diff --git a/FAQ b/FAQ
index ed6ec56b8f..29475d47a1 100644
--- a/FAQ
+++ b/FAQ
@@ -92,7 +92,7 @@ Q: I'm trying to use TSIG to authenticate dynamic updates or zone
    rejecting the TSIG. Why?
 
 A: This may be a clock skew problem. Check that the the clocks on the
-   client and server are properly synchronised (e.g., using ntp).
+   client and server are properly synchronized (e.g., using ntp).
 
 Q: I see a log message like the following. Why?
 
diff --git a/FAQ.xml b/FAQ.xml
index cd216e6ec5..8bcd677eb1 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -220,7 +220,7 @@ view "chaos" chaos {
       <answer>
 	<para>
 	  This may be a clock skew problem.  Check that the the clocks
-	  on the client and server are properly synchronised (e.g.,
+	  on the client and server are properly synchronized (e.g.,
 	  using ntp).
 	</para>
       </answer>
diff --git a/bin/dnssec/dnssec-importkey.8 b/bin/dnssec/dnssec-importkey.8
index 2d1d0b7188..d172b9340f 100644
--- a/bin/dnssec/dnssec-importkey.8
+++ b/bin/dnssec/dnssec-importkey.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-importkey \- Import DNSKEY records from external systems so they can be managed\&.
+dnssec-importkey \- import DNSKEY records from external systems so they can be managed
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-importkey\fR\ 'u
 \fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
diff --git a/bin/dnssec/dnssec-importkey.html b/bin/dnssec/dnssec-importkey.html
index 5417a5415b..94ab6a2dc3 100644
--- a/bin/dnssec/dnssec-importkey.html
+++ b/bin/dnssec/dnssec-importkey.html
@@ -24,7 +24,7 @@
 <a name="man.dnssec-importkey"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
+<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/bin/dnssec/dnssec-revoke.8 b/bin/dnssec/dnssec-revoke.8
index a8b4b09dae..284c71072d 100644
--- a/bin/dnssec/dnssec-revoke.8
+++ b/bin/dnssec/dnssec-revoke.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-revoke \- Set the REVOKED bit on a DNSSEC key
+dnssec-revoke \- set the REVOKED bit on a DNSSEC key
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-revoke\fR\ 'u
 \fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
diff --git a/bin/dnssec/dnssec-revoke.html b/bin/dnssec/dnssec-revoke.html
index b2fa32d9c2..02d65f295a 100644
--- a/bin/dnssec/dnssec-revoke.html
+++ b/bin/dnssec/dnssec-revoke.html
@@ -23,7 +23,7 @@
 <a name="man.dnssec-revoke"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
+<p><span class="application">dnssec-revoke</span> &#8212; set the REVOKED bit on a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8
index af1cfd9d76..f0905d0ee5 100644
--- a/bin/dnssec/dnssec-settime.8
+++ b/bin/dnssec/dnssec-settime.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-settime \- Set the key timing metadata for a DNSSEC key
+dnssec-settime \- set the key timing metadata for a DNSSEC key
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-settime\fR\ 'u
 \fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html
index e366fb215c..a0deaad8d1 100644
--- a/bin/dnssec/dnssec-settime.html
+++ b/bin/dnssec/dnssec-settime.html
@@ -23,7 +23,7 @@
 <a name="man.dnssec-settime"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
+<p><span class="application">dnssec-settime</span> &#8212; set the key timing metadata for a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/bin/python/dnssec-checkds.8 b/bin/python/dnssec-checkds.8
index 4706dc6ed5..540c03d545 100644
--- a/bin/python/dnssec-checkds.8
+++ b/bin/python/dnssec-checkds.8
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-dnssec-checkds \- A DNSSEC delegation consistency checking tool\&.
+dnssec-checkds \- DNSSEC delegation consistency checking tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-checkds\fR\ 'u
 \fBdnssec\-checkds\fR [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-d\ \fR\fB\fIdig\ path\fR\fR] [\fB\-D\ \fR\fB\fIdsfromkey\ path\fR\fR] {zone}
diff --git a/bin/python/dnssec-checkds.html b/bin/python/dnssec-checkds.html
index f7f49de367..df2fa892cb 100644
--- a/bin/python/dnssec-checkds.html
+++ b/bin/python/dnssec-checkds.html
@@ -23,7 +23,7 @@
 <a name="man.dnssec-checkds"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-checkds</span> &#8212; A DNSSEC delegation consistency checking tool.</p>
+<p><span class="application">dnssec-checkds</span> &#8212; DNSSEC delegation consistency checking tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/bin/tools/named-rrchecker.1 b/bin/tools/named-rrchecker.1
index 6bb7121ed8..d021a916d1 100644
--- a/bin/tools/named-rrchecker.1
+++ b/bin/tools/named-rrchecker.1
@@ -44,7 +44,7 @@
 .\" * MAIN CONTENT STARTS HERE *
 .\" -----------------------------------------------------------------
 .SH "NAME"
-named-rrchecker \- A syntax checker for individual DNS resource records
+named-rrchecker \- syntax checker for individual DNS resource records
 .SH "SYNOPSIS"
 .HP \w'\fBnamed\-rrchecker\fR\ 'u
 \fBnamed\-rrchecker\fR [\fB\-h\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-p\fR] [\fB\-u\fR] [\fB\-C\fR] [\fB\-T\fR] [\fB\-P\fR]
diff --git a/bin/tools/named-rrchecker.html b/bin/tools/named-rrchecker.html
index d828cea572..a577689ac0 100644
--- a/bin/tools/named-rrchecker.html
+++ b/bin/tools/named-rrchecker.html
@@ -24,7 +24,7 @@
 <a name="man.named-rrchecker"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-rrchecker</span> &#8212; A syntax checker for individual DNS resource records</p>
+<p><span class="application">named-rrchecker</span> &#8212; syntax checker for individual DNS resource records</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 979d6434d0..3103b8a033 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -129,12 +129,14 @@
       </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
         As a slave zone can also be a master to other slaves, <span class="command"><strong>named</strong></span>,
         by default, sends <span class="command"><strong>NOTIFY</strong></span> messages for every zone
         it loads.  Specifying <span class="command"><strong>notify master-only;</strong></span> will
         cause <span class="command"><strong>named</strong></span> to only send <span class="command"><strong>NOTIFY</strong></span> for master
         zones that it loads.
-      </div>
+      </p>
+</div>
 </div>
 <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
@@ -1059,9 +1061,11 @@ options {
 </pre>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
           None of the keys listed in this example are valid.  In particular,
           the root key is not valid.
-        </div>
+        </p>
+</div>
 <p>
           When DNSSEC validation is enabled and properly configured,
           the resolver will reject any answers from signed, secure zones
@@ -1609,12 +1613,14 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
     </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
       The latest OpenSSL versions as of this writing (January 2015)
       are 0.9.8zc, 1.0.0o, and 1.0.1j.
       ISC will provide updated patches as new versions of OpenSSL
       are released. The version number in the following examples
       is expected to change.
-    </div>
+    </p>
+</div>
 <p>
       Before building BIND 9 with PKCS#11 support, it will be
       necessary to build OpenSSL with the patch in place, and configure
@@ -1637,10 +1643,12 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8zc \
 </pre>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
-	Note that the patch file may not be compatible with the
+<p>
+	The patch file may not be compatible with the
 	"patch" utility on all operating systems. You may need to
 	install GNU patch.
-      </div>
+      </p>
+</div>
 <p>
 	When building OpenSSL, place it in a non-standard
 	location so that it does not interfere with OpenSSL libraries
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index c72b3de5e0..976f31d921 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -3580,7 +3580,6 @@ options {
                   queries.
                   Caching may still occur as an effect the server's internal
                   operation, such as NOTIFY address lookups.
-                  See also <span class="command"><strong>fetch-glue</strong></span> above.
                 </p></dd>
 <dt><span class="term"><span class="command"><strong>request-nsid</strong></span></span></dt>
 <dd><p>
@@ -4898,13 +4897,15 @@ avoid-v6-udp-ports {};
                 </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
                   If you do not wish the alternate transfer source
                   to be used, you should set
                   <span class="command"><strong>use-alt-transfer-source</strong></span>
                   appropriately and you should not depend upon
                   getting an answer back to the first refresh
                   query.
-                </div>
+                </p>
+</div>
 </dd>
 <dt><span class="term"><span class="command"><strong>alt-transfer-source-v6</strong></span></span></dt>
 <dd><p>
@@ -6234,11 +6235,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
           </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
             The real parent servers for these zones should disable all
             empty zone under the parent zone they serve.  For the real
             root servers, this is all built-in empty zones.  This will
             enable them to return referrals to deeper in the tree.
-          </div>
+          </p>
+</div>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><span class="command"><strong>empty-server</strong></span></span></dt>
 <dd><p>
@@ -8924,7 +8927,7 @@ example.com. NS ns2.example.net.
                         The <em class="replaceable"><code>name</code></em> field
                         is subject to DNS wildcard expansion, and
                         this rule matches when the name being updated
-                        name is a valid expansion of the wildcard.
+                        is a valid expansion of the wildcard.
                       </p>
                     </td>
 </tr>
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index f2971cca81..210a2091ab 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -181,10 +181,12 @@ zone "example.com" {
           </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
-            Note that if the <span class="command"><strong>named</strong></span> daemon is running as an
+<p>
+            If the <span class="command"><strong>named</strong></span> daemon is running as an
             unprivileged user, it will not be able to bind to new restricted
             ports if the server is reloaded.
-          </div>
+          </p>
+</div>
 </div>
 </div>
 <div class="section">
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 828137a0f8..b49c8710fa 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -88,7 +88,7 @@
 	  records with an incorrect class to be be accepted,
 	  triggering a REQUIRE failure when those records
 	  were subsequently cached.  This flaw is disclosed
-	  in CVE-2015-8000. [RT #4098]
+	  in CVE-2015-8000. [RT #40987]
 	</p></li>
 <li class="listitem"><p>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -194,6 +194,9 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Updated the complied in addresses for H.ROOT-SERVERS.NET.
+	</p></li>
 <li class="listitem"><p>
 	  Large inline-signing changes should be less disruptive.
 	  Signature generation is now done incrementally; the number
diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index 598e95f92a..3e73966494 100644
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -432,9 +432,13 @@ $ <strong class="userinput"><code>make</code></strong>
   </p></dd>
 </dl></div>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
-<h3 class="title">Note</h3>In practice, either -a or -r must be specified.  Others can
-   be optional; the underlying library routine tries to identify the
-   appropriate server and the zone name for the update.</div>
+<h3 class="title">Note</h3>
+<p>
+	In practice, either -a or -r must be specified.  Others can
+	be optional; the underlying library routine tries to identify the
+	appropriate server and the zone name for the update.
+   </p>
+</div>
 <p>
    Examples: assuming the primary authoritative server of the
    dynamic.example.com zone has an IPv6 address 2001:db8::1234,
diff --git a/doc/arm/Bv9ARM.ch13.html b/doc/arm/Bv9ARM.ch13.html
index 5a5d3892d2..f2ca00db02 100644
--- a/doc/arm/Bv9ARM.ch13.html
+++ b/doc/arm/Bv9ARM.ch13.html
@@ -57,7 +57,7 @@
 <span class="refentrytitle"><a href="man.delv.html">delv</a></span><span class="refpurpose"> &#8212; DNS lookup and validation utility</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; A DNSSEC delegation consistency checking tool.</span>
+<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; DNSSEC delegation consistency checking tool</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-coverage.html"><span class="application">dnssec-coverage</span></a></span><span class="refpurpose"> &#8212; checks future DNSKEY coverage for a zone</span>
@@ -66,7 +66,7 @@
 <span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
+<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; import DNSKEY records from external systems so they can be managed</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
@@ -75,10 +75,10 @@
 <span class="refentrytitle"><a href="man.dnssec-keygen.html"><span class="application">dnssec-keygen</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; Set the REVOKED bit on a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; set the REVOKED bit on a DNSSEC key</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; Set the key timing metadata for a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; set the key timing metadata for a DNSSEC key</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-signzone.html"><span class="application">dnssec-signzone</span></a></span><span class="refpurpose"> &#8212; DNSSEC zone signing tool</span>
@@ -105,7 +105,7 @@
 <span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; A syntax checker for individual DNS resource records</span>
+<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; syntax checker for individual DNS resource records</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.nsupdate.html"><span class="application">nsupdate</span></a></span><span class="refpurpose"> &#8212; Dynamic DNS update utility</span>
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index 639de81a3f..d8969a2b8d 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -287,7 +287,7 @@
 <span class="refentrytitle"><a href="man.delv.html">delv</a></span><span class="refpurpose"> &#8212; DNS lookup and validation utility</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; A DNSSEC delegation consistency checking tool.</span>
+<span class="refentrytitle"><a href="man.dnssec-checkds.html"><span class="application">dnssec-checkds</span></a></span><span class="refpurpose"> &#8212; DNSSEC delegation consistency checking tool</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-coverage.html"><span class="application">dnssec-coverage</span></a></span><span class="refpurpose"> &#8212; checks future DNSKEY coverage for a zone</span>
@@ -296,7 +296,7 @@
 <span class="refentrytitle"><a href="man.dnssec-dsfromkey.html"><span class="application">dnssec-dsfromkey</span></a></span><span class="refpurpose"> &#8212; DNSSEC DS RR generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; Import DNSKEY records from external systems so they can be managed.</span>
+<span class="refentrytitle"><a href="man.dnssec-importkey.html"><span class="application">dnssec-importkey</span></a></span><span class="refpurpose"> &#8212; import DNSKEY records from external systems so they can be managed</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-keyfromlabel.html"><span class="application">dnssec-keyfromlabel</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
@@ -305,10 +305,10 @@
 <span class="refentrytitle"><a href="man.dnssec-keygen.html"><span class="application">dnssec-keygen</span></a></span><span class="refpurpose"> &#8212; DNSSEC key generation tool</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; Set the REVOKED bit on a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-revoke.html"><span class="application">dnssec-revoke</span></a></span><span class="refpurpose"> &#8212; set the REVOKED bit on a DNSSEC key</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; Set the key timing metadata for a DNSSEC key</span>
+<span class="refentrytitle"><a href="man.dnssec-settime.html"><span class="application">dnssec-settime</span></a></span><span class="refpurpose"> &#8212; set the key timing metadata for a DNSSEC key</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.dnssec-signzone.html"><span class="application">dnssec-signzone</span></a></span><span class="refpurpose"> &#8212; DNSSEC zone signing tool</span>
@@ -335,7 +335,7 @@
 <span class="refentrytitle"><a href="man.named-journalprint.html"><span class="application">named-journalprint</span></a></span><span class="refpurpose"> &#8212; print zone journal in human-readable form</span>
 </dt>
 <dt>
-<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; A syntax checker for individual DNS resource records</span>
+<span class="refentrytitle"><a href="man.named-rrchecker.html"><span class="application">named-rrchecker</span></a></span><span class="refpurpose"> &#8212; syntax checker for individual DNS resource records</span>
 </dt>
 <dt>
 <span class="refentrytitle"><a href="man.nsupdate.html"><span class="application">nsupdate</span></a></span><span class="refpurpose"> &#8212; Dynamic DNS update utility</span>
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 7375aae20c..a92b2f740b 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-checkds"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-checkds</span> &#8212; A DNSSEC delegation consistency checking tool.</p>
+<p><span class="application">dnssec-checkds</span> &#8212; DNSSEC delegation consistency checking tool</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
index e9fd67ce20..191926ee37 100644
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-importkey"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
+<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index efdc809cb9..7111956b47 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-revoke"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
+<p><span class="application">dnssec-revoke</span> &#8212; set the REVOKED bit on a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index 43dab9a74f..bf3bbee849 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -42,7 +42,7 @@
 <a name="man.dnssec-settime"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
+<p><span class="application">dnssec-settime</span> &#8212; set the key timing metadata for a DNSSEC key</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html
index c5bf42d2e0..54d339be5f 100644
--- a/doc/arm/man.named-rrchecker.html
+++ b/doc/arm/man.named-rrchecker.html
@@ -42,7 +42,7 @@
 <a name="man.named-rrchecker"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
-<p><span class="application">named-rrchecker</span> &#8212; A syntax checker for individual DNS resource records</p>
+<p><span class="application">named-rrchecker</span> &#8212; syntax checker for individual DNS resource records</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index fe430cced2..c2308cf90f 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -49,7 +49,7 @@
 	  records with an incorrect class to be be accepted,
 	  triggering a REQUIRE failure when those records
 	  were subsequently cached.  This flaw is disclosed
-	  in CVE-2015-8000. [RT #4098]
+	  in CVE-2015-8000. [RT #40987]
 	</p></li>
 <li class="listitem"><p>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -155,6 +155,9 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Updated the complied in addresses for H.ROOT-SERVERS.NET.
+	</p></li>
 <li class="listitem"><p>
 	  Large inline-signing changes should be less disruptive.
 	  Signature generation is now done incrementally; the number