         max-recursion-depth <integer>;
@@ -476,7 +476,7 @@ view <string> <optional_class> {
         max-transfer-time-in <integer>;
         max-transfer-time-out <integer>;
         max-udp-size <integer>;
-        max-zone-ttl <maxttl_no_default>;
+        max-zone-ttl ( unlimited | <ttlval> );
         min-refresh-time <integer>;
         min-retry-time <integer>;
         min-roots <integer>; // not implemented
@@ -485,7 +485,7 @@ view <string> <optional_class> {
         no-case-compress { <address_match_element>; ... };
         nocookie-udp-size <integer>;
         nosit-udp-size <integer>; // obsolete
-        notify <notifytype>;
+        notify ( explicit | master-only | <boolean> );
         notify-delay <integer>;
         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
             dscp <integer> ];
@@ -616,7 +616,8 @@ view <string> <optional_class> {
                 check-wildcard <boolean>;
                 database <string>;
                 delegation-only <boolean>;
-                dialup <dialuptype>;
+                dialup ( notify | notify-passive | refresh | passive |
+                    <boolean> );
                 dlz <string>;
                 dnssec-dnskey-kskonly <boolean>;
                 dnssec-loadkeys-interval <integer>;
@@ -640,7 +641,8 @@ view <string> <optional_class> {
                 masters [ port <integer> ] [ dscp <integer> ] { ( <masters>
                     | <ipv4_address> [ port <integer> ] | <ipv6_address> [
                     port <integer> ] ) [ key <string> ]; ... };
-                max-ixfr-log-size <size>; // obsolete
+                max-ixfr-log-size ( unlimited | default |
+                    <sizeval> ); // obsolete
                 max-journal-size <size_no_default>;
                 max-refresh-time <integer>;
                 max-retry-time <integer>;
@@ -648,11 +650,11 @@ view <string> <optional_class> {
                 max-transfer-idle-out <integer>;
                 max-transfer-time-in <integer>;
                 max-transfer-time-out <integer>;
-                max-zone-ttl <maxttl_no_default>;
+                max-zone-ttl ( unlimited | <ttlval> );
                 min-refresh-time <integer>;
                 min-retry-time <integer>;
                 multi-master <boolean>;
-                notify <notifytype>;
+                notify ( explicit | master-only | <boolean> );
                 notify-delay <integer>;
                 notify-source ( <ipv4_address> | * ) [ port ( <integer> | *
                     ) ] [ dscp <integer> ];
@@ -687,9 +689,9 @@ view <string> <optional_class> {
                     ] <rrtypelist>; ... };
                 use-alt-transfer-source <boolean>;
                 zero-no-soa-ttl <boolean>;
-                zone-statistics <zonestat>;
+                zone-statistics ( full | terse | none | <boolean> );
         };
-        zone-statistics <zonestat>;
+        zone-statistics ( full | terse | none | <boolean> );
 };
 
 zone <string> <optional_class> {
@@ -718,7 +720,7 @@ zone <string> <optional_class> {
         check-wildcard <boolean>;
         database <string>;
         delegation-only <boolean>;
-        dialup <dialuptype>;
+        dialup ( notify | notify-passive | refresh | passive | <boolean> );
         dlz <string>;
         dnssec-dnskey-kskonly <boolean>;
         dnssec-loadkeys-interval <integer>;
@@ -741,7 +743,7 @@ zone <string> <optional_class> {
         masters [ port <integer> ] [ dscp <integer> ] { ( <masters> |
             <ipv4_address> [ port <integer> ] | <ipv6_address> [ port
             <integer> ] ) [ key <string> ]; ... };
-        max-ixfr-log-size <size>; // obsolete
+        max-ixfr-log-size ( unlimited | default | <sizeval> ); // obsolete
         max-journal-size <size_no_default>;
         max-refresh-time <integer>;
         max-retry-time <integer>;
@@ -749,11 +751,11 @@ zone <string> <optional_class> {
         max-transfer-idle-out <integer>;
         max-transfer-time-in <integer>;
         max-transfer-time-out <integer>;
-        max-zone-ttl <maxttl_no_default>;
+        max-zone-ttl ( unlimited | <ttlval> );
         min-refresh-time <integer>;
         min-retry-time <integer>;
         multi-master <boolean>;
-        notify <notifytype>;
+        notify ( explicit | master-only | <boolean> );
         notify-delay <integer>;
         notify-source ( <ipv4_address> | * ) [ port ( <integer> | * ) ] [
             dscp <integer> ];
@@ -786,6 +788,6 @@ zone <string> <optional_class> {
             | zonesub | external ) [ <string> ] <rrtypelist>; ... };
         use-alt-transfer-source <boolean>;
         zero-no-soa-ttl <boolean>;
-        zone-statistics <zonestat>;
+        zone-statistics ( full | terse | none | <boolean> );
 };
 
diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
index 25a0518a24..e4bdf5307d 100644
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@@ -219,6 +219,66 @@ static isc_result_t
 unknown_totext(dns_rdata_t *rdata, dns_rdata_textctx_t *tctx,
 	       isc_buffer_t *target);
 
+static inline isc_result_t
+generic_fromtext_key(ARGS_FROMTEXT);
+
+static inline isc_result_t
+generic_totext_key(ARGS_TOTEXT);
+
+static inline isc_result_t
+generic_fromwire_key(ARGS_FROMWIRE);
+
+static inline isc_result_t
+generic_fromstruct_key(ARGS_FROMSTRUCT);
+
+static inline isc_result_t
+generic_tostruct_key(ARGS_TOSTRUCT);
+
+static inline void
+generic_freestruct_key(ARGS_FREESTRUCT);
+
+static isc_result_t
+generic_fromtext_txt(ARGS_FROMTEXT);
+
+static isc_result_t
+generic_totext_txt(ARGS_TOTEXT);
+
+static isc_result_t
+generic_fromwire_txt(ARGS_FROMWIRE);
+
+static isc_result_t
+generic_fromstruct_txt(ARGS_FROMSTRUCT);
+
+static isc_result_t
+generic_tostruct_txt(ARGS_TOSTRUCT);
+
+static void
+generic_freestruct_txt(ARGS_FREESTRUCT);
+
+static isc_result_t
+generic_txt_first(dns_rdata_txt_t *txt);
+
+static isc_result_t
+generic_txt_next(dns_rdata_txt_t *txt);
+
+static isc_result_t
+generic_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string);
+
+static isc_result_t
+generic_totext_ds(ARGS_TOTEXT);
+
+static isc_result_t
+generic_tostruct_ds(ARGS_TOSTRUCT);
+
+static isc_result_t
+generic_fromtext_ds(ARGS_FROMTEXT);
+
+static isc_result_t
+generic_fromwire_ds(ARGS_FROMWIRE);
+
+static isc_result_t
+generic_fromstruct_ds(ARGS_FROMSTRUCT);
+
 /*% INT16 Size */
 #define NS_INT16SZ	2
 /*% IPv6 Address Size */
diff --git a/lib/dns/rdata/generic/cdnskey_60.c b/lib/dns/rdata/generic/cdnskey_60.c
index 3fa22de366..9b4305d5db 100644
--- a/lib/dns/rdata/generic/cdnskey_60.c
+++ b/lib/dns/rdata/generic/cdnskey_60.c
@@ -25,188 +25,29 @@
 
 static inline isc_result_t
 fromtext_cdnskey(ARGS_FROMTEXT) {
-	isc_result_t result;
-	isc_token_t token;
-	dns_secalg_t alg;
-	dns_secproto_t proto;
-	dns_keyflags_t flags;
 
 	REQUIRE(type == dns_rdatatype_cdnskey);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(origin);
-	UNUSED(options);
-	UNUSED(callbacks);
-
-	/* flags */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
-	RETERR(uint16_tobuffer(flags, target));
-
-	/* protocol */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_secproto_fromtext(&proto, &token.value.as_textregion));
-	RETERR(mem_tobuffer(target, &proto, 1));
-
-	/* algorithm */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_secalg_fromtext(&alg, &token.value.as_textregion));
-	RETERR(mem_tobuffer(target, &alg, 1));
-
-	/* No Key? */
-	if ((flags & 0xc000) == 0xc000)
-		return (ISC_R_SUCCESS);
-
-	result = isc_base64_tobuffer(lexer, target, -1);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	/* Ensure there's at least enough data to compute a key ID for MD5 */
-	if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
-		return (ISC_R_UNEXPECTEDEND);
-
-	return (ISC_R_SUCCESS);
+	return (generic_fromtext_key(rdclass, type, lexer, origin,
+				     options, target, callbacks));
 }
 
 static inline isc_result_t
 totext_cdnskey(ARGS_TOTEXT) {
-	isc_region_t sr;
-	char buf[sizeof("[key id = 64000]")];
-	unsigned int flags;
-	unsigned char algorithm;
-	char algbuf[DNS_NAME_FORMATSIZE];
-	const char *keyinfo;
-	isc_region_t tmpr;
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_cdnskey);
-	REQUIRE(rdata->length != 0);
 
-	dns_rdata_toregion(rdata, &sr);
-
-	/* flags */
-	flags = uint16_fromregion(&sr);
-	isc_region_consume(&sr, 2);
-	sprintf(buf, "%u", flags);
-	RETERR(str_totext(buf, target));
-	RETERR(str_totext(" ", target));
-	if ((flags & DNS_KEYFLAG_KSK) != 0) {
-		if (flags & DNS_KEYFLAG_REVOKE)
-			keyinfo = "revoked KSK";
-		else
-			keyinfo = "KSK";
-	} else
-		keyinfo = "ZSK";
-
-	/* protocol */
-	sprintf(buf, "%u", sr.base[0]);
-	isc_region_consume(&sr, 1);
-	RETERR(str_totext(buf, target));
-	RETERR(str_totext(" ", target));
-
-	/* algorithm */
-	algorithm = sr.base[0];
-	sprintf(buf, "%u", algorithm);
-	isc_region_consume(&sr, 1);
-	RETERR(str_totext(buf, target));
-
-	/* No Key? */
-	if ((flags & 0xc000) == 0xc000)
-		return (ISC_R_SUCCESS);
-
-	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0 &&
-	     algorithm == DNS_KEYALG_PRIVATEDNS) {
-		dns_name_t name;
-		dns_name_init(&name, NULL);
-		dns_name_fromregion(&name, &sr);
-		dns_name_format(&name, algbuf, sizeof(algbuf));
-	} else {
-		dns_secalg_format((dns_secalg_t) algorithm, algbuf,
-				  sizeof(algbuf));
-	}
-
-	/* key */
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" (", target));
-	RETERR(str_totext(tctx->linebreak, target));
-
-	if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) {
-		if (tctx->width == 0)   /* No splitting */
-			RETERR(isc_base64_totext(&sr, 0, "", target));
-		else
-			RETERR(isc_base64_totext(&sr, tctx->width - 2,
-						 tctx->linebreak, target));
-	} else {
-		dns_rdata_toregion(rdata, &tmpr);
-		snprintf(buf, sizeof(buf), "[key id = %u]",
-			 dst_region_computeid(&tmpr, algorithm));
-		RETERR(str_totext(buf, target));
-	}
-
-	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0)
-		RETERR(str_totext(tctx->linebreak, target));
-	else if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" ", target));
-
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(")", target));
-
-	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) {
-
-		RETERR(str_totext(" ; ", target));
-		RETERR(str_totext(keyinfo, target));
-		RETERR(str_totext("; alg = ", target));
-		RETERR(str_totext(algbuf, target));
-		RETERR(str_totext("; key id = ", target));
-		dns_rdata_toregion(rdata, &tmpr);
-		sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
-		RETERR(str_totext(buf, target));
-	}
-	return (ISC_R_SUCCESS);
+	return (generic_totext_key(rdata, tctx, target));
 }
 
 static inline isc_result_t
 fromwire_cdnskey(ARGS_FROMWIRE) {
-	unsigned char algorithm;
-	isc_region_t sr;
 
 	REQUIRE(type == dns_rdatatype_cdnskey);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(dctx);
-	UNUSED(options);
-
-	isc_buffer_activeregion(source, &sr);
-	if (sr.length < 4)
-		return (ISC_R_UNEXPECTEDEND);
-
-	algorithm = sr.base[3];
-	RETERR(mem_tobuffer(target, sr.base, 4));
-	isc_region_consume(&sr, 4);
-	isc_buffer_forward(source, 4);
-
-	if (algorithm == DNS_KEYALG_PRIVATEDNS) {
-		dns_name_t name;
-		dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
-		dns_name_init(&name, NULL);
-		RETERR(dns_name_fromwire(&name, source, dctx, options, target));
-	}
-
-	/*
-	 * RSAMD5 computes key ID differently from other
-	 * algorithms: we need to ensure there's enough data
-	 * present for the computation
-	 */
-	if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
-		return (ISC_R_UNEXPECTEDEND);
-
-	isc_buffer_activeregion(source, &sr);
-	isc_buffer_forward(source, sr.length);
-	return (mem_tobuffer(target, sr.base, sr.length));
+	return (generic_fromwire_key(rdclass, type, source, dctx,
+				     options, target));
 }
 
 static inline isc_result_t
@@ -227,6 +68,8 @@ compare_cdnskey(ARGS_COMPARE) {
 	isc_region_t r1;
 	isc_region_t r2;
 
+	REQUIRE(rdata1 != NULL);
+	REQUIRE(rdata2 != NULL);
 	REQUIRE(rdata1->type == rdata2->type);
 	REQUIRE(rdata1->rdclass == rdata2->rdclass);
 	REQUIRE(rdata1->type == dns_rdatatype_cdnskey);
@@ -240,85 +83,35 @@ compare_cdnskey(ARGS_COMPARE) {
 
 static inline isc_result_t
 fromstruct_cdnskey(ARGS_FROMSTRUCT) {
-	dns_rdata_cdnskey_t *dnskey = source;
 
 	REQUIRE(type == dns_rdatatype_cdnskey);
-	REQUIRE(source != NULL);
-	REQUIRE(dnskey->common.rdtype == type);
-	REQUIRE(dnskey->common.rdclass == rdclass);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-
-	/* Flags */
-	RETERR(uint16_tobuffer(dnskey->flags, target));
-
-	/* Protocol */
-	RETERR(uint8_tobuffer(dnskey->protocol, target));
-
-	/* Algorithm */
-	RETERR(uint8_tobuffer(dnskey->algorithm, target));
-
-	/* Data */
-	return (mem_tobuffer(target, dnskey->data, dnskey->datalen));
+	return (generic_fromstruct_key(rdclass, type, source, target));
 }
 
 static inline isc_result_t
 tostruct_cdnskey(ARGS_TOSTRUCT) {
 	dns_rdata_cdnskey_t *dnskey = target;
-	isc_region_t sr;
 
+	REQUIRE(dnskey != NULL);
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_cdnskey);
-	REQUIRE(target != NULL);
-	REQUIRE(rdata->length != 0);
 
 	dnskey->common.rdclass = rdata->rdclass;
 	dnskey->common.rdtype = rdata->type;
 	ISC_LINK_INIT(&dnskey->common, link);
 
-	dns_rdata_toregion(rdata, &sr);
-
-	/* Flags */
-	if (sr.length < 2)
-		return (ISC_R_UNEXPECTEDEND);
-	dnskey->flags = uint16_fromregion(&sr);
-	isc_region_consume(&sr, 2);
-
-	/* Protocol */
-	if (sr.length < 1)
-		return (ISC_R_UNEXPECTEDEND);
-	dnskey->protocol = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-
-	/* Algorithm */
-	if (sr.length < 1)
-		return (ISC_R_UNEXPECTEDEND);
-	dnskey->algorithm = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-
-	/* Data */
-	dnskey->datalen = sr.length;
-	dnskey->data = mem_maybedup(mctx, sr.base, dnskey->datalen);
-	if (dnskey->data == NULL)
-		return (ISC_R_NOMEMORY);
-
-	dnskey->mctx = mctx;
-	return (ISC_R_SUCCESS);
+	return (generic_tostruct_key(rdata, target, mctx));
 }
 
 static inline void
 freestruct_cdnskey(ARGS_FREESTRUCT) {
 	dns_rdata_cdnskey_t *dnskey = (dns_rdata_cdnskey_t *) source;
 
-	REQUIRE(source != NULL);
+	REQUIRE(dnskey != NULL);
 	REQUIRE(dnskey->common.rdtype == dns_rdatatype_cdnskey);
 
-	if (dnskey->mctx == NULL)
-		return;
-
-	if (dnskey->data != NULL)
-		isc_mem_free(dnskey->mctx, dnskey->data);
-	dnskey->mctx = NULL;
+	generic_freestruct_key(source);
 }
 
 static inline isc_result_t
@@ -336,6 +129,7 @@ static inline isc_result_t
 digest_cdnskey(ARGS_DIGEST) {
 	isc_region_t r;
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_cdnskey);
 
 	dns_rdata_toregion(rdata, &r);
@@ -359,6 +153,7 @@ checkowner_cdnskey(ARGS_CHECKOWNER) {
 static inline isc_boolean_t
 checknames_cdnskey(ARGS_CHECKNAMES) {
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_cdnskey);
 
 	UNUSED(rdata);
diff --git a/lib/dns/rdata/generic/cdnskey_60.h b/lib/dns/rdata/generic/cdnskey_60.h
index d284177c11..e2876f6cbe 100644
--- a/lib/dns/rdata/generic/cdnskey_60.h
+++ b/lib/dns/rdata/generic/cdnskey_60.h
@@ -18,15 +18,6 @@
 #define GENERIC_CDNSKEY_60_H 1
 
 /* CDNSKEY records have the same RDATA fields as DNSKEY records. */
-typedef struct dns_rdata_cdnskey {
-	dns_rdatacommon_t	common;
-	isc_mem_t *		mctx;
-	isc_uint16_t		flags;
-	isc_uint8_t		protocol;
-	isc_uint8_t		algorithm;
-	isc_uint16_t		datalen;
-	unsigned char *		data;
-} dns_rdata_cdnskey_t;
-
+typedef struct dns_rdata_key dns_rdata_cdnskey_t;
 
 #endif /* GENERIC_CDNSKEY_60_H */
diff --git a/lib/dns/rdata/generic/cds_59.c b/lib/dns/rdata/generic/cds_59.c
index 6b67dd70f5..2d64e3106d 100644
--- a/lib/dns/rdata/generic/cds_59.c
+++ b/lib/dns/rdata/generic/cds_59.c
@@ -30,171 +30,28 @@
 
 static inline isc_result_t
 fromtext_cds(ARGS_FROMTEXT) {
-	isc_token_t token;
-	unsigned char c;
-	int length;
 
 	REQUIRE(type == dns_rdatatype_cds);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(origin);
-	UNUSED(options);
-	UNUSED(callbacks);
-
-	/*
-	 * Key tag.
-	 */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
-				      ISC_FALSE));
-	if (token.value.as_ulong > 0xffffU)
-		RETTOK(ISC_R_RANGE);
-	RETERR(uint16_tobuffer(token.value.as_ulong, target));
-
-	/*
-	 * Algorithm.
-	 */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_secalg_fromtext(&c, &token.value.as_textregion));
-	RETERR(mem_tobuffer(target, &c, 1));
-
-	/*
-	 * Digest type.
-	 */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_dsdigest_fromtext(&c, &token.value.as_textregion));
-	RETERR(mem_tobuffer(target, &c, 1));
-
-	/*
-	 * Digest.
-	 */
-	switch (c) {
-	case DNS_DSDIGEST_SHA1:
-		length = ISC_SHA1_DIGESTLENGTH;
-		break;
-	case DNS_DSDIGEST_SHA256:
-		length = ISC_SHA256_DIGESTLENGTH;
-		break;
-#ifdef ISC_GOST_DIGESTLENGTH
-	case DNS_DSDIGEST_GOST:
-		length = ISC_GOST_DIGESTLENGTH;
-		break;
-#endif
-	case DNS_DSDIGEST_SHA384:
-		length = ISC_SHA384_DIGESTLENGTH;
-		break;
-	default:
-		length = -1;
-		break;
-	}
-	return (isc_hex_tobuffer(lexer, target, length));
+	return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+				    target, callbacks));
 }
 
 static inline isc_result_t
 totext_cds(ARGS_TOTEXT) {
-	isc_region_t sr;
-	char buf[sizeof("64000 ")];
-	unsigned int n;
 
 	REQUIRE(rdata->type == dns_rdatatype_cds);
-	REQUIRE(rdata->length != 0);
 
-	UNUSED(tctx);
-
-	dns_rdata_toregion(rdata, &sr);
-
-	/*
-	 * Key tag.
-	 */
-	n = uint16_fromregion(&sr);
-	isc_region_consume(&sr, 2);
-	sprintf(buf, "%u ", n);
-	RETERR(str_totext(buf, target));
-
-	/*
-	 * Algorithm.
-	 */
-	n = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-	sprintf(buf, "%u ", n);
-	RETERR(str_totext(buf, target));
-
-	/*
-	 * Digest type.
-	 */
-	n = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-	sprintf(buf, "%u", n);
-	RETERR(str_totext(buf, target));
-
-	/*
-	 * Digest.
-	 */
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" (", target));
-	RETERR(str_totext(tctx->linebreak, target));
-	if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) {
-		if (tctx->width == 0) /* No splitting */
-			RETERR(isc_hex_totext(&sr, 0, "", target));
-		else
-			RETERR(isc_hex_totext(&sr, tctx->width - 2,
-					      tctx->linebreak, target));
-	} else
-		RETERR(str_totext("[omitted]", target));
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" )", target));
-	return (ISC_R_SUCCESS);
+	return (generic_totext_ds(rdata, tctx, target));
 }
 
 static inline isc_result_t
 fromwire_cds(ARGS_FROMWIRE) {
-	isc_region_t sr;
 
 	REQUIRE(type == dns_rdatatype_cds);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(dctx);
-	UNUSED(options);
-
-	isc_buffer_activeregion(source, &sr);
-
-	/*
-	 * Check digest lengths if we know them.
-	 */
-	if (sr.length < 4 ||
-	    (sr.base[3] == DNS_DSDIGEST_SHA1 &&
-	     sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
-	    (sr.base[3] == DNS_DSDIGEST_SHA256 &&
-	     sr.length < 4 + ISC_SHA256_DIGESTLENGTH) ||
-#ifdef ISC_GOST_DIGESTLENGTH
-	    (sr.base[3] == DNS_DSDIGEST_GOST &&
-	     sr.length < 4 + ISC_GOST_DIGESTLENGTH) ||
-#endif
-	    (sr.base[3] == DNS_DSDIGEST_SHA384 &&
-	     sr.length < 4 + ISC_SHA384_DIGESTLENGTH))
-		return (ISC_R_UNEXPECTEDEND);
-
-	/*
-	 * Only copy digest lengths if we know them.
-	 * If there is extra data dns_rdata_fromwire() will
-	 * detect that.
-	 */
-	if (sr.base[3] == DNS_DSDIGEST_SHA1)
-		sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
-	else if (sr.base[3] == DNS_DSDIGEST_SHA256)
-		sr.length = 4 + ISC_SHA256_DIGESTLENGTH;
-#ifdef ISC_GOST_DIGESTLENGTH
-	else if (sr.base[3] == DNS_DSDIGEST_GOST)
-		sr.length = 4 + ISC_GOST_DIGESTLENGTH;
-#endif
-	else if (sr.base[3] == DNS_DSDIGEST_SHA384)
-		sr.length = 4 + ISC_SHA384_DIGESTLENGTH;
-
-	isc_buffer_forward(source, sr.length);
-	return (mem_tobuffer(target, sr.base, sr.length));
+	return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+				    target));
 }
 
 static inline isc_result_t
@@ -228,68 +85,28 @@ compare_cds(ARGS_COMPARE) {
 
 static inline isc_result_t
 fromstruct_cds(ARGS_FROMSTRUCT) {
-	dns_rdata_cds_t *ds = source;
 
 	REQUIRE(type == dns_rdatatype_cds);
-	REQUIRE(source != NULL);
-	REQUIRE(ds->common.rdtype == type);
-	REQUIRE(ds->common.rdclass == rdclass);
-	switch (ds->digest_type) {
-	case DNS_DSDIGEST_SHA1:
-		REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH);
-		break;
-	case DNS_DSDIGEST_SHA256:
-		REQUIRE(ds->length == ISC_SHA256_DIGESTLENGTH);
-		break;
-#ifdef ISC_GOST_DIGESTLENGTH
-	case DNS_DSDIGEST_GOST:
-		REQUIRE(ds->length == ISC_GOST_DIGESTLENGTH);
-		break;
-#endif
-	case DNS_DSDIGEST_SHA384:
-		REQUIRE(ds->length == ISC_SHA384_DIGESTLENGTH);
-		break;
-	}
 
-	UNUSED(type);
-	UNUSED(rdclass);
-
-	RETERR(uint16_tobuffer(ds->key_tag, target));
-	RETERR(uint8_tobuffer(ds->algorithm, target));
-	RETERR(uint8_tobuffer(ds->digest_type, target));
-
-	return (mem_tobuffer(target, ds->digest, ds->length));
+	return (generic_fromstruct_ds(rdclass, type, source, target));
 }
 
 static inline isc_result_t
 tostruct_cds(ARGS_TOSTRUCT) {
-	dns_rdata_cds_t *ds = target;
-	isc_region_t region;
+	dns_rdata_cds_t *cds = target;
 
 	REQUIRE(rdata->type == dns_rdatatype_cds);
 	REQUIRE(target != NULL);
 	REQUIRE(rdata->length != 0);
 
-	ds->common.rdclass = rdata->rdclass;
-	ds->common.rdtype = rdata->type;
-	ISC_LINK_INIT(&ds->common, link);
+	/*
+	 * Checked by generic_tostruct_ds().
+	 */
+	cds->common.rdclass = rdata->rdclass;
+	cds->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&cds->common, link);
 
-	dns_rdata_toregion(rdata, &region);
-
-	ds->key_tag = uint16_fromregion(&region);
-	isc_region_consume(&region, 2);
-	ds->algorithm = uint8_fromregion(&region);
-	isc_region_consume(&region, 1);
-	ds->digest_type = uint8_fromregion(&region);
-	isc_region_consume(&region, 1);
-	ds->length = region.length;
-
-	ds->digest = mem_maybedup(mctx, region.base, region.length);
-	if (ds->digest == NULL)
-		return (ISC_R_NOMEMORY);
-
-	ds->mctx = mctx;
-	return (ISC_R_SUCCESS);
+	return (generic_tostruct_ds(rdata, target, mctx));
 }
 
 static inline void
diff --git a/lib/dns/rdata/generic/cds_59.h b/lib/dns/rdata/generic/cds_59.h
index 099cba3946..b5375e2cd2 100644
--- a/lib/dns/rdata/generic/cds_59.h
+++ b/lib/dns/rdata/generic/cds_59.h
@@ -18,14 +18,6 @@
 #define GENERIC_CDS_59_H 1
 
 /* CDS records have the same RDATA fields as DS records. */
-typedef struct dns_rdata_cds {
-	dns_rdatacommon_t	common;
-	isc_mem_t		*mctx;
-	isc_uint16_t		key_tag;
-	isc_uint8_t		algorithm;
-	isc_uint8_t		digest_type;
-	isc_uint16_t		length;
-	unsigned char		*digest;
-} dns_rdata_cds_t;
+typedef struct dns_rdata_ds dns_rdata_cds_t;
 
 #endif /* GENERIC_CDS_59_H */
diff --git a/lib/dns/rdata/generic/dlv_32769.c b/lib/dns/rdata/generic/dlv_32769.c
index 2b6f656052..33ae205b7a 100644
--- a/lib/dns/rdata/generic/dlv_32769.c
+++ b/lib/dns/rdata/generic/dlv_32769.c
@@ -32,174 +32,28 @@
 
 static inline isc_result_t
 fromtext_dlv(ARGS_FROMTEXT) {
-	isc_token_t token;
-	unsigned char c;
-	int length;
 
 	REQUIRE(type == dns_rdatatype_dlv);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(origin);
-	UNUSED(options);
-	UNUSED(callbacks);
-
-	/*
-	 * Key tag.
-	 */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
-				      ISC_FALSE));
-	if (token.value.as_ulong > 0xffffU)
-		RETTOK(ISC_R_RANGE);
-	RETERR(uint16_tobuffer(token.value.as_ulong, target));
-
-	/*
-	 * Algorithm.
-	 */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
-				      ISC_FALSE));
-	if (token.value.as_ulong > 0xffU)
-		RETTOK(ISC_R_RANGE);
-	RETERR(uint8_tobuffer(token.value.as_ulong, target));
-
-	/*
-	 * Digest type.
-	 */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
-				      ISC_FALSE));
-	if (token.value.as_ulong > 0xffU)
-		RETTOK(ISC_R_RANGE);
-	RETERR(uint8_tobuffer(token.value.as_ulong, target));
-	c = (unsigned char) token.value.as_ulong;
-
-	/*
-	 * Digest.
-	 */
-	switch (c) {
-	case DNS_DSDIGEST_SHA1:
-		length = ISC_SHA1_DIGESTLENGTH;
-		break;
-	case DNS_DSDIGEST_SHA256:
-		length = ISC_SHA256_DIGESTLENGTH;
-		break;
-#ifdef ISC_GOST_DIGESTLENGTH
-	case DNS_DSDIGEST_GOST:
-		length = ISC_GOST_DIGESTLENGTH;
-		break;
-#endif
-	case DNS_DSDIGEST_SHA384:
-		length = ISC_SHA384_DIGESTLENGTH;
-		break;
-	default:
-		length = -1;
-		break;
-	}
-	return (isc_hex_tobuffer(lexer, target, length));
+	return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+				    target, callbacks));
 }
 
 static inline isc_result_t
 totext_dlv(ARGS_TOTEXT) {
-	isc_region_t sr;
-	char buf[sizeof("64000 ")];
-	unsigned int n;
 
 	REQUIRE(rdata->type == dns_rdatatype_dlv);
-	REQUIRE(rdata->length != 0);
 
-	UNUSED(tctx);
-
-	dns_rdata_toregion(rdata, &sr);
-
-	/*
-	 * Key tag.
-	 */
-	n = uint16_fromregion(&sr);
-	isc_region_consume(&sr, 2);
-	sprintf(buf, "%u ", n);
-	RETERR(str_totext(buf, target));
-
-	/*
-	 * Algorithm.
-	 */
-	n = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-	sprintf(buf, "%u ", n);
-	RETERR(str_totext(buf, target));
-
-	/*
-	 * Digest type.
-	 */
-	n = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-	sprintf(buf, "%u", n);
-	RETERR(str_totext(buf, target));
-
-	/*
-	 * Digest.
-	 */
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" (", target));
-	RETERR(str_totext(tctx->linebreak, target));
-	if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) {
-		if (tctx->width == 0) /* No splitting */
-			RETERR(isc_hex_totext(&sr, 0, "", target));
-		else
-			RETERR(isc_hex_totext(&sr, tctx->width - 2,
-					      tctx->linebreak, target));
-	} else
-		RETERR(str_totext("[omitted]", target));
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" )", target));
-	return (ISC_R_SUCCESS);
+	return (generic_totext_ds(rdata, tctx, target));
 }
 
 static inline isc_result_t
 fromwire_dlv(ARGS_FROMWIRE) {
-	isc_region_t sr;
 
 	REQUIRE(type == dns_rdatatype_dlv);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(dctx);
-	UNUSED(options);
-
-	isc_buffer_activeregion(source, &sr);
-
-	/*
-	 * Check digest lengths if we know them.
-	 */
-	if (sr.length < 4 ||
-	    (sr.base[3] == DNS_DSDIGEST_SHA1 &&
-	     sr.length < 4 + ISC_SHA1_DIGESTLENGTH) ||
-	    (sr.base[3] == DNS_DSDIGEST_SHA256 &&
-	     sr.length < 4 + ISC_SHA256_DIGESTLENGTH) ||
-#ifdef ISC_GOST_DIGESTLENGTH
-	    (sr.base[3] == DNS_DSDIGEST_GOST &&
-	     sr.length < 4 + ISC_GOST_DIGESTLENGTH) ||
-#endif
-	    (sr.base[3] == DNS_DSDIGEST_SHA384 &&
-	     sr.length < 4 + ISC_SHA384_DIGESTLENGTH))
-		return (ISC_R_UNEXPECTEDEND);
-
-	/*
-	 * Only copy digest lengths if we know them.
-	 * If there is extra data dns_rdata_fromwire() will
-	 * detect that.
-	 */
-	if (sr.base[3] == DNS_DSDIGEST_SHA1)
-		sr.length = 4 + ISC_SHA1_DIGESTLENGTH;
-	else if (sr.base[3] == DNS_DSDIGEST_SHA256)
-		sr.length = 4 + ISC_SHA256_DIGESTLENGTH;
-#ifdef ISC_GOST_DIGESTLENGTH
-	else if (sr.base[3] == DNS_DSDIGEST_GOST)
-		sr.length = 4 + ISC_GOST_DIGESTLENGTH;
-#endif
-	else if (sr.base[3] == DNS_DSDIGEST_SHA384)
-		sr.length = 4 + ISC_SHA384_DIGESTLENGTH;
-
-	isc_buffer_forward(source, sr.length);
-	return (mem_tobuffer(target, sr.base, sr.length));
+	return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+				    target));
 }
 
 static inline isc_result_t
@@ -233,68 +87,23 @@ compare_dlv(ARGS_COMPARE) {
 
 static inline isc_result_t
 fromstruct_dlv(ARGS_FROMSTRUCT) {
-	dns_rdata_dlv_t *dlv = source;
 
 	REQUIRE(type == dns_rdatatype_dlv);
-	REQUIRE(source != NULL);
-	REQUIRE(dlv->common.rdtype == type);
-	REQUIRE(dlv->common.rdclass == rdclass);
-	switch (dlv->digest_type) {
-	case DNS_DSDIGEST_SHA1:
-		REQUIRE(dlv->length == ISC_SHA1_DIGESTLENGTH);
-		break;
-	case DNS_DSDIGEST_SHA256:
-		REQUIRE(dlv->length == ISC_SHA256_DIGESTLENGTH);
-		break;
-#ifdef ISC_GOST_DIGESTLENGTH
-	case DNS_DSDIGEST_GOST:
-		REQUIRE(dlv->length == ISC_GOST_DIGESTLENGTH);
-		break;
-#endif
-	case DNS_DSDIGEST_SHA384:
-		REQUIRE(dlv->length == ISC_SHA384_DIGESTLENGTH);
-		break;
-	}
 
-	UNUSED(type);
-	UNUSED(rdclass);
-
-	RETERR(uint16_tobuffer(dlv->key_tag, target));
-	RETERR(uint8_tobuffer(dlv->algorithm, target));
-	RETERR(uint8_tobuffer(dlv->digest_type, target));
-
-	return (mem_tobuffer(target, dlv->digest, dlv->length));
+	return (generic_fromstruct_ds(rdclass, type, source, target));
 }
 
 static inline isc_result_t
 tostruct_dlv(ARGS_TOSTRUCT) {
 	dns_rdata_dlv_t *dlv = target;
-	isc_region_t region;
 
 	REQUIRE(rdata->type == dns_rdatatype_dlv);
-	REQUIRE(target != NULL);
-	REQUIRE(rdata->length != 0);
 
 	dlv->common.rdclass = rdata->rdclass;
 	dlv->common.rdtype = rdata->type;
 	ISC_LINK_INIT(&dlv->common, link);
 
-	dns_rdata_toregion(rdata, &region);
-
-	dlv->key_tag = uint16_fromregion(&region);
-	isc_region_consume(&region, 2);
-	dlv->algorithm = uint8_fromregion(&region);
-	isc_region_consume(&region, 1);
-	dlv->digest_type = uint8_fromregion(&region);
-	isc_region_consume(&region, 1);
-	dlv->length = region.length;
-
-	dlv->digest = mem_maybedup(mctx, region.base, region.length);
-	if (dlv->digest == NULL)
-		return (ISC_R_NOMEMORY);
-
-	dlv->mctx = mctx;
-	return (ISC_R_SUCCESS);
+	return (generic_tostruct_ds(rdata, target, mctx));
 }
 
 static inline void
diff --git a/lib/dns/rdata/generic/dlv_32769.h b/lib/dns/rdata/generic/dlv_32769.h
index 2313c57582..b849fae2f2 100644
--- a/lib/dns/rdata/generic/dlv_32769.h
+++ b/lib/dns/rdata/generic/dlv_32769.h
@@ -20,14 +20,6 @@
 #ifndef GENERIC_DLV_32769_H
 #define GENERIC_DLV_32769_H 1
 
-typedef struct dns_rdata_dlv {
-	dns_rdatacommon_t	common;
-	isc_mem_t		*mctx;
-	isc_uint16_t		key_tag;
-	isc_uint8_t		algorithm;
-	isc_uint8_t		digest_type;
-	isc_uint16_t		length;
-	unsigned char		*digest;
-} dns_rdata_dlv_t;
+typedef struct dns_rdata_ds dns_rdata_dlv_t;
 
 #endif /* GENERIC_DLV_32769_H */
diff --git a/lib/dns/rdata/generic/dnskey_48.c b/lib/dns/rdata/generic/dnskey_48.c
index fa87b964f3..41afd57fe1 100644
--- a/lib/dns/rdata/generic/dnskey_48.c
+++ b/lib/dns/rdata/generic/dnskey_48.c
@@ -32,194 +32,36 @@
 
 static inline isc_result_t
 fromtext_dnskey(ARGS_FROMTEXT) {
-	isc_result_t result;
-	isc_token_t token;
-	dns_secalg_t alg;
-	dns_secproto_t proto;
-	dns_keyflags_t flags;
 
 	REQUIRE(type == dns_rdatatype_dnskey);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(origin);
-	UNUSED(options);
-	UNUSED(callbacks);
-
-	/* flags */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
-	RETERR(uint16_tobuffer(flags, target));
-
-	/* protocol */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_secproto_fromtext(&proto, &token.value.as_textregion));
-	RETERR(mem_tobuffer(target, &proto, 1));
-
-	/* algorithm */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
-				      ISC_FALSE));
-	RETTOK(dns_secalg_fromtext(&alg, &token.value.as_textregion));
-	RETERR(mem_tobuffer(target, &alg, 1));
-
-	/* No Key? */
-	if ((flags & 0xc000) == 0xc000)
-		return (ISC_R_SUCCESS);
-
-	result = isc_base64_tobuffer(lexer, target, -1);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	/* Ensure there's at least enough data to compute a key ID for MD5 */
-	if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
-		return (ISC_R_UNEXPECTEDEND);
-
-	return (ISC_R_SUCCESS);
+	return (generic_fromtext_key(rdclass, type, lexer, origin,
+				     options, target, callbacks));
 }
 
 static inline isc_result_t
 totext_dnskey(ARGS_TOTEXT) {
-	isc_region_t sr;
-	char buf[sizeof("[key id = 64000]")];
-	unsigned int flags;
-	unsigned char algorithm;
-	char algbuf[DNS_NAME_FORMATSIZE];
-	const char *keyinfo;
-	isc_region_t tmpr;
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_dnskey);
-	REQUIRE(rdata->length != 0);
 
-	dns_rdata_toregion(rdata, &sr);
-
-	/* flags */
-	flags = uint16_fromregion(&sr);
-	isc_region_consume(&sr, 2);
-	sprintf(buf, "%u", flags);
-	RETERR(str_totext(buf, target));
-	RETERR(str_totext(" ", target));
-	if ((flags & DNS_KEYFLAG_KSK) != 0) {
-		if (flags & DNS_KEYFLAG_REVOKE)
-			keyinfo = "revoked KSK";
-		else
-			keyinfo = "KSK";
-	} else
-		keyinfo = "ZSK";
-
-	/* protocol */
-	sprintf(buf, "%u", sr.base[0]);
-	isc_region_consume(&sr, 1);
-	RETERR(str_totext(buf, target));
-	RETERR(str_totext(" ", target));
-
-	/* algorithm */
-	algorithm = sr.base[0];
-	sprintf(buf, "%u", algorithm);
-	isc_region_consume(&sr, 1);
-	RETERR(str_totext(buf, target));
-
-	/* No Key? */
-	if ((flags & 0xc000) == 0xc000)
-		return (ISC_R_SUCCESS);
-
-	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0 &&
-	     algorithm == DNS_KEYALG_PRIVATEDNS) {
-		dns_name_t name;
-		dns_name_init(&name, NULL);
-		dns_name_fromregion(&name, &sr);
-		dns_name_format(&name, algbuf, sizeof(algbuf));
-	} else {
-		dns_secalg_format((dns_secalg_t) algorithm, algbuf,
-				  sizeof(algbuf));
-	}
-
-	/* key */
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" (", target));
-	RETERR(str_totext(tctx->linebreak, target));
-
-	if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) {
-		if (tctx->width == 0)   /* No splitting */
-			RETERR(isc_base64_totext(&sr, 0, "", target));
-		else
-			RETERR(isc_base64_totext(&sr, tctx->width - 2,
-						 tctx->linebreak, target));
-	} else {
-		dns_rdata_toregion(rdata, &tmpr);
-		snprintf(buf, sizeof(buf), "[key id = %u]",
-			 dst_region_computeid(&tmpr, algorithm));
-		RETERR(str_totext(buf, target));
-	}
-
-	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0)
-		RETERR(str_totext(tctx->linebreak, target));
-	else if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(" ", target));
-
-	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
-		RETERR(str_totext(")", target));
-
-	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) {
-
-		RETERR(str_totext(" ; ", target));
-		RETERR(str_totext(keyinfo, target));
-		RETERR(str_totext("; alg = ", target));
-		RETERR(str_totext(algbuf, target));
-		RETERR(str_totext("; key id = ", target));
-		dns_rdata_toregion(rdata, &tmpr);
-		sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
-		RETERR(str_totext(buf, target));
-	}
-	return (ISC_R_SUCCESS);
+	return (generic_totext_key(rdata, tctx, target));
 }
 
 static inline isc_result_t
 fromwire_dnskey(ARGS_FROMWIRE) {
-	unsigned char algorithm;
-	isc_region_t sr;
 
 	REQUIRE(type == dns_rdatatype_dnskey);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-	UNUSED(dctx);
-	UNUSED(options);
-
-	isc_buffer_activeregion(source, &sr);
-	if (sr.length < 4)
-		return (ISC_R_UNEXPECTEDEND);
-
-	algorithm = sr.base[3];
-	RETERR(mem_tobuffer(target, sr.base, 4));
-	isc_region_consume(&sr, 4);
-	isc_buffer_forward(source, 4);
-
-	if (algorithm == DNS_KEYALG_PRIVATEDNS) {
-		dns_name_t name;
-		dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
-		dns_name_init(&name, NULL);
-		RETERR(dns_name_fromwire(&name, source, dctx, options, target));
-	}
-
-	/*
-	 * RSAMD5 computes key ID differently from other
-	 * algorithms: we need to ensure there's enough data
-	 * present for the computation
-	 */
-	if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
-		return (ISC_R_UNEXPECTEDEND);
-
-	isc_buffer_activeregion(source, &sr);
-	isc_buffer_forward(source, sr.length);
-	return (mem_tobuffer(target, sr.base, sr.length));
+	return (generic_fromwire_key(rdclass, type, source, dctx,
+				     options, target));
 }
 
 static inline isc_result_t
 towire_dnskey(ARGS_TOWIRE) {
 	isc_region_t sr;
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_dnskey);
 	REQUIRE(rdata->length != 0);
 
@@ -234,6 +76,8 @@ compare_dnskey(ARGS_COMPARE) {
 	isc_region_t r1;
 	isc_region_t r2;
 
+	REQUIRE(rdata1 != NULL);
+	REQUIRE(rdata2 != NULL);
 	REQUIRE(rdata1->type == rdata2->type);
 	REQUIRE(rdata1->rdclass == rdata2->rdclass);
 	REQUIRE(rdata1->type == dns_rdatatype_dnskey);
@@ -247,89 +91,40 @@ compare_dnskey(ARGS_COMPARE) {
 
 static inline isc_result_t
 fromstruct_dnskey(ARGS_FROMSTRUCT) {
-	dns_rdata_dnskey_t *dnskey = source;
 
 	REQUIRE(type == dns_rdatatype_dnskey);
-	REQUIRE(source != NULL);
-	REQUIRE(dnskey->common.rdtype == type);
-	REQUIRE(dnskey->common.rdclass == rdclass);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-
-	/* Flags */
-	RETERR(uint16_tobuffer(dnskey->flags, target));
-
-	/* Protocol */
-	RETERR(uint8_tobuffer(dnskey->protocol, target));
-
-	/* Algorithm */
-	RETERR(uint8_tobuffer(dnskey->algorithm, target));
-
-	/* Data */
-	return (mem_tobuffer(target, dnskey->data, dnskey->datalen));
+	return (generic_fromstruct_key(rdclass, type, source, target));
 }
 
 static inline isc_result_t
 tostruct_dnskey(ARGS_TOSTRUCT) {
 	dns_rdata_dnskey_t *dnskey = target;
-	isc_region_t sr;
 
+	REQUIRE(dnskey != NULL);
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_dnskey);
-	REQUIRE(target != NULL);
-	REQUIRE(rdata->length != 0);
 
 	dnskey->common.rdclass = rdata->rdclass;
 	dnskey->common.rdtype = rdata->type;
 	ISC_LINK_INIT(&dnskey->common, link);
 
-	dns_rdata_toregion(rdata, &sr);
-
-	/* Flags */
-	if (sr.length < 2)
-		return (ISC_R_UNEXPECTEDEND);
-	dnskey->flags = uint16_fromregion(&sr);
-	isc_region_consume(&sr, 2);
-
-	/* Protocol */
-	if (sr.length < 1)
-		return (ISC_R_UNEXPECTEDEND);
-	dnskey->protocol = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-
-	/* Algorithm */
-	if (sr.length < 1)
-		return (ISC_R_UNEXPECTEDEND);
-	dnskey->algorithm = uint8_fromregion(&sr);
-	isc_region_consume(&sr, 1);
-
-	/* Data */
-	dnskey->datalen = sr.length;
-	dnskey->data = mem_maybedup(mctx, sr.base, dnskey->datalen);
-	if (dnskey->data == NULL)
-		return (ISC_R_NOMEMORY);
-
-	dnskey->mctx = mctx;
-	return (ISC_R_SUCCESS);
+	return (generic_tostruct_key(rdata, target, mctx));
 }
 
 static inline void
 freestruct_dnskey(ARGS_FREESTRUCT) {
 	dns_rdata_dnskey_t *dnskey = (dns_rdata_dnskey_t *) source;
 
-	REQUIRE(source != NULL);
+	REQUIRE(dnskey != NULL);
 	REQUIRE(dnskey->common.rdtype == dns_rdatatype_dnskey);
 
-	if (dnskey->mctx == NULL)
-		return;
-
-	if (dnskey->data != NULL)
-		isc_mem_free(dnskey->mctx, dnskey->data);
-	dnskey->mctx = NULL;
+	generic_freestruct_key(source);
 }
 
 static inline isc_result_t
 additionaldata_dnskey(ARGS_ADDLDATA) {
+
 	REQUIRE(rdata->type == dns_rdatatype_dnskey);
 
 	UNUSED(rdata);
@@ -343,6 +138,7 @@ static inline isc_result_t
 digest_dnskey(ARGS_DIGEST) {
 	isc_region_t r;
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_dnskey);
 
 	dns_rdata_toregion(rdata, &r);
@@ -366,6 +162,7 @@ checkowner_dnskey(ARGS_CHECKOWNER) {
 static inline isc_boolean_t
 checknames_dnskey(ARGS_CHECKNAMES) {
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_dnskey);
 
 	UNUSED(rdata);
diff --git a/lib/dns/rdata/generic/dnskey_48.h b/lib/dns/rdata/generic/dnskey_48.h
index ce88cd1bf3..2c07ecff82 100644
--- a/lib/dns/rdata/generic/dnskey_48.h
+++ b/lib/dns/rdata/generic/dnskey_48.h
@@ -18,20 +18,10 @@
 #ifndef GENERIC_DNSKEY_48_H
 #define GENERIC_DNSKEY_48_H 1
 
-/* $Id: dnskey_48.h,v 1.7 2007/06/19 23:47:17 tbox Exp $ */
-
 /*!
- *  \brief per RFC2535 */
-
-typedef struct dns_rdata_dnskey {
-        dns_rdatacommon_t	common;
-        isc_mem_t *		mctx;
-        isc_uint16_t		flags;
-        isc_uint8_t		protocol;
-        isc_uint8_t		algorithm;
-        isc_uint16_t		datalen;
-        unsigned char *		data;
-} dns_rdata_dnskey_t;
+ *  \brief per RFC2535
+ */
 
+typedef struct dns_rdata_key dns_rdata_dnskey_t;
 
 #endif /* GENERIC_DNSKEY_48_H */
diff --git a/lib/dns/rdata/generic/ds_43.c b/lib/dns/rdata/generic/ds_43.c
index 89cfb553fb..ad6947dc2f 100644
--- a/lib/dns/rdata/generic/ds_43.c
+++ b/lib/dns/rdata/generic/ds_43.c
@@ -33,13 +33,11 @@
 #include "dst_gost.h"
 
 static inline isc_result_t
-fromtext_ds(ARGS_FROMTEXT) {
+generic_fromtext_ds(ARGS_FROMTEXT) {
 	isc_token_t token;
 	unsigned char c;
 	int length;
 
-	REQUIRE(type == dns_rdatatype_ds);
-
 	UNUSED(type);
 	UNUSED(rdclass);
 	UNUSED(origin);
@@ -97,12 +95,20 @@ fromtext_ds(ARGS_FROMTEXT) {
 }
 
 static inline isc_result_t
-totext_ds(ARGS_TOTEXT) {
+fromtext_ds(ARGS_FROMTEXT) {
+
+	REQUIRE(type == dns_rdatatype_ds);
+
+	return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+				    target, callbacks));
+}
+
+static inline isc_result_t
+generic_totext_ds(ARGS_TOTEXT) {
 	isc_region_t sr;
 	char buf[sizeof("64000 ")];
 	unsigned int n;
 
-	REQUIRE(rdata->type == dns_rdatatype_ds);
 	REQUIRE(rdata->length != 0);
 
 	UNUSED(tctx);
@@ -153,10 +159,16 @@ totext_ds(ARGS_TOTEXT) {
 }
 
 static inline isc_result_t
-fromwire_ds(ARGS_FROMWIRE) {
-	isc_region_t sr;
+totext_ds(ARGS_TOTEXT) {
 
-	REQUIRE(type == dns_rdatatype_ds);
+	REQUIRE(rdata->type == dns_rdatatype_ds);
+
+	return (generic_totext_ds(rdata, tctx, target));
+}
+
+static inline isc_result_t
+generic_fromwire_ds(ARGS_FROMWIRE) {
+	isc_region_t sr;
 
 	UNUSED(type);
 	UNUSED(rdclass);
@@ -201,6 +213,15 @@ fromwire_ds(ARGS_FROMWIRE) {
 	return (mem_tobuffer(target, sr.base, sr.length));
 }
 
+static inline isc_result_t
+fromwire_ds(ARGS_FROMWIRE) {
+
+	REQUIRE(type == dns_rdatatype_ds);
+
+	return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+				    target));
+}
+
 static inline isc_result_t
 towire_ds(ARGS_TOWIRE) {
 	isc_region_t sr;
@@ -231,13 +252,16 @@ compare_ds(ARGS_COMPARE) {
 }
 
 static inline isc_result_t
-fromstruct_ds(ARGS_FROMSTRUCT) {
+generic_fromstruct_ds(ARGS_FROMSTRUCT) {
 	dns_rdata_ds_t *ds = source;
 
-	REQUIRE(type == dns_rdatatype_ds);
 	REQUIRE(source != NULL);
 	REQUIRE(ds->common.rdtype == type);
 	REQUIRE(ds->common.rdclass == rdclass);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+
 	switch (ds->digest_type) {
 	case DNS_DSDIGEST_SHA1:
 		REQUIRE(ds->length == ISC_SHA1_DIGESTLENGTH);
@@ -255,9 +279,6 @@ fromstruct_ds(ARGS_FROMSTRUCT) {
 		break;
 	}
 
-	UNUSED(type);
-	UNUSED(rdclass);
-
 	RETERR(uint16_tobuffer(ds->key_tag, target));
 	RETERR(uint8_tobuffer(ds->algorithm, target));
 	RETERR(uint8_tobuffer(ds->digest_type, target));
@@ -266,17 +287,23 @@ fromstruct_ds(ARGS_FROMSTRUCT) {
 }
 
 static inline isc_result_t
-tostruct_ds(ARGS_TOSTRUCT) {
+fromstruct_ds(ARGS_FROMSTRUCT) {
+
+	REQUIRE(type == dns_rdatatype_ds);
+
+	return (generic_fromstruct_ds(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+generic_tostruct_ds(ARGS_TOSTRUCT) {
 	dns_rdata_ds_t *ds = target;
 	isc_region_t region;
 
-	REQUIRE(rdata->type == dns_rdatatype_ds);
 	REQUIRE(target != NULL);
 	REQUIRE(rdata->length != 0);
-
-	ds->common.rdclass = rdata->rdclass;
-	ds->common.rdtype = rdata->type;
-	ISC_LINK_INIT(&ds->common, link);
+	REQUIRE(ds->common.rdtype == rdata->type);
+	REQUIRE(ds->common.rdclass == rdata->rdclass);
+	REQUIRE(!ISC_LINK_LINKED(&ds->common, link));
 
 	dns_rdata_toregion(rdata, &region);
 
@@ -296,6 +323,20 @@ tostruct_ds(ARGS_TOSTRUCT) {
 	return (ISC_R_SUCCESS);
 }
 
+static inline isc_result_t
+tostruct_ds(ARGS_TOSTRUCT) {
+	dns_rdata_ds_t *ds = target;
+
+	REQUIRE(rdata->type == dns_rdatatype_ds);
+	REQUIRE(target != NULL);
+
+	ds->common.rdclass = rdata->rdclass;
+	ds->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&ds->common, link);
+
+	return (generic_tostruct_ds(rdata, target, mctx));
+}
+
 static inline void
 freestruct_ds(ARGS_FREESTRUCT) {
 	dns_rdata_ds_t *ds = source;
diff --git a/lib/dns/rdata/generic/key_25.c b/lib/dns/rdata/generic/key_25.c
index c2ddd57fc1..93d2d6fe70 100644
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@@ -31,15 +31,13 @@
 #define RRTYPE_KEY_ATTRIBUTES (0)
 
 static inline isc_result_t
-fromtext_key(ARGS_FROMTEXT) {
+generic_fromtext_key(ARGS_FROMTEXT) {
 	isc_result_t result;
 	isc_token_t token;
 	dns_secalg_t alg;
 	dns_secproto_t proto;
 	dns_keyflags_t flags;
 
-	REQUIRE(type == dns_rdatatype_key);
-
 	UNUSED(type);
 	UNUSED(rdclass);
 	UNUSED(origin);
@@ -80,14 +78,15 @@ fromtext_key(ARGS_FROMTEXT) {
 }
 
 static inline isc_result_t
-totext_key(ARGS_TOTEXT) {
+generic_totext_key(ARGS_TOTEXT) {
 	isc_region_t sr;
-	char buf[sizeof("64000")];
+	char buf[sizeof("[key id = 64000]")];
 	unsigned int flags;
 	unsigned char algorithm;
-	char namebuf[DNS_NAME_FORMATSIZE];
+	char algbuf[DNS_NAME_FORMATSIZE];
+	const char *keyinfo;
+	isc_region_t tmpr;
 
-	REQUIRE(rdata->type == dns_rdatatype_key);
 	REQUIRE(rdata->length != 0);
 
 	dns_rdata_toregion(rdata, &sr);
@@ -98,6 +97,14 @@ totext_key(ARGS_TOTEXT) {
 	sprintf(buf, "%u", flags);
 	RETERR(str_totext(buf, target));
 	RETERR(str_totext(" ", target));
+	if ((flags & DNS_KEYFLAG_KSK) != 0) {
+		if (flags & DNS_KEYFLAG_REVOKE)
+			keyinfo = "revoked KSK";
+		else
+			keyinfo = "KSK";
+	} else
+		keyinfo = "ZSK";
+
 
 	/* protocol */
 	sprintf(buf, "%u", sr.base[0]);
@@ -120,19 +127,29 @@ totext_key(ARGS_TOTEXT) {
 		dns_name_t name;
 		dns_name_init(&name, NULL);
 		dns_name_fromregion(&name, &sr);
-		dns_name_format(&name, namebuf, sizeof(namebuf));
-	} else
-		namebuf[0] = 0;
+		dns_name_format(&name, algbuf, sizeof(algbuf));
+	} else {
+		dns_secalg_format((dns_secalg_t) algorithm, algbuf,
+				  sizeof(algbuf));
+	}
 
 	/* key */
 	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
 		RETERR(str_totext(" (", target));
 	RETERR(str_totext(tctx->linebreak, target));
-	if (tctx->width == 0)   /* No splitting */
-		RETERR(isc_base64_totext(&sr, 60, "", target));
-	else
-		RETERR(isc_base64_totext(&sr, tctx->width - 2,
-					 tctx->linebreak, target));
+
+	if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) {
+		if (tctx->width == 0)   /* No splitting */
+			RETERR(isc_base64_totext(&sr, 60, "", target));
+		else
+			RETERR(isc_base64_totext(&sr, tctx->width - 2,
+						 tctx->linebreak, target));
+	} else {
+		dns_rdata_toregion(rdata, &tmpr);
+		snprintf(buf, sizeof(buf), "[key id = %u]",
+			 dst_region_computeid(&tmpr, algorithm));
+		RETERR(str_totext(buf, target));
+	}
 
 	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0)
 		RETERR(str_totext(tctx->linebreak, target));
@@ -143,28 +160,27 @@ totext_key(ARGS_TOTEXT) {
 		RETERR(str_totext(")", target));
 
 	if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) {
-		isc_region_t tmpr;
 
+		if (rdata->type == dns_rdatatype_dnskey ||
+		    rdata->type == dns_rdatatype_cdnskey) {
+			RETERR(str_totext(" ; ", target));
+			RETERR(str_totext(keyinfo, target));
+		}
+		RETERR(str_totext("; alg = ", target));
+		RETERR(str_totext(algbuf, target));
 		RETERR(str_totext(" ; key id = ", target));
 		dns_rdata_toregion(rdata, &tmpr);
 		sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
 		RETERR(str_totext(buf, target));
-		if (algorithm == DNS_KEYALG_PRIVATEDNS) {
-			RETERR(str_totext(tctx->linebreak, target));
-			RETERR(str_totext("; alg = ", target));
-			RETERR(str_totext(namebuf, target));
-		}
 	}
 	return (ISC_R_SUCCESS);
 }
 
 static inline isc_result_t
-fromwire_key(ARGS_FROMWIRE) {
+generic_fromwire_key(ARGS_FROMWIRE) {
 	unsigned char algorithm;
 	isc_region_t sr;
 
-	REQUIRE(type == dns_rdatatype_key);
-
 	UNUSED(type);
 	UNUSED(rdclass);
 	UNUSED(dctx);
@@ -199,10 +215,38 @@ fromwire_key(ARGS_FROMWIRE) {
 	return (mem_tobuffer(target, sr.base, sr.length));
 }
 
+static inline isc_result_t
+fromtext_key(ARGS_FROMTEXT) {
+
+	REQUIRE(type == dns_rdatatype_key);
+
+	return (generic_fromtext_key(rdclass, type, lexer, origin,
+				     options, target, callbacks));
+}
+
+static inline isc_result_t
+totext_key(ARGS_TOTEXT) {
+
+	REQUIRE(rdata != NULL);
+	REQUIRE(rdata->type == dns_rdatatype_key);
+
+	return (generic_totext_key(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_key(ARGS_FROMWIRE) {
+
+	REQUIRE(type == dns_rdatatype_key);
+
+	return (generic_fromwire_key(rdclass, type, source, dctx,
+				     options, target));
+}
+
 static inline isc_result_t
 towire_key(ARGS_TOWIRE) {
 	isc_region_t sr;
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_key);
 	REQUIRE(rdata->length != 0);
 
@@ -217,6 +261,8 @@ compare_key(ARGS_COMPARE) {
 	isc_region_t r1;
 	isc_region_t r2;
 
+	REQUIRE(rdata1 != NULL);
+	REQUIRE(rdata2 != NULL);
 	REQUIRE(rdata1->type == rdata2->type);
 	REQUIRE(rdata1->rdclass == rdata2->rdclass);
 	REQUIRE(rdata1->type == dns_rdatatype_key);
@@ -229,11 +275,10 @@ compare_key(ARGS_COMPARE) {
 }
 
 static inline isc_result_t
-fromstruct_key(ARGS_FROMSTRUCT) {
+generic_fromstruct_key(ARGS_FROMSTRUCT) {
 	dns_rdata_key_t *key = source;
 
-	REQUIRE(type == dns_rdatatype_key);
-	REQUIRE(source != NULL);
+	REQUIRE(key != NULL);
 	REQUIRE(key->common.rdtype == type);
 	REQUIRE(key->common.rdclass == rdclass);
 
@@ -254,17 +299,17 @@ fromstruct_key(ARGS_FROMSTRUCT) {
 }
 
 static inline isc_result_t
-tostruct_key(ARGS_TOSTRUCT) {
+generic_tostruct_key(ARGS_TOSTRUCT) {
 	dns_rdata_key_t *key = target;
 	isc_region_t sr;
 
-	REQUIRE(rdata->type == dns_rdatatype_key);
-	REQUIRE(target != NULL);
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->length != 0);
 
-	key->common.rdclass = rdata->rdclass;
-	key->common.rdtype = rdata->type;
-	ISC_LINK_INIT(&key->common, link);
+	REQUIRE(key != NULL);
+	REQUIRE(key->common.rdclass == rdata->rdclass);
+	REQUIRE(key->common.rdtype == rdata->type);
+	REQUIRE(!ISC_LINK_LINKED(&key->common, link));
 
 	dns_rdata_toregion(rdata, &sr);
 
@@ -297,11 +342,10 @@ tostruct_key(ARGS_TOSTRUCT) {
 }
 
 static inline void
-freestruct_key(ARGS_FREESTRUCT) {
+generic_freestruct_key(ARGS_FREESTRUCT) {
 	dns_rdata_key_t *key = (dns_rdata_key_t *) source;
 
-	REQUIRE(source != NULL);
-	REQUIRE(key->common.rdtype == dns_rdatatype_key);
+	REQUIRE(key != NULL);
 
 	if (key->mctx == NULL)
 		return;
@@ -311,8 +355,43 @@ freestruct_key(ARGS_FREESTRUCT) {
 	key->mctx = NULL;
 }
 
+static inline isc_result_t
+fromstruct_key(ARGS_FROMSTRUCT) {
+
+	REQUIRE(type == dns_rdatatype_key);
+
+	return (generic_fromstruct_key(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_key(ARGS_TOSTRUCT) {
+	dns_rdata_key_t *key = target;
+
+	REQUIRE(key != NULL);
+	REQUIRE(rdata != NULL);
+	REQUIRE(rdata->type == dns_rdatatype_key);
+
+	key->common.rdclass = rdata->rdclass;
+	key->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&key->common, link);
+
+	return (generic_tostruct_key(rdata, target, mctx));
+}
+
+static inline void
+freestruct_key(ARGS_FREESTRUCT) {
+	dns_rdata_key_t *key = (dns_rdata_key_t *) source;
+
+	REQUIRE(key != NULL);
+	REQUIRE(key->common.rdtype == dns_rdatatype_key);
+
+	generic_freestruct_key(source);
+}
+
 static inline isc_result_t
 additionaldata_key(ARGS_ADDLDATA) {
+
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_key);
 
 	UNUSED(rdata);
@@ -326,6 +405,7 @@ static inline isc_result_t
 digest_key(ARGS_DIGEST) {
 	isc_region_t r;
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_key);
 
 	dns_rdata_toregion(rdata, &r);
@@ -349,6 +429,7 @@ checkowner_key(ARGS_CHECKOWNER) {
 static inline isc_boolean_t
 checknames_key(ARGS_CHECKNAMES) {
 
+	REQUIRE(rdata != NULL);
 	REQUIRE(rdata->type == dns_rdatatype_key);
 
 	UNUSED(rdata);
diff --git a/lib/dns/rdata/generic/key_25.h b/lib/dns/rdata/generic/key_25.h
index bcf9cb6a22..8ee312152f 100644
--- a/lib/dns/rdata/generic/key_25.h
+++ b/lib/dns/rdata/generic/key_25.h
@@ -23,7 +23,7 @@
 /*!
  * \brief Per RFC2535 */
 
-typedef struct dns_rdata_key_t {
+typedef struct dns_rdata_key {
         dns_rdatacommon_t	common;
         isc_mem_t *		mctx;
         isc_uint16_t		flags;
diff --git a/lib/dns/rdata/generic/ninfo_56.c b/lib/dns/rdata/generic/ninfo_56.c
new file mode 100644
index 0000000000..f31f47ed65
--- /dev/null
+++ b/lib/dns/rdata/generic/ninfo_56.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_NINFO_56_C
+#define RDATA_GENERIC_NINFO_56_C
+
+#define RRTYPE_NINFO_ATTRIBUTES (0)
+
+static inline isc_result_t
+fromtext_ninfo(ARGS_FROMTEXT) {
+
+	REQUIRE(type == dns_rdatatype_ninfo);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(origin);
+	UNUSED(options);
+	UNUSED(callbacks);
+
+	return (generic_fromtext_txt(rdclass, type, lexer, origin, options,
+				     target, callbacks));
+}
+
+static inline isc_result_t
+totext_ninfo(ARGS_TOTEXT) {
+
+	UNUSED(tctx);
+
+	REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+	return (generic_totext_txt(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_ninfo(ARGS_FROMWIRE) {
+
+	REQUIRE(type == dns_rdatatype_ninfo);
+
+	UNUSED(type);
+	UNUSED(dctx);
+	UNUSED(rdclass);
+	UNUSED(options);
+
+	return (generic_fromwire_txt(rdclass, type, source, dctx, options,
+				     target));
+}
+
+static inline isc_result_t
+towire_ninfo(ARGS_TOWIRE) {
+
+	REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+	UNUSED(cctx);
+
+	return (mem_tobuffer(target, rdata->data, rdata->length));
+}
+
+static inline int
+compare_ninfo(ARGS_COMPARE) {
+	isc_region_t r1;
+	isc_region_t r2;
+
+	REQUIRE(rdata1->type == rdata2->type);
+	REQUIRE(rdata1->rdclass == rdata2->rdclass);
+	REQUIRE(rdata1->type == dns_rdatatype_ninfo);
+
+	dns_rdata_toregion(rdata1, &r1);
+	dns_rdata_toregion(rdata2, &r2);
+	return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_ninfo(ARGS_FROMSTRUCT) {
+
+	REQUIRE(type == dns_rdatatype_ninfo);
+
+	return (generic_fromstruct_txt(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_ninfo(ARGS_TOSTRUCT) {
+	dns_rdata_ninfo_t *txt = target;
+
+	REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+	txt->common.rdclass = rdata->rdclass;
+	txt->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&txt->common, link);
+
+	return (generic_tostruct_txt(rdata, target, mctx));
+}
+
+static inline void
+freestruct_ninfo(ARGS_FREESTRUCT) {
+	dns_rdata_ninfo_t *ninfo = source;
+
+	REQUIRE(source != NULL);
+	REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+	generic_freestruct_txt(source);
+}
+
+static inline isc_result_t
+additionaldata_ninfo(ARGS_ADDLDATA) {
+	REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+	UNUSED(rdata);
+	UNUSED(add);
+	UNUSED(arg);
+
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_ninfo(ARGS_DIGEST) {
+	isc_region_t r;
+
+	REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+	dns_rdata_toregion(rdata, &r);
+
+	return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_ninfo(ARGS_CHECKOWNER) {
+
+	REQUIRE(type == dns_rdatatype_ninfo);
+
+	UNUSED(name);
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(wildcard);
+
+	return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_ninfo(ARGS_CHECKNAMES) {
+
+	REQUIRE(rdata->type == dns_rdatatype_ninfo);
+
+	UNUSED(rdata);
+	UNUSED(owner);
+	UNUSED(bad);
+
+	return (ISC_TRUE);
+}
+
+static inline isc_result_t
+casecompare_ninfo(ARGS_COMPARE) {
+	return (compare_ninfo(rdata1, rdata2));
+}
+
+isc_result_t
+dns_rdata_ninfo_first(dns_rdata_ninfo_t *ninfo) {
+
+	REQUIRE(ninfo != NULL);
+	REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+	return (generic_txt_first(ninfo));
+}
+
+isc_result_t
+dns_rdata_ninfo_next(dns_rdata_ninfo_t *ninfo) {
+
+	REQUIRE(ninfo != NULL);
+	REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+	return (generic_txt_next(ninfo));
+}
+
+isc_result_t
+dns_rdata_ninfo_current(dns_rdata_ninfo_t *ninfo,
+			dns_rdata_ninfo_string_t *string)
+{
+
+	REQUIRE(ninfo != NULL);
+	REQUIRE(ninfo->common.rdtype == dns_rdatatype_ninfo);
+
+	return (generic_txt_current(ninfo, string));
+}
+#endif	/* RDATA_GENERIC_NINFO_56_C */
diff --git a/lib/dns/rdata/generic/ninfo_56.h b/lib/dns/rdata/generic/ninfo_56.h
new file mode 100644
index 0000000000..f0f09eca0c
--- /dev/null
+++ b/lib/dns/rdata/generic/ninfo_56.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 1998-2001  Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* */
+#ifndef GENERIC_NINFO_56_H
+#define GENERIC_NINFO_56_H 1
+
+typedef struct dns_rdata_txt_string dns_rdata_ninfo_string_t;
+
+typedef struct dns_rdata_txt dns_rdata_ninfo_t;
+
+/*
+ * ISC_LANG_BEGINDECLS and ISC_LANG_ENDDECLS are already done
+ * via rdatastructpre.h and rdatastructsuf.h.
+ */
+
+isc_result_t
+dns_rdata_ninfo_first(dns_rdata_ninfo_t *);
+
+isc_result_t
+dns_rdata_ninfo_next(dns_rdata_ninfo_t *);
+
+isc_result_t
+dns_rdata_ninfo_current(dns_rdata_ninfo_t *, dns_rdata_ninfo_string_t *);
+
+#endif /* GENERIC_NINFO_16_H */
diff --git a/lib/dns/rdata/generic/rkey_57.c b/lib/dns/rdata/generic/rkey_57.c
new file mode 100644
index 0000000000..a57d1bc13f
--- /dev/null
+++ b/lib/dns/rdata/generic/rkey_57.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef RDATA_GENERIC_RKEY_57_C
+#define RDATA_GENERIC_RKEY_57_C
+
+#define RRTYPE_RKEY_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_rkey(ARGS_FROMTEXT) {
+
+	REQUIRE(type == dns_rdatatype_rkey);
+
+	return (generic_fromtext_key(rdclass, type, lexer, origin,
+				     options, target, callbacks));
+}
+
+static inline isc_result_t
+totext_rkey(ARGS_TOTEXT) {
+
+	REQUIRE(rdata != NULL);
+	REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+	return (generic_totext_key(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_rkey(ARGS_FROMWIRE) {
+
+	REQUIRE(type == dns_rdatatype_rkey);
+
+	return (generic_fromwire_key(rdclass, type, source, dctx,
+				     options, target));
+}
+
+static inline isc_result_t
+towire_rkey(ARGS_TOWIRE) {
+	isc_region_t sr;
+
+	REQUIRE(rdata != NULL);
+	REQUIRE(rdata->type == dns_rdatatype_rkey);
+	REQUIRE(rdata->length != 0);
+
+	UNUSED(cctx);
+
+	dns_rdata_toregion(rdata, &sr);
+	return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_rkey(ARGS_COMPARE) {
+	isc_region_t r1;
+	isc_region_t r2;
+
+	REQUIRE(rdata1 != NULL);
+	REQUIRE(rdata2 != NULL);
+	REQUIRE(rdata1->type == rdata2->type);
+	REQUIRE(rdata1->rdclass == rdata2->rdclass);
+	REQUIRE(rdata1->type == dns_rdatatype_rkey);
+	REQUIRE(rdata1->length != 0);
+	REQUIRE(rdata2->length != 0);
+
+	dns_rdata_toregion(rdata1, &r1);
+	dns_rdata_toregion(rdata2, &r2);
+	return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_rkey(ARGS_FROMSTRUCT) {
+
+	REQUIRE(type == dns_rdatatype_rkey);
+
+	return (generic_fromstruct_key(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_rkey(ARGS_TOSTRUCT) {
+	dns_rdata_rkey_t *rkey = target;
+
+	REQUIRE(rkey != NULL);
+	REQUIRE(rdata != NULL);
+	REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+	rkey->common.rdclass = rdata->rdclass;
+	rkey->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&rkey->common, link);
+
+	return (generic_tostruct_key(rdata, target, mctx));
+}
+
+static inline void
+freestruct_rkey(ARGS_FREESTRUCT) {
+	dns_rdata_rkey_t *rkey = (dns_rdata_rkey_t *) source;
+
+	REQUIRE(rkey != NULL);
+	REQUIRE(rkey->common.rdtype == dns_rdatatype_rkey);
+
+	generic_freestruct_key(source);
+}
+
+static inline isc_result_t
+additionaldata_rkey(ARGS_ADDLDATA) {
+
+	REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+	UNUSED(rdata);
+	UNUSED(add);
+	UNUSED(arg);
+
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_rkey(ARGS_DIGEST) {
+	isc_region_t r;
+
+	REQUIRE(rdata != NULL);
+	REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+	dns_rdata_toregion(rdata, &r);
+
+	return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_rkey(ARGS_CHECKOWNER) {
+
+	REQUIRE(type == dns_rdatatype_rkey);
+
+	UNUSED(name);
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(wildcard);
+
+	return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_rkey(ARGS_CHECKNAMES) {
+
+	REQUIRE(rdata != NULL);
+	REQUIRE(rdata->type == dns_rdatatype_rkey);
+
+	UNUSED(rdata);
+	UNUSED(owner);
+	UNUSED(bad);
+
+	return (ISC_TRUE);
+}
+
+static inline int
+casecompare_rkey(ARGS_COMPARE) {
+
+	/*
+	 * Treat ALG 253 (private DNS) subtype name case sensistively.
+	 */
+	return (compare_rkey(rdata1, rdata2));
+}
+
+#endif	/* RDATA_GENERIC_RKEY_57_C */
diff --git a/lib/dns/rdata/generic/rkey_57.h b/lib/dns/rdata/generic/rkey_57.h
new file mode 100644
index 0000000000..330b3fbad8
--- /dev/null
+++ b/lib/dns/rdata/generic/rkey_57.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_RKEY_57_H
+#define GENERIC_RKEY_57_H 1
+
+typedef struct dns_rdata_key dns_rdata_rkey_t;
+
+#endif /* GENERIC_RKEY_57_H */
diff --git a/lib/dns/rdata/generic/spf_99.c b/lib/dns/rdata/generic/spf_99.c
index 8ad4f02b9a..4e886677e0 100644
--- a/lib/dns/rdata/generic/spf_99.c
+++ b/lib/dns/rdata/generic/spf_99.c
@@ -26,8 +26,6 @@
 
 static inline isc_result_t
 fromtext_spf(ARGS_FROMTEXT) {
-	isc_token_t token;
-	int strings;
 
 	REQUIRE(type == dns_rdatatype_spf);
 
@@ -37,44 +35,22 @@ fromtext_spf(ARGS_FROMTEXT) {
 	UNUSED(options);
 	UNUSED(callbacks);
 
-	strings = 0;
-	for (;;) {
-		RETERR(isc_lex_getmastertoken(lexer, &token,
-					      isc_tokentype_qstring,
-					      ISC_TRUE));
-		if (token.type != isc_tokentype_qstring &&
-		    token.type != isc_tokentype_string)
-			break;
-		RETTOK(txt_fromtext(&token.value.as_textregion, target));
-		strings++;
-	}
-	/* Let upper layer handle eol/eof. */
-	isc_lex_ungettoken(lexer, &token);
-	return (strings == 0 ? ISC_R_UNEXPECTEDEND : ISC_R_SUCCESS);
+	return (generic_fromtext_txt(rdclass, type, lexer, origin, options,
+                                     target, callbacks));
 }
 
 static inline isc_result_t
 totext_spf(ARGS_TOTEXT) {
-	isc_region_t region;
 
 	UNUSED(tctx);
 
 	REQUIRE(rdata->type == dns_rdatatype_spf);
 
-	dns_rdata_toregion(rdata, &region);
-
-	while (region.length > 0) {
-		RETERR(txt_totext(&region, ISC_TRUE, target));
-		if (region.length > 0)
-			RETERR(str_totext(" ", target));
-	}
-
-	return (ISC_R_SUCCESS);
+	return (generic_totext_txt(rdata, tctx, target));
 }
 
 static inline isc_result_t
 fromwire_spf(ARGS_FROMWIRE) {
-	isc_result_t result;
 
 	REQUIRE(type == dns_rdatatype_spf);
 
@@ -83,29 +59,18 @@ fromwire_spf(ARGS_FROMWIRE) {
 	UNUSED(rdclass);
 	UNUSED(options);
 
-	do {
-		result = txt_fromwire(source, target);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	} while (!buffer_empty(source));
-	return (ISC_R_SUCCESS);
+	return (generic_fromwire_txt(rdclass, type, source, dctx, options,
+                                     target));
 }
 
 static inline isc_result_t
 towire_spf(ARGS_TOWIRE) {
-	isc_region_t region;
 
 	REQUIRE(rdata->type == dns_rdatatype_spf);
 
 	UNUSED(cctx);
 
-	isc_buffer_availableregion(target, &region);
-	if (region.length < rdata->length)
-		return (ISC_R_NOSPACE);
-
-	memmove(region.base, rdata->data, rdata->length);
-	isc_buffer_add(target, rdata->length);
-	return (ISC_R_SUCCESS);
+	return (mem_tobuffer(target, rdata->data, rdata->length));
 }
 
 static inline int
@@ -124,53 +89,24 @@ compare_spf(ARGS_COMPARE) {
 
 static inline isc_result_t
 fromstruct_spf(ARGS_FROMSTRUCT) {
-	dns_rdata_spf_t *txt = source;
-	isc_region_t region;
-	isc_uint8_t length;
 
 	REQUIRE(type == dns_rdatatype_spf);
-	REQUIRE(source != NULL);
-	REQUIRE(txt->common.rdtype == type);
-	REQUIRE(txt->common.rdclass == rdclass);
-	REQUIRE(txt->txt != NULL && txt->txt_len != 0);
 
-	UNUSED(type);
-	UNUSED(rdclass);
-
-	region.base = txt->txt;
-	region.length = txt->txt_len;
-	while (region.length > 0) {
-		length = uint8_fromregion(&region);
-		isc_region_consume(&region, 1);
-		if (region.length <= length)
-			return (ISC_R_UNEXPECTEDEND);
-		isc_region_consume(&region, length);
-	}
-
-	return (mem_tobuffer(target, txt->txt, txt->txt_len));
+	return (generic_fromstruct_txt(rdclass, type, source, target));
 }
 
 static inline isc_result_t
 tostruct_spf(ARGS_TOSTRUCT) {
-	dns_rdata_spf_t *txt = target;
-	isc_region_t r;
+	dns_rdata_spf_t *spf = target;
 
 	REQUIRE(rdata->type == dns_rdatatype_spf);
 	REQUIRE(target != NULL);
 
-	txt->common.rdclass = rdata->rdclass;
-	txt->common.rdtype = rdata->type;
-	ISC_LINK_INIT(&txt->common, link);
+	spf->common.rdclass = rdata->rdclass;
+	spf->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&spf->common, link);
 
-	dns_rdata_toregion(rdata, &r);
-	txt->txt_len = r.length;
-	txt->txt = mem_maybedup(mctx, r.base, r.length);
-	if (txt->txt == NULL)
-		return (ISC_R_NOMEMORY);
-
-	txt->offset = 0;
-	txt->mctx = mctx;
-	return (ISC_R_SUCCESS);
+	return (generic_tostruct_txt(rdata, target, mctx));
 }
 
 static inline void
@@ -180,12 +116,7 @@ freestruct_spf(ARGS_FREESTRUCT) {
 	REQUIRE(source != NULL);
 	REQUIRE(txt->common.rdtype == dns_rdatatype_spf);
 
-	if (txt->mctx == NULL)
-		return;
-
-	if (txt->txt != NULL)
-		isc_mem_free(txt->mctx, txt->txt);
-	txt->mctx = NULL;
+	generic_freestruct_txt(source);
 }
 
 static inline isc_result_t
diff --git a/lib/dns/rdata/generic/ta_32768.c b/lib/dns/rdata/generic/ta_32768.c
new file mode 100644
index 0000000000..d802211f37
--- /dev/null
+++ b/lib/dns/rdata/generic/ta_32768.c
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* http://www.watson.org/~weiler/INI1999-19.pdf */
+
+#ifndef RDATA_GENERIC_TA_32768_C
+#define RDATA_GENERIC_TA_32768_C
+
+#define RRTYPE_TA_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_ta(ARGS_FROMTEXT) {
+
+	REQUIRE(type == dns_rdatatype_ta);
+
+	return (generic_fromtext_ds(rdclass, type, lexer, origin, options,
+				    target, callbacks));
+}
+
+static inline isc_result_t
+totext_ta(ARGS_TOTEXT) {
+
+	REQUIRE(rdata->type == dns_rdatatype_ta);
+
+	return (generic_totext_ds(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_ta(ARGS_FROMWIRE) {
+
+	REQUIRE(type == dns_rdatatype_ta);
+
+	return (generic_fromwire_ds(rdclass, type, source, dctx, options,
+				    target));
+}
+
+static inline isc_result_t
+towire_ta(ARGS_TOWIRE) {
+	isc_region_t sr;
+
+	REQUIRE(rdata->type == dns_rdatatype_ta);
+	REQUIRE(rdata->length != 0);
+
+	UNUSED(cctx);
+
+	dns_rdata_toregion(rdata, &sr);
+	return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_ta(ARGS_COMPARE) {
+	isc_region_t r1;
+	isc_region_t r2;
+
+	REQUIRE(rdata1->type == rdata2->type);
+	REQUIRE(rdata1->rdclass == rdata2->rdclass);
+	REQUIRE(rdata1->type == dns_rdatatype_ta);
+	REQUIRE(rdata1->length != 0);
+	REQUIRE(rdata2->length != 0);
+
+	dns_rdata_toregion(rdata1, &r1);
+	dns_rdata_toregion(rdata2, &r2);
+	return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_ta(ARGS_FROMSTRUCT) {
+
+	REQUIRE(type == dns_rdatatype_ta);
+
+	return (generic_fromstruct_ds(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_ta(ARGS_TOSTRUCT) {
+	dns_rdata_ds_t *ds = target;
+
+	REQUIRE(rdata->type == dns_rdatatype_ta);
+
+	/*
+	 * Checked by generic_tostruct_ds().
+	 */
+	ds->common.rdclass = rdata->rdclass;
+	ds->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&ds->common, link);
+
+	return (generic_tostruct_ds(rdata, target, mctx));
+}
+
+static inline void
+freestruct_ta(ARGS_FREESTRUCT) {
+	dns_rdata_ta_t *ds = source;
+
+	REQUIRE(ds != NULL);
+	REQUIRE(ds->common.rdtype == dns_rdatatype_ta);
+
+	if (ds->mctx == NULL)
+		return;
+
+	if (ds->digest != NULL)
+		isc_mem_free(ds->mctx, ds->digest);
+	ds->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_ta(ARGS_ADDLDATA) {
+	REQUIRE(rdata->type == dns_rdatatype_ta);
+
+	UNUSED(rdata);
+	UNUSED(add);
+	UNUSED(arg);
+
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_ta(ARGS_DIGEST) {
+	isc_region_t r;
+
+	REQUIRE(rdata->type == dns_rdatatype_ta);
+
+	dns_rdata_toregion(rdata, &r);
+
+	return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_ta(ARGS_CHECKOWNER) {
+
+	REQUIRE(type == dns_rdatatype_ta);
+
+	UNUSED(name);
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(wildcard);
+
+	return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_ta(ARGS_CHECKNAMES) {
+
+	REQUIRE(rdata->type == dns_rdatatype_ta);
+
+	UNUSED(rdata);
+	UNUSED(owner);
+	UNUSED(bad);
+
+	return (ISC_TRUE);
+}
+
+static inline int
+casecompare_ta(ARGS_COMPARE) {
+	return (compare_ta(rdata1, rdata2));
+}
+
+#endif	/* RDATA_GENERIC_TA_32768_C */
diff --git a/lib/dns/rdata/generic/ta_32768.h b/lib/dns/rdata/generic/ta_32768.h
new file mode 100644
index 0000000000..c5304af184
--- /dev/null
+++ b/lib/dns/rdata/generic/ta_32768.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef GENERIC_TA_32768_H
+#define GENERIC_TA_32768_H 1
+
+/*
+ * TA records are identical to DS records.
+ */
+typedef struct dns_rdata_ds dns_rdata_ta_t;
+
+#endif /* GENERIC_TA_32768_H */
diff --git a/lib/dns/rdata/generic/txt_16.c b/lib/dns/rdata/generic/txt_16.c
index aa7c3a0ab1..2ebd46c316 100644
--- a/lib/dns/rdata/generic/txt_16.c
+++ b/lib/dns/rdata/generic/txt_16.c
@@ -15,8 +15,6 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: txt_16.c,v 1.47 2009/12/04 22:06:37 tbox Exp $ */
-
 /* Reviewed: Thu Mar 16 15:40:00 PST 2000 by bwelling */
 
 #ifndef RDATA_GENERIC_TXT_16_C
@@ -25,12 +23,10 @@
 #define RRTYPE_TXT_ATTRIBUTES (0)
 
 static inline isc_result_t
-fromtext_txt(ARGS_FROMTEXT) {
+generic_fromtext_txt(ARGS_FROMTEXT) {
 	isc_token_t token;
 	int strings;
 
-	REQUIRE(type == dns_rdatatype_txt);
-
 	UNUSED(type);
 	UNUSED(rdclass);
 	UNUSED(origin);
@@ -61,13 +57,11 @@ fromtext_txt(ARGS_FROMTEXT) {
 }
 
 static inline isc_result_t
-totext_txt(ARGS_TOTEXT) {
+generic_totext_txt(ARGS_TOTEXT) {
 	isc_region_t region;
 
 	UNUSED(tctx);
 
-	REQUIRE(rdata->type == dns_rdatatype_txt);
-
 	dns_rdata_toregion(rdata, &region);
 
 	while (region.length > 0) {
@@ -80,11 +74,9 @@ totext_txt(ARGS_TOTEXT) {
 }
 
 static inline isc_result_t
-fromwire_txt(ARGS_FROMWIRE) {
+generic_fromwire_txt(ARGS_FROMWIRE) {
 	isc_result_t result;
 
-	REQUIRE(type == dns_rdatatype_txt);
-
 	UNUSED(type);
 	UNUSED(dctx);
 	UNUSED(rdclass);
@@ -98,21 +90,40 @@ fromwire_txt(ARGS_FROMWIRE) {
 	return (ISC_R_SUCCESS);
 }
 
+static inline isc_result_t
+fromtext_txt(ARGS_FROMTEXT) {
+
+	REQUIRE(type == dns_rdatatype_txt);
+
+	return (generic_fromtext_txt(rdclass, type, lexer, origin, options,
+				     target, callbacks));
+}
+
+static inline isc_result_t
+totext_txt(ARGS_TOTEXT) {
+
+	REQUIRE(rdata->type == dns_rdatatype_txt);
+
+	return (generic_totext_txt(rdata, tctx, target));
+}
+
+static inline isc_result_t
+fromwire_txt(ARGS_FROMWIRE) {
+
+	REQUIRE(type == dns_rdatatype_txt);
+
+	return (generic_fromwire_txt(rdclass, type, source, dctx, options,
+				     target));
+}
+
 static inline isc_result_t
 towire_txt(ARGS_TOWIRE) {
-	isc_region_t region;
 
 	REQUIRE(rdata->type == dns_rdatatype_txt);
 
 	UNUSED(cctx);
 
-	isc_buffer_availableregion(target, &region);
-	if (region.length < rdata->length)
-		return (ISC_R_NOSPACE);
-
-	memmove(region.base, rdata->data, rdata->length);
-	isc_buffer_add(target, rdata->length);
-	return (ISC_R_SUCCESS);
+	return (mem_tobuffer(target, rdata->data, rdata->length));
 }
 
 static inline int
@@ -130,12 +141,11 @@ compare_txt(ARGS_COMPARE) {
 }
 
 static inline isc_result_t
-fromstruct_txt(ARGS_FROMSTRUCT) {
+generic_fromstruct_txt(ARGS_FROMSTRUCT) {
 	dns_rdata_txt_t *txt = source;
 	isc_region_t region;
 	isc_uint8_t length;
 
-	REQUIRE(type == dns_rdatatype_txt);
 	REQUIRE(source != NULL);
 	REQUIRE(txt->common.rdtype == type);
 	REQUIRE(txt->common.rdclass == rdclass);
@@ -158,16 +168,14 @@ fromstruct_txt(ARGS_FROMSTRUCT) {
 }
 
 static inline isc_result_t
-tostruct_txt(ARGS_TOSTRUCT) {
+generic_tostruct_txt(ARGS_TOSTRUCT) {
 	dns_rdata_txt_t *txt = target;
 	isc_region_t r;
 
-	REQUIRE(rdata->type == dns_rdatatype_txt);
 	REQUIRE(target != NULL);
-
-	txt->common.rdclass = rdata->rdclass;
-	txt->common.rdtype = rdata->type;
-	ISC_LINK_INIT(&txt->common, link);
+	REQUIRE(txt->common.rdclass == rdata->rdclass);
+	REQUIRE(txt->common.rdtype == rdata->type);
+	REQUIRE(!ISC_LINK_LINKED(&txt->common, link));
 
 	dns_rdata_toregion(rdata, &r);
 	txt->txt_len = r.length;
@@ -181,11 +189,10 @@ tostruct_txt(ARGS_TOSTRUCT) {
 }
 
 static inline void
-freestruct_txt(ARGS_FREESTRUCT) {
+generic_freestruct_txt(ARGS_FREESTRUCT) {
 	dns_rdata_txt_t *txt = source;
 
 	REQUIRE(source != NULL);
-	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
 
 	if (txt->mctx == NULL)
 		return;
@@ -195,6 +202,38 @@ freestruct_txt(ARGS_FREESTRUCT) {
 	txt->mctx = NULL;
 }
 
+static inline isc_result_t
+fromstruct_txt(ARGS_FROMSTRUCT) {
+
+	REQUIRE(type == dns_rdatatype_txt);
+
+	return (generic_fromstruct_txt(rdclass, type, source, target));
+}
+
+static inline isc_result_t
+tostruct_txt(ARGS_TOSTRUCT) {
+	dns_rdata_txt_t *txt = target;
+
+	REQUIRE(rdata->type == dns_rdatatype_txt);
+	REQUIRE(target != NULL);
+
+	txt->common.rdclass = rdata->rdclass;
+	txt->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&txt->common, link);
+
+	return (generic_tostruct_txt(rdata, target, mctx));
+}
+
+static inline void
+freestruct_txt(ARGS_FREESTRUCT) {
+	dns_rdata_txt_t *txt = source;
+
+	REQUIRE(source != NULL);
+	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+	generic_freestruct_txt(source);
+}
+
 static inline isc_result_t
 additionaldata_txt(ARGS_ADDLDATA) {
 	REQUIRE(rdata->type == dns_rdatatype_txt);
@@ -247,11 +286,10 @@ casecompare_txt(ARGS_COMPARE) {
 	return (compare_txt(rdata1, rdata2));
 }
 
-isc_result_t
-dns_rdata_txt_first(dns_rdata_txt_t *txt) {
+static isc_result_t
+generic_txt_first(dns_rdata_txt_t *txt) {
 
 	REQUIRE(txt != NULL);
-	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
 	REQUIRE(txt->txt != NULL || txt->txt_len == 0);
 
 	if (txt->txt_len == 0)
@@ -261,13 +299,12 @@ dns_rdata_txt_first(dns_rdata_txt_t *txt) {
 	return (ISC_R_SUCCESS);
 }
 
-isc_result_t
-dns_rdata_txt_next(dns_rdata_txt_t *txt) {
+static isc_result_t
+generic_txt_next(dns_rdata_txt_t *txt) {
 	isc_region_t r;
 	isc_uint8_t length;
 
 	REQUIRE(txt != NULL);
-	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
 	REQUIRE(txt->txt != NULL && txt->txt_len != 0);
 
 	INSIST(txt->offset + 1 <= txt->txt_len);
@@ -281,13 +318,12 @@ dns_rdata_txt_next(dns_rdata_txt_t *txt) {
 	return (ISC_R_SUCCESS);
 }
 
-isc_result_t
-dns_rdata_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
+static isc_result_t
+generic_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
 	isc_region_t r;
 
 	REQUIRE(txt != NULL);
 	REQUIRE(string != NULL);
-	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
 	REQUIRE(txt->txt != NULL);
 	REQUIRE(txt->offset < txt->txt_len);
 
@@ -302,4 +338,31 @@ dns_rdata_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
 
 	return (ISC_R_SUCCESS);
 }
+
+isc_result_t
+dns_rdata_txt_first(dns_rdata_txt_t *txt) {
+
+	REQUIRE(txt != NULL);
+	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+	return (generic_txt_first(txt));
+}
+
+isc_result_t
+dns_rdata_txt_next(dns_rdata_txt_t *txt) {
+
+	REQUIRE(txt != NULL);
+	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+	return (generic_txt_next(txt));
+}
+
+isc_result_t
+dns_rdata_txt_current(dns_rdata_txt_t *txt, dns_rdata_txt_string_t *string) {
+
+	REQUIRE(txt != NULL);
+	REQUIRE(txt->common.rdtype == dns_rdatatype_txt);
+
+	return (generic_txt_current(txt, string));
+}
 #endif	/* RDATA_GENERIC_TXT_16_C */
diff --git a/lib/isc/win32/socket.c b/lib/isc/win32/socket.c
index 903755b349..2844348c59 100644
--- a/lib/isc/win32/socket.c
+++ b/lib/isc/win32/socket.c
@@ -1361,22 +1361,6 @@ completeio_send(isc_socket_t *sock, isc_socketevent_t *dev,
 
 		return (map_socket_error(sock, send_errno, &dev->result,
 			strbuf, sizeof(strbuf)));
-
-		/*
-		 * The other error types depend on whether or not the
-		 * socket is UDP or TCP.  If it is UDP, some errors
-		 * that we expect to be fatal under TCP are merely
-		 * annoying, and are really soft errors.
-		 *
-		 * However, these soft errors are still returned as
-		 * a status.
-		 */
-		isc_sockaddr_format(&dev->address, addrbuf, sizeof(addrbuf));
-		isc__strerror(send_errno, strbuf, sizeof(strbuf));
-		UNEXPECTED_ERROR(__FILE__, __LINE__, "completeio_send: %s: %s",
-				 addrbuf, strbuf);
-		dev->result = isc__errno2result(send_errno);
-		return (DOIO_HARD);
 	}
 
 	/*
diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 12830e0c6a..329665f7f9 100644
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -56,7 +56,8 @@ parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype,
 		    const cfg_type_t *othertype, cfg_obj_t **ret);
 
 static void
-doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *type);
+doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype,
+		  const cfg_type_t *othertype);
 
 static isc_result_t
 parse_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
@@ -586,8 +587,12 @@ static isc_result_t
 parse_zonestat(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
 	return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
 }
+static void
+doc_zonestat(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
 static cfg_type_t cfg_type_zonestat = {
-	"zonestat", parse_zonestat, cfg_print_ustring, doc_enum_or_other,
+	"zonestat", parse_zonestat, cfg_print_ustring, doc_zonestat,
 	&cfg_rep_string, zonestat_enums
 };
 
@@ -809,13 +814,18 @@ static cfg_type_t cfg_type_serverid = {
 /*%
  * Port list.
  */
+static void
+print_porttuple(cfg_printer_t *pctx, const cfg_obj_t *obj) {
+	cfg_print_cstr(pctx, "range ");
+	cfg_print_tuple(pctx, obj);
+}
 static cfg_tuplefielddef_t porttuple_fields[] = {
 	{ "loport", &cfg_type_uint32, 0 },
 	{ "hiport", &cfg_type_uint32, 0 },
 	{ NULL, NULL, 0 }
 };
 static cfg_type_t cfg_type_porttuple = {
-	"porttuple", cfg_parse_tuple, cfg_print_tuple, cfg_doc_tuple,
+	"porttuple", cfg_parse_tuple, print_porttuple, cfg_doc_tuple,
 	&cfg_rep_tuple, porttuple_fields
 };
 
@@ -922,8 +932,7 @@ parse_optional_response(cfg_parser_t *pctx, const cfg_type_t *type,
 
 static void
 doc_optional_response(cfg_printer_t *pctx, const cfg_type_t *type) {
-	UNUSED(type);
-	cfg_print_cstr(pctx, "[ ( drop | fail ) ]");
+	doc_enum_or_other(pctx, type, &cfg_type_void);
 }
 
 static cfg_type_t cfg_type_responsetype = {
@@ -2068,9 +2077,14 @@ parse_size(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
 	return (parse_enum_or_other(pctx, type, &cfg_type_sizeval, ret));
 }
 
+static void
+doc_size(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_sizeval);
+}
+
 static const char *size_enums[] = { "unlimited", "default", NULL };
 static cfg_type_t cfg_type_size = {
-	"size", parse_size, cfg_print_ustring, cfg_doc_terminal,
+	"size", parse_size, cfg_print_ustring, doc_size,
 	&cfg_rep_string, size_enums
 };
 
@@ -2132,12 +2146,34 @@ parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype,
 }
 
 static void
-doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *type) {
-	cfg_doc_terminal(pctx, type);
-#if 0 /* XXX */
-	cfg_print_chars(pctx, "( ", 2);...
-#endif
+doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype,
+		  const cfg_type_t *othertype)
+{
+	const char * const *p;
+	isc_boolean_t first = ISC_TRUE;
 
+	/*
+	 * If othertype is cfg_type_void, it means that enumtype is
+	 * optional.
+	 */
+
+	if (othertype == &cfg_type_void)
+		cfg_print_cstr(pctx, "[ ");
+	cfg_print_cstr(pctx, "( ");
+	for (p = enumtype->of; *p != NULL; p++) {
+		if (!first)
+			cfg_print_cstr(pctx, " | ");
+		first = ISC_FALSE;
+		cfg_print_cstr(pctx, *p);
+	}
+	if (othertype != &cfg_type_void) {
+		if (!first)
+			cfg_print_cstr(pctx, " | ");
+		cfg_doc_terminal(pctx, othertype);
+	}
+	cfg_print_cstr(pctx, " )");
+	if (othertype == &cfg_type_void)
+		cfg_print_cstr(pctx, " ]");
 }
 
 static isc_result_t
@@ -2184,8 +2220,12 @@ static isc_result_t
 parse_dialup_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
 	return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
 }
+static void
+doc_dialup_type(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
 static cfg_type_t cfg_type_dialuptype = {
-	"dialuptype", parse_dialup_type, cfg_print_ustring, doc_enum_or_other,
+	"dialuptype", parse_dialup_type, cfg_print_ustring, doc_dialup_type,
 	&cfg_rep_string, dialup_enums
 };
 
@@ -2194,18 +2234,28 @@ static isc_result_t
 parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
 	return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
 }
+static void
+doc_notify_type(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
 static cfg_type_t cfg_type_notifytype = {
-	"notifytype", parse_notify_type, cfg_print_ustring, doc_enum_or_other,
+	"notifytype", parse_notify_type, cfg_print_ustring, doc_notify_type,
 	&cfg_rep_string, notify_enums,
 };
 
 static const char *ixfrdiff_enums[] = { "master", "slave", NULL };
 static isc_result_t
-parse_ixfrdiff_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
+parse_ixfrdiff_type(cfg_parser_t *pctx, const cfg_type_t *type,
+		    cfg_obj_t **ret)
+{
 	return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
 }
+static void
+doc_ixfrdiff_type(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
 static cfg_type_t cfg_type_ixfrdifftype = {
-	"ixfrdiff", parse_ixfrdiff_type, cfg_print_ustring, doc_enum_or_other,
+	"ixfrdiff", parse_ixfrdiff_type, cfg_print_ustring, doc_ixfrdiff_type,
 	&cfg_rep_string, ixfrdiff_enums,
 };
 
@@ -2215,9 +2265,13 @@ parse_filter_aaaa(cfg_parser_t *pctx, const cfg_type_t *type,
 		     cfg_obj_t **ret) {
 	return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
 }
+static void
+doc_filter_aaaa(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_boolean);
+}
 static cfg_type_t cfg_type_filter_aaaa = {
 	"filter_aaaa", parse_filter_aaaa, cfg_print_ustring,
-	doc_enum_or_other, &cfg_rep_string, filter_aaaa_enums,
+	doc_filter_aaaa, &cfg_rep_string, filter_aaaa_enums,
 };
 
 static keyword_type_t key_kw = { "key", &cfg_type_astring };
@@ -2840,8 +2894,13 @@ parse_logversions(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
 	return (parse_enum_or_other(pctx, type, &cfg_type_uint32, ret));
 }
 
+static void
+doc_logversions(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_uint32);
+}
+
 static cfg_type_t cfg_type_logversions = {
-	"logversions", parse_logversions, cfg_print_ustring, cfg_doc_terminal,
+	"logversions", parse_logversions, cfg_print_ustring, doc_logversions,
 	&cfg_rep_string, logversions_enums
 };
 
@@ -3265,11 +3324,16 @@ parse_maxttl(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
 	return (parse_enum_or_other(pctx, type, &cfg_type_ttlval, ret));
 }
 
+static void
+doc_maxttl(cfg_printer_t *pctx, const cfg_type_t *type) {
+	doc_enum_or_other(pctx, type, &cfg_type_ttlval);
+}
+
 /*%
  * A size or "unlimited", but not "default".
  */
 static const char *maxttl_enums[] = { "unlimited", NULL };
 static cfg_type_t cfg_type_maxttl = {
-	"maxttl_no_default", parse_maxttl, cfg_print_ustring, cfg_doc_terminal,
+	"maxttl_no_default", parse_maxttl, cfg_print_ustring, doc_maxttl,
 	&cfg_rep_string, maxttl_enums
 };
diff --git a/util/copyrights b/util/copyrights
index bf9244c344..59a0dda880 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -916,6 +916,7 @@
 ./bin/tests/system/checkconf/good-nested.conf	CONF-C	2015
 ./bin/tests/system/checkconf/good.conf		CONF-C	2005,2007,2010,2011,2012,2013,2014,2015
 ./bin/tests/system/checkconf/hint-nofile.conf	CONF-C	2013
+./bin/tests/system/checkconf/in-view-good.conf	CONF-C	2015
 ./bin/tests/system/checkconf/inline-bad.conf	CONF-C	2013
 ./bin/tests/system/checkconf/inline-good.conf	CONF-C	2013
 ./bin/tests/system/checkconf/inline-no.conf	CONF-C	2013
@@ -924,7 +925,9 @@
 ./bin/tests/system/checkconf/maxttl-bad.db	ZONE	2014
 ./bin/tests/system/checkconf/maxttl.db		ZONE	2014
 ./bin/tests/system/checkconf/notify.conf	CONF-C	2014
+./bin/tests/system/checkconf/portrange-good.conf	CONF-C	2015
 ./bin/tests/system/checkconf/range.conf		CONF-C	2013
+./bin/tests/system/checkconf/shared.example.db	ZONE	2015
 ./bin/tests/system/checkconf/tests.sh		SH	2005,2007,2010,2011,2012,2013,2014,2015
 ./bin/tests/system/checkconf/warn-keydir.conf	CONF-C	2013
 ./bin/tests/system/checkds/clean.sh		SH	2012,2013,2014
@@ -1726,7 +1729,7 @@
 ./bin/tests/system/resolver/ans3/ans.pl		PERL	2000,2001,2004,2007,2009,2012
 ./bin/tests/system/resolver/clean.sh		SH	2008,2009,2010,2011,2012,2013,2014
 ./bin/tests/system/resolver/edns-version.c	C	2014,2015
-./bin/tests/system/resolver/ns1/named.conf	CONF-C	2000,2001,2004,2007,2009,2013,2014
+./bin/tests/system/resolver/ns1/named.conf	CONF-C	2000,2001,2004,2007,2009,2013,2014,2015
 ./bin/tests/system/resolver/ns1/root.hint	ZONE	2000,2001,2004,2007
 ./bin/tests/system/resolver/ns4/broken.db	ZONE	2012
 ./bin/tests/system/resolver/ns4/child.server.db	ZONE	2011