From: Tinderbox User <tbox@isc.org>
Date: Mon, 21 May 2018 19:59:10 +0000 (+0000)
Subject: regenerate doc
X-Git-Tag: v9.13.0~5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9536688b371cb394e5af52ea4fcedc2d5728e484;p=thirdparty%2Fbind9.git

regenerate doc
---

diff --git a/HISTORY b/HISTORY
index 238e2634155..e56a44d4436 100644
--- a/HISTORY
+++ b/HISTORY
@@ -522,4 +522,3 @@ BIND 9.2.0
     DNSSEC implementation is still considered experimental. For detailed
     information about the state of the DNSSEC implementation, see the file
     doc/misc/dnssec.
-
diff --git a/OPTIONS b/OPTIONS
index 21e74d4264a..340b53db672 100644
--- a/OPTIONS
+++ b/OPTIONS
@@ -24,4 +24,3 @@ Setting                   Description
                           may be useful when debugging
 -DISC_HEAP_CHECK          Test heap consistency after every heap
                           operation; used when debugging
-
diff --git a/bin/check/named-checkconf.8 b/bin/check/named-checkconf.8
index 03f2b9c7cc7..364548887e1 100644
--- a/bin/check/named-checkconf.8
+++ b/bin/check/named-checkconf.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -136,5 +136,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/check/named-checkconf.html b/bin/check/named-checkconf.html
index 42e99b42a4f..8862b74580e 100644
--- a/bin/check/named-checkconf.html
+++ b/bin/check/named-checkconf.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/check/named-checkzone.8 b/bin/check/named-checkzone.8
index 8bd8cfcefc0..281bea4b55f 100644
--- a/bin/check/named-checkzone.8
+++ b/bin/check/named-checkzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -325,5 +325,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/check/named-checkzone.html b/bin/check/named-checkzone.html
index 491f0892c0c..a1d9c4bfb94 100644
--- a/bin/check/named-checkzone.html
+++ b/bin/check/named-checkzone.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/confgen/ddns-confgen.8 b/bin/confgen/ddns-confgen.8
index beb417a8dbb..ad59cf031d5 100644
--- a/bin/confgen/ddns-confgen.8
+++ b/bin/confgen/ddns-confgen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 ddns-confgen \- ddns key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBtsig\-keygen\fR\ 'u
-\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [name]
+\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [name]
 .HP \w'\fBddns\-confgen\fR\ 'u
 \fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-q\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR]
 .SH "DESCRIPTION"
@@ -109,17 +109,6 @@ only\&.) Quiet mode: Print only the key, with no explanatory text or usage examp
 \fBtsig\-keygen\fR\&.
 .RE
 .PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
 \-s \fIname\fR
 .RS 4
 (\fBddns\-confgen\fR
@@ -155,5 +144,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/confgen/ddns-confgen.html b/bin/confgen/ddns-confgen.html
index 9fcc8bf910a..5a82f8d60b9 100644
--- a/bin/confgen/ddns-confgen.html
+++ b/bin/confgen/ddns-confgen.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -35,7 +35,6 @@
       <code class="command">tsig-keygen</code> 
        [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
        [<code class="option">-h</code>]
-       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
        [name]
     </p></div>
     <div class="cmdsynopsis"><p>
@@ -136,20 +135,6 @@
             This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
 	  </p>
 	</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
-	  <p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <code class="filename">/dev/random</code> or equivalent device, the
-            default source of randomness is keyboard input.
-            <code class="filename">randomdev</code> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard input
-            should be used.
-	  </p>
-	</dd>
 <dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
 <dd>
 	  <p>
diff --git a/bin/confgen/rndc-confgen.8 b/bin/confgen/rndc-confgen.8
index 64de0e3d0f3..e983ed87fc5 100644
--- a/bin/confgen/rndc-confgen.8
+++ b/bin/confgen/rndc-confgen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 rndc-confgen \- rndc key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBrndc\-confgen\fR\ 'u
-\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
+\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
 .SH "DESCRIPTION"
 .PP
 \fBrndc\-confgen\fR
@@ -147,17 +147,6 @@ listens for connections from
 \fBrndc\fR\&. The default is 953\&.
 .RE
 .PP
-\-r \fIrandomfile\fR
-.RS 4
-Specifies a source of random data for generating the authorization\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
 \-s \fIaddress\fR
 .RS 4
 Specifies the IP address where
@@ -217,5 +206,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/confgen/rndc-confgen.html b/bin/confgen/rndc-confgen.html
index eb7d05139dc..98da8286d2f 100644
--- a/bin/confgen/rndc-confgen.html
+++ b/bin/confgen/rndc-confgen.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -40,7 +40,6 @@
        [<code class="option">-h</code>]
        [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
        [<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
        [<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
        [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
        [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
@@ -154,21 +153,6 @@
             The default is 953.
           </p>
         </dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
-          <p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating
-            system does not provide a <code class="filename">/dev/random</code>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <code class="filename">randomdev</code>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard
-            input should be used.
-          </p>
-        </dd>
 <dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
 <dd>
           <p>
diff --git a/bin/delv/delv.1 b/bin/delv/delv.1
index 232767c97b4..33311b645de 100644
--- a/bin/delv/delv.1
+++ b/bin/delv/delv.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -437,5 +437,5 @@ RFC5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/delv/delv.html b/bin/delv/delv.html
index d19f23da11c..7f16a0ee317 100644
--- a/bin/delv/delv.html
+++ b/bin/delv/delv.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dig/dig.1 b/bin/dig/dig.1
index 6fcebe99e48..3af79f457f5 100644
--- a/bin/dig/dig.1
+++ b/bin/dig/dig.1
@@ -176,7 +176,7 @@ using the command\-line interface\&.
 .PP
 \-i
 .RS 4
-Do reverse IPv6 lookups using the obsolete RFC1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC2874) are not attempted\&.
+Do reverse IPv6 lookups using the obsolete RFC 1886 IP6\&.INT domain, which is no longer in use\&. Obsolete bit string label queries (RFC 2874) are not attempted\&.
 .RE
 .PP
 \-k \fIkeyfile\fR
@@ -210,13 +210,15 @@ from other arguments\&.
 .PP
 \-t \fItype\fR
 .RS 4
-The resource record type to query\&. It can be any valid query type which is supported in BIND 9\&. The default query type is "A", unless the
+The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
 \fB\-x\fR
 option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
 \fItype\fR
 to
 ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
 \fIN\fR\&.
+.sp
+All resource record types can be expressed as "TYPEnn", where "nn" is the number of the type\&. If the resource record type is not supported in BIND 9, the result will be displayed as described in RFC 3597\&.
 .RE
 .PP
 \-u
@@ -464,6 +466,11 @@ Show [or do not show] the IP address and port number that supplied the answer wh
 option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
 .RE
 .PP
+\fB+[no]idnin\fR
+.RS 4
+Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to process IDN input\&.
+.RE
+.PP
 \fB+[no]idnout\fR
 .RS 4
 Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&. The default is to convert output\&.
@@ -525,7 +532,7 @@ Include an EDNS name server ID request when sending a query\&.
 .RS 4
 When this option is set,
 \fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&.
+attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&. Addresses of servers that that did not respond are also printed\&.
 .RE
 .PP
 \fB+[no]onesoa\fR
@@ -557,6 +564,11 @@ Print [do not print] the query as it is sent\&. By default, the query is not pri
 Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
 .RE
 .PP
+\fB+[no]raflag\fR
+.RS 4
+Set [do not set] the RA (Recursion Available) bit in the query\&. The default is +noraflag\&. This bit should be ignored by the server for QUERY\&.
+.RE
+.PP
 \fB+[no]rdflag\fR
 .RS 4
 A synonym for
@@ -646,6 +658,11 @@ for short, sends an EDNS CLIENT\-SUBNET option with an empty address and a sourc
 be used when resolving this query\&.
 .RE
 .PP
+\fB+[no]tcflag\fR
+.RS 4
+Set [do not set] the TC (TrunCation) bit in the query\&. The default is +notcflag\&. This bit should be ignored by the server for QUERY\&.
+.RE
+.PP
 \fB+[no]tcp\fR
 .RS 4
 Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless a type
@@ -775,11 +792,10 @@ If
 \fBdig\fR
 has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
 \fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, defines the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBdig\fR
-runs\&.
+appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
+\fI+noidnin\fR
+and
+\fI+noidnout\fR\&.
 .SH "FILES"
 .PP
 /etc/resolv\&.conf
@@ -791,7 +807,7 @@ ${HOME}/\&.digrc
 \fBhost\fR(1),
 \fBnamed\fR(8),
 \fBdnssec-keygen\fR(8),
-RFC1035\&.
+RFC 1035\&.
 .SH "BUGS"
 .PP
 There are probably too many query options\&.
diff --git a/bin/dig/dig.html b/bin/dig/dig.html
index 941f10a9556..aebcc98469f 100644
--- a/bin/dig/dig.html
+++ b/bin/dig/dig.html
@@ -230,9 +230,9 @@
 <dt><span class="term">-i</span></dt>
 <dd>
 	  <p>
-	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+	    Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
 	    domain, which is no longer in use. Obsolete bit string
-	    label queries (RFC2874) are not attempted.
+	    label queries (RFC 2874) are not attempted.
 	  </p>
 	</dd>
 <dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
@@ -277,11 +277,12 @@
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd>
 	  <p>
-	    The resource record type to query. It can be any valid query type
-	    which is
-	    supported in BIND 9.  The default query type is "A", unless the
-	    <code class="option">-x</code> option is supplied to indicate a reverse lookup.
-	    A zone transfer can be requested by specifying a type of AXFR.  When
+	    The resource record type to query. It can be any valid query
+	    type.  If it is a resource record type supported in BIND 9, it
+	    can be given by the type mnemonic (such as "NS" or "AAAA").
+	    The default query type is "A", unless the <code class="option">-x</code>
+	    option is supplied to indicate a reverse lookup.  A zone
+	    transfer can be requested by specifying a type of AXFR.  When
 	    an incremental zone transfer (IXFR) is required, set the
 	    <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
 	    The incremental zone transfer will contain the changes
@@ -289,6 +290,12 @@
 	    record was
 	    <em class="parameter"><code>N</code></em>.
 	  </p>
+	  <p>
+	    All resource record types can be expressed as "TYPEnn", where
+	    "nn" is the number of the type. If the resource record type is
+	    not supported in BIND 9, the result will be displayed as
+	    described in RFC 3597.
+	  </p>
 	</dd>
 <dt><span class="term">-u</span></dt>
 <dd>
@@ -619,6 +626,14 @@
 	      server that provided the answer.
 	    </p>
 	  </dd>
+<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
+<dd>
+	    <p>
+	      Process [do not process] IDN domain names on input.
+	      This requires IDN SUPPORT to have been enabled at
+	      compile time.  The default is to process IDN input.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
 <dd>
 	    <p>
@@ -695,7 +710,8 @@
 	      attempts to find the authoritative name servers for
 	      the zone containing the name being looked up and
 	      display the SOA record that each name server has for
-	      the zone.
+	      the zone. Addresses of servers that that did not
+	      respond are also printed.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
@@ -742,6 +758,14 @@
 	      the question section as a comment.
 	    </p>
 	  </dd>
+<dt><span class="term"><code class="option">+[no]raflag</code></span></dt>
+<dd>
+	    <p>
+	      Set [do not set] the RA (Recursion Available) bit in
+	      the query. The default is +noraflag. This bit should
+	      be ignored by the server for QUERY.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
 <dd>
 	    <p>
@@ -811,7 +835,7 @@
 <dd>
 	    <p>
 	      This feature is now obsolete and has been removed;
-              use <span class="command"><strong>delv</strong></span> instead.
+	      use <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+split=W</code></span></dt>
@@ -852,6 +876,14 @@
 	      this query.
 	    </p>
 	  </dd>
+<dt><span class="term"><code class="option">+[no]tcflag</code></span></dt>
+<dd>
+	    <p>
+	      Set [do not set] the TC (TrunCation) bit in the query.
+	      The default is +notcflag.  This bit should be ignored
+	      by the server for QUERY.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd>
 	    <p>
@@ -878,8 +910,8 @@
 <dd>
 	    <p>
 	      This feature is related to <span class="command"><strong>dig +sigchase</strong></span>,
-              which is obsolete and has been removed. Use
-              <span class="command"><strong>delv</strong></span> instead.
+	      which is obsolete and has been removed. Use
+	      <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]trace</code></span></dt>
@@ -915,9 +947,9 @@
 <dd>
 	    <p>
 	      Formerly specified trusted keys for use with
-              <span class="command"><strong>dig +sigchase</strong></span>.  This feature is now
-              obsolete and has been removed; use
-              <span class="command"><strong>delv</strong></span> instead.
+	      <span class="command"><strong>dig +sigchase</strong></span>.  This feature is now
+	      obsolete and has been removed; use
+	      <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
@@ -1027,10 +1059,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <span class="command"><strong>dig</strong></span> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, defines
-      the <code class="envar">IDN_DISABLE</code> environment variable.
-      The IDN support is disabled if the variable is set when
-      <span class="command"><strong>dig</strong></span> runs.
+      If you'd like to turn off the IDN support for some reason, use
+      parameters <em class="parameter"><code>+noidnin</code></em> and
+      <em class="parameter"><code>+noidnout</code></em>.
     </p>
   </div>
 
@@ -1058,7 +1089,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <span class="citerefentry">
 	<span class="refentrytitle">dnssec-keygen</span>(8)
       </span>,
-      <em class="citetitle">RFC1035</em>.
+      <em class="citetitle">RFC 1035</em>.
     </p>
   </div>
 
diff --git a/bin/dig/host.1 b/bin/dig/host.1
index 307b7880b3d..0bd8ff1b983 100644
--- a/bin/dig/host.1
+++ b/bin/dig/host.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -274,5 +274,5 @@ runs\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dig/host.html b/bin/dig/host.html
index c355d95b39b..c8a9a3fa5d7 100644
--- a/bin/dig/host.html
+++ b/bin/dig/host.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dig/nslookup.1 b/bin/dig/nslookup.1
index 701e5bd4380..e95e3aa0b52 100644
--- a/bin/dig/nslookup.1
+++ b/bin/dig/nslookup.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -290,5 +290,5 @@ returns with an exit status of 1 if any query failed, and 0 otherwise\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dig/nslookup.html b/bin/dig/nslookup.html
index 562e1bf2d38..1ce24f5d528 100644
--- a/bin/dig/nslookup.html
+++ b/bin/dig/nslookup.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2004-2007, 2010, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dnssec/dnssec-dsfromkey.8 b/bin/dnssec/dnssec-dsfromkey.8
index a84a546a67d..942c657b7a2 100644
--- a/bin/dnssec/dnssec-dsfromkey.8
+++ b/bin/dnssec/dnssec-dsfromkey.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -178,5 +178,5 @@ RFC 4509\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dnssec/dnssec-dsfromkey.html b/bin/dnssec/dnssec-dsfromkey.html
index d6ef854ab54..cb0c9b66d77 100644
--- a/bin/dnssec/dnssec-dsfromkey.html
+++ b/bin/dnssec/dnssec-dsfromkey.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dnssec/dnssec-importkey.8 b/bin/dnssec/dnssec-importkey.8
index fb6c50a8ce1..05e56121518 100644
--- a/bin/dnssec/dnssec-importkey.8
+++ b/bin/dnssec/dnssec-importkey.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -134,5 +134,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dnssec/dnssec-importkey.html b/bin/dnssec/dnssec-importkey.html
index 4248295c55e..8becbae2d0e 100644
--- a/bin/dnssec/dnssec-importkey.html
+++ b/bin/dnssec/dnssec-importkey.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dnssec/dnssec-keyfromlabel.8 b/bin/dnssec/dnssec-keyfromlabel.8
index f3aba1bf344..d444567da73 100644
--- a/bin/dnssec/dnssec-keyfromlabel.8
+++ b/bin/dnssec/dnssec-keyfromlabel.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -307,5 +307,5 @@ The PKCS#11 URI Scheme (draft\-pechanec\-pkcs11uri\-13)\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dnssec/dnssec-keyfromlabel.html b/bin/dnssec/dnssec-keyfromlabel.html
index 7f12b15279c..05e32c9fce4 100644
--- a/bin/dnssec/dnssec-keyfromlabel.html
+++ b/bin/dnssec/dnssec-keyfromlabel.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2008-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dnssec/dnssec-keygen.8 b/bin/dnssec/dnssec-keygen.8
index f15a20ed580..0aef038c8ec 100644
--- a/bin/dnssec/dnssec-keygen.8
+++ b/bin/dnssec/dnssec-keygen.8
@@ -39,7 +39,7 @@
 dnssec-keygen \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-keygen\fR\ 'u
-\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
+\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-V\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
@@ -178,21 +178,6 @@ stderr
 indicating the progress of the key generation\&. A \*(Aq\&.\*(Aq indicates that a random number has been found which passed an initial sieve test; \*(Aq+\*(Aq means a number has passed a single round of the Miller\-Rabin primality test; a space means that the number has passed all the tests and is a satisfactory key\&.
 .RE
 .PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies a source of randomness\&. Normally, when generating DNSSEC keys, this option has no effect; the random number generation function provided by the cryptographic library will be used\&.
-.sp
-If that behavior is disabled at compile time, however, the specified file will be used as entropy source for key generation\&.
-randomdev
-is the name of a character device or file containing random data to be used\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.sp
-The default is
-/dev/random
-if the operating system provides it or an equivalent device; if not, the default source of randomness is keyboard input\&.
-.RE
-.PP
 \-S \fIkey\fR
 .RS 4
 Create a new key which is an explicit successor to an existing key\&. The name, algorithm, size, and type of the key will be set to match the existing key\&. The activation date of the new key will be set to the inactivation date of the existing one\&. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days\&.
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index 12e76de1bcb..19e3e83b4be 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -57,7 +57,6 @@
        [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>]
        [<code class="option">-q</code>]
        [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
        [<code class="option">-S <em class="replaceable"><code>key</code></em></code>]
        [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>]
        [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
@@ -279,28 +278,6 @@
 	    a satisfactory key.
 	  </p>
 	</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-	  <p>
-	    Specifies a source of randomness.  Normally, when generating
-	    DNSSEC keys, this option has no effect; the random number
-	    generation function provided by the cryptographic library will
-	    be used.
-	  </p>
-	  <p>
-	    If that behavior is disabled at compile time, however,
-	    the specified file will be used as entropy source
-	    for key generation.  <code class="filename">randomdev</code> is
-	    the name of a character device or file containing random
-	    data to be used.  The special value <code class="filename">keyboard</code>
-	    indicates that keyboard input should be used.
-	  </p>
-	  <p>
-	    The default is <code class="filename">/dev/random</code> if the
-	    operating system provides it or an equivalent device;
-	    if not, the default source of randomness is keyboard input.
-	  </p>
-	</dd>
 <dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
 <dd>
 	  <p>
diff --git a/bin/dnssec/dnssec-revoke.8 b/bin/dnssec/dnssec-revoke.8
index bd8ec5984ee..b175b84b14c 100644
--- a/bin/dnssec/dnssec-revoke.8
+++ b/bin/dnssec/dnssec-revoke.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -99,5 +99,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dnssec/dnssec-revoke.html b/bin/dnssec/dnssec-revoke.html
index c54f868858c..f85220c1754 100644
--- a/bin/dnssec/dnssec-revoke.html
+++ b/bin/dnssec/dnssec-revoke.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dnssec/dnssec-settime.8 b/bin/dnssec/dnssec-settime.8
index 4927bdf9741..f71288dd0b6 100644
--- a/bin/dnssec/dnssec-settime.8
+++ b/bin/dnssec/dnssec-settime.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -200,5 +200,5 @@ RFC 5011\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dnssec/dnssec-settime.html b/bin/dnssec/dnssec-settime.html
index c5bb382fa0f..289b02c2938 100644
--- a/bin/dnssec/dnssec-settime.html
+++ b/bin/dnssec/dnssec-settime.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009-2011, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/dnssec/dnssec-signzone.8 b/bin/dnssec/dnssec-signzone.8
index 2f34646d677..4808cbe538d 100644
--- a/bin/dnssec/dnssec-signzone.8
+++ b/bin/dnssec/dnssec-signzone.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 dnssec-signzone \- DNSSEC zone signing tool
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-signzone\fR\ 'u
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-M\ \fR\fB\fImaxttl\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-Q\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-M\ \fR\fB\fImaxttl\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-Q\fR] [\fB\-R\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-signzone\fR
@@ -278,11 +278,6 @@ specifies the format version of the raw zone file: if N is 0, the raw file can b
 \fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher; the default is 1\&.
 .RE
 .PP
-\-p
-.RS 4
-Use pseudo\-random data when signing the zone\&. This is faster, but less secure, than using real random data\&. This option may be useful when signing large zones or when the entropy source is limited\&.
-.RE
-.PP
 \-P
 .RS 4
 Disable post sign verification tests\&.
@@ -311,17 +306,6 @@ This option is similar to
 to signatures from keys that are no longer published\&. This enables ZSK rollover using the procedure described in RFC 4641, section 4\&.2\&.1\&.2 ("Double Signature Zone Signing Key Rollover")\&.
 .RE
 .PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies the source of randomness\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&.
-.RE
-.PP
 \-S
 .RS 4
 Smart signing: Instructs
@@ -484,5 +468,5 @@ RFC 4641\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dnssec/dnssec-signzone.html b/bin/dnssec/dnssec-signzone.html
index 23b5d382fa4..988a7a52c80 100644
--- a/bin/dnssec/dnssec-signzone.html
+++ b/bin/dnssec/dnssec-signzone.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2009, 2011-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2009, 2011-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -54,10 +54,8 @@
        [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>]
        [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>]
        [<code class="option">-P</code>]
-       [<code class="option">-p</code>]
        [<code class="option">-Q</code>]
        [<code class="option">-R</code>]
-       [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
        [<code class="option">-S</code>]
        [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>]
        [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>]
@@ -444,20 +442,6 @@
             ("Double Signature Zone Signing Key Rollover").
           </p>
         </dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-          <p>
-            Specifies the source of randomness.  If the operating
-            system does not provide a <code class="filename">/dev/random</code>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <code class="filename">randomdev</code>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard
-            input should be used.
-          </p>
-        </dd>
 <dt><span class="term">-S</span></dt>
 <dd>
           <p>
diff --git a/bin/dnssec/dnssec-verify.8 b/bin/dnssec/dnssec-verify.8
index ab677973565..1b1bf35d569 100644
--- a/bin/dnssec/dnssec-verify.8
+++ b/bin/dnssec/dnssec-verify.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -113,5 +113,5 @@ RFC 4033\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/dnssec/dnssec-verify.html b/bin/dnssec/dnssec-verify.html
index 7a31186c852..7f94a133506 100644
--- a/bin/dnssec/dnssec-verify.html
+++ b/bin/dnssec/dnssec-verify.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2012, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/named/named.8 b/bin/named/named.8
index 80f2acb25d7..86df7f28e9a 100644
--- a/bin/named/named.8
+++ b/bin/named/named.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -378,5 +378,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/named/named.html b/bin/named/named.html
index db18c21799e..bdadcdb8e3e 100644
--- a/bin/named/named.html
+++ b/bin/named/named.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2003-2009, 2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
index 0278cd8163f..2706fef8fd5 100644
--- a/bin/nsupdate/nsupdate.1
+++ b/bin/nsupdate/nsupdate.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 nsupdate \- Dynamic DNS update utility
 .SH "SYNOPSIS"
 .HP \w'\fBnsupdate\fR\ 'u
-\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [\fB\-i\fR] [\fB\-L\ \fR\fB\fIlevel\fR\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [\fB\-T\fR] [\fB\-P\fR] [\fB\-V\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [filename]
+\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [\fB\-i\fR] [\fB\-L\ \fR\fB\fIlevel\fR\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-l\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-v\fR] [\fB\-T\fR] [\fB\-P\fR] [\fB\-V\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [filename]
 .SH "DESCRIPTION"
 .PP
 \fBnsupdate\fR
@@ -160,17 +160,6 @@ option\&.
 The number of UDP retries\&. The default is 3\&. If zero, only one update request will be made\&.
 .RE
 .PP
-\-R \fIrandomdev\fR
-.RS 4
-Where to obtain randomness\&. If the operating system does not provide a
-/dev/random
-or equivalent device, the default source of randomness is keyboard input\&.
-randomdev
-specifies the name of a character device or file containing random data to be used instead of the default\&. The special value
-keyboard
-indicates that keyboard input should be used\&. This option may be specified multiple times\&.
-.RE
-.PP
 \-t \fItimeout\fR
 .RS 4
 The maximum time an update request can take before it is aborted\&. The default is 300 seconds\&. Zero can be used to disable the timeout\&.
@@ -530,5 +519,5 @@ The TSIG key is redundantly stored in two separate files\&. This is a consequenc
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index 350a7c95651..0bb9d51c932 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000-2012, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000-2012, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -46,7 +46,6 @@
        [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>]
        [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>]
        [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>]
-       [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>]
        [<code class="option">-v</code>]
        [<code class="option">-T</code>]
        [<code class="option">-P</code>]
@@ -214,19 +213,6 @@
 	    one update request will be made.
 	  </p>
 	</dd>
-<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-	<p>
-	  Where to obtain randomness. If the operating system
-	  does not provide a <code class="filename">/dev/random</code> or
-	  equivalent device, the default source of randomness is keyboard
-	  input.  <code class="filename">randomdev</code> specifies the name of
-	  a character device or file containing random data to be used
-	  instead of the default.  The special value
-	  <code class="filename">keyboard</code> indicates that keyboard input
-	  should be used.  This option may be specified multiple times.
-	</p>
-	</dd>
 <dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>
 <dd>
 	  <p>
diff --git a/bin/pkcs11/pkcs11-destroy.8 b/bin/pkcs11/pkcs11-destroy.8
index 7fdef2e3256..e34bcb18077 100644
--- a/bin/pkcs11/pkcs11-destroy.8
+++ b/bin/pkcs11/pkcs11-destroy.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -93,5 +93,5 @@ Specify how long to pause before carrying out key destruction\&. The default is
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/pkcs11/pkcs11-destroy.html b/bin/pkcs11/pkcs11-destroy.html
index 8f9f75af1cb..9e3c59c1b32 100644
--- a/bin/pkcs11/pkcs11-destroy.html
+++ b/bin/pkcs11/pkcs11-destroy.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/pkcs11/pkcs11-keygen.8 b/bin/pkcs11/pkcs11-keygen.8
index 83f3a882fd9..6271d482f20 100644
--- a/bin/pkcs11/pkcs11-keygen.8
+++ b/bin/pkcs11/pkcs11-keygen.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -116,5 +116,5 @@ Open the session with the given PKCS#11 slot\&. The default is slot 0\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/pkcs11/pkcs11-keygen.html b/bin/pkcs11/pkcs11-keygen.html
index 311b098a249..873f5607089 100644
--- a/bin/pkcs11/pkcs11-keygen.html
+++ b/bin/pkcs11/pkcs11-keygen.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/pkcs11/pkcs11-list.8 b/bin/pkcs11/pkcs11-list.8
index 87bcb9e29bf..97042aaaad7 100644
--- a/bin/pkcs11/pkcs11-list.8
+++ b/bin/pkcs11/pkcs11-list.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -94,5 +94,5 @@ will prompt for it\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/pkcs11/pkcs11-list.html b/bin/pkcs11/pkcs11-list.html
index ae741ce9435..535fb3db4e7 100644
--- a/bin/pkcs11/pkcs11-list.html
+++ b/bin/pkcs11/pkcs11-list.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/pkcs11/pkcs11-tokens.8 b/bin/pkcs11/pkcs11-tokens.8
index caf32dba52d..86f51499fe9 100644
--- a/bin/pkcs11/pkcs11-tokens.8
+++ b/bin/pkcs11/pkcs11-tokens.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -65,5 +65,5 @@ Make the PKCS#11 libisc initialization verbose\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/pkcs11/pkcs11-tokens.html b/bin/pkcs11/pkcs11-tokens.html
index 7bf89c06289..e6c3b5a31ad 100644
--- a/bin/pkcs11/pkcs11-tokens.html
+++ b/bin/pkcs11/pkcs11-tokens.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/python/dnssec-checkds.8 b/bin/python/dnssec-checkds.8
index c9e7f047bf1..5c2b3ec04ca 100644
--- a/bin/python/dnssec-checkds.8
+++ b/bin/python/dnssec-checkds.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -87,5 +87,5 @@ binary\&. Used for testing\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2012-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/python/dnssec-checkds.html b/bin/python/dnssec-checkds.html
index 48fc192f159..67d42715946 100644
--- a/bin/python/dnssec-checkds.html
+++ b/bin/python/dnssec-checkds.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2012-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2012-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/python/dnssec-coverage.8 b/bin/python/dnssec-coverage.8
index a4a5eb1cfd1..f4b885ed14b 100644
--- a/bin/python/dnssec-coverage.8
+++ b/bin/python/dnssec-coverage.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -152,5 +152,5 @@ binary\&. Used for testing\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/python/dnssec-coverage.html b/bin/python/dnssec-coverage.html
index cf323444f8a..b3d8263dff5 100644
--- a/bin/python/dnssec-coverage.html
+++ b/bin/python/dnssec-coverage.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/python/dnssec-keymgr.8 b/bin/python/dnssec-keymgr.8
index 97122299462..45bd51061e9 100644
--- a/bin/python/dnssec-keymgr.8
+++ b/bin/python/dnssec-keymgr.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -39,7 +39,7 @@
 dnssec-keymgr \- Ensures correct DNSKEY coverage for a zone based on a defined policy
 .SH "SYNOPSIS"
 .HP \w'\fBdnssec\-keymgr\fR\ 'u
-\fBdnssec\-keymgr\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-c\ \fR\fB\fIfile\fR\fR] [\fB\-f\fR] [\fB\-k\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-z\fR] [\fB\-g\ \fR\fB\fIpath\fR\fR] [\fB\-r\ \fR\fB\fIpath\fR\fR] [\fB\-s\ \fR\fB\fIpath\fR\fR] [zone...]
+\fBdnssec\-keymgr\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-c\ \fR\fB\fIfile\fR\fR] [\fB\-f\fR] [\fB\-k\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-z\fR] [\fB\-g\ \fR\fB\fIpath\fR\fR] [\fB\-s\ \fR\fB\fIpath\fR\fR] [zone...]
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keymgr\fR
@@ -123,15 +123,6 @@ and
 \fBdnssec\-settime\fR\&.
 .RE
 .PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies a path to a file containing random data\&. This is passed to the
-\fBdnssec\-keygen\fR
-binary using its
-\fB\-r\fR
-option\&.
-.RE
-.PP
 \-s \fIsettime\-path\fR
 .RS 4
 Specifies a path to a
@@ -297,5 +288,5 @@ Allow configuration of standby keys and use of the REVOKE bit, for keys that use
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/python/dnssec-keymgr.html b/bin/python/dnssec-keymgr.html
index daeaf761b82..726c22c1ac5 100644
--- a/bin/python/dnssec-keymgr.html
+++ b/bin/python/dnssec-keymgr.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -41,7 +41,6 @@
        [<code class="option">-v</code>]
        [<code class="option">-z</code>]
        [<code class="option">-g <em class="replaceable"><code>path</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>path</code></em></code>]
        [<code class="option">-s <em class="replaceable"><code>path</code></em></code>]
        [zone...]
     </p></div>
@@ -160,15 +159,6 @@
 	    and <span class="command"><strong>dnssec-settime</strong></span>.
 	  </p>
 	</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-	  <p>
-	    Specifies a path to a file containing random data.
-	    This is passed to the <span class="command"><strong>dnssec-keygen</strong></span> binary
-	    using its <code class="option">-r</code> option.
-
-	  </p>
-	</dd>
 <dt><span class="term">-s <em class="replaceable"><code>settime-path</code></em></span></dt>
 <dd>
 	  <p>
diff --git a/bin/rndc/rndc.conf.5 b/bin/rndc/rndc.conf.5
index 537063e69c2..7e4ca84714a 100644
--- a/bin/rndc/rndc.conf.5
+++ b/bin/rndc/rndc.conf.5
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -230,5 +230,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/rndc/rndc.conf.html b/bin/rndc/rndc.conf.html
index 8c51be80cea..f0af8f973c5 100644
--- a/bin/rndc/rndc.conf.html
+++ b/bin/rndc/rndc.conf.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2000, 2001, 2004, 2005, 2007, 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/tools/arpaname.1 b/bin/tools/arpaname.1
index 59662b635b9..49bfa2cf1f1 100644
--- a/bin/tools/arpaname.1
+++ b/bin/tools/arpaname.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -52,5 +52,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/tools/arpaname.html b/bin/tools/arpaname.html
index 7024a126c55..c1f7399711a 100644
--- a/bin/tools/arpaname.html
+++ b/bin/tools/arpaname.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/tools/dnstap-read.1 b/bin/tools/dnstap-read.1
index c37ac379b0b..8a8edf05c1c 100644
--- a/bin/tools/dnstap-read.1
+++ b/bin/tools/dnstap-read.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -91,5 +91,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/tools/dnstap-read.html b/bin/tools/dnstap-read.html
index 646bd695409..cc6e67c2a97 100644
--- a/bin/tools/dnstap-read.html
+++ b/bin/tools/dnstap-read.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/tools/mdig.1 b/bin/tools/mdig.1
index 93b5aa5fc44..5f7658d3307 100644
--- a/bin/tools/mdig.1
+++ b/bin/tools/mdig.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -404,5 +404,5 @@ RFC1035\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2015-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/tools/mdig.html b/bin/tools/mdig.html
index dc0e8eb70ad..3c866ff7dbe 100644
--- a/bin/tools/mdig.html
+++ b/bin/tools/mdig.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2015-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2015-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/tools/named-journalprint.8 b/bin/tools/named-journalprint.8
index e5393f6be04..8bddb6f0b9f 100644
--- a/bin/tools/named-journalprint.8
+++ b/bin/tools/named-journalprint.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -64,5 +64,5 @@ BIND 9 Administrator Reference Manual\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/tools/named-journalprint.html b/bin/tools/named-journalprint.html
index 4bba221b8dc..24ec3f2e5ae 100644
--- a/bin/tools/named-journalprint.html
+++ b/bin/tools/named-journalprint.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/tools/named-nzd2nzf.8 b/bin/tools/named-nzd2nzf.8
index c9ed0ba9482..fa81a798710 100644
--- a/bin/tools/named-nzd2nzf.8
+++ b/bin/tools/named-nzd2nzf.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -63,5 +63,5 @@ BIND 9 Administrator Reference Manual
 Internet Systems Consortium
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/tools/named-nzd2nzf.html b/bin/tools/named-nzd2nzf.html
index db372008539..5c36039a8f6 100644
--- a/bin/tools/named-nzd2nzf.html
+++ b/bin/tools/named-nzd2nzf.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/tools/named-rrchecker.1 b/bin/tools/named-rrchecker.1
index c520b92f119..a233b920d18 100644
--- a/bin/tools/named-rrchecker.1
+++ b/bin/tools/named-rrchecker.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -77,5 +77,5 @@ RFC 1035,
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/tools/named-rrchecker.html b/bin/tools/named-rrchecker.html
index 2d53939e70f..6f862cb9934 100644
--- a/bin/tools/named-rrchecker.html
+++ b/bin/tools/named-rrchecker.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2013-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/bin/tools/nsec3hash.8 b/bin/tools/nsec3hash.8
index 059507288c8..aca47bbeeab 100644
--- a/bin/tools/nsec3hash.8
+++ b/bin/tools/nsec3hash.8
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -84,5 +84,5 @@ RFC 5155\&.
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/bin/tools/nsec3hash.html b/bin/tools/nsec3hash.html
index 947d868c1a0..7bc0cca4712 100644
--- a/bin/tools/nsec3hash.html
+++ b/bin/tools/nsec3hash.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/configure b/configure
index 217f168247d..3e345c0286e 100755
--- a/configure
+++ b/configure
@@ -941,7 +941,6 @@ infodir
 docdir
 oldincludedir
 includedir
-runstatedir
 localstatedir
 sharedstatedir
 sysconfdir
@@ -1100,7 +1099,6 @@ datadir='${datarootdir}'
 sysconfdir='${prefix}/etc'
 sharedstatedir='${prefix}/com'
 localstatedir='${prefix}/var'
-runstatedir='${localstatedir}/run'
 includedir='${prefix}/include'
 oldincludedir='/usr/include'
 docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1353,15 +1351,6 @@ do
   | -silent | --silent | --silen | --sile | --sil)
     silent=yes ;;
 
-  -runstatedir | --runstatedir | --runstatedi | --runstated \
-  | --runstate | --runstat | --runsta | --runst | --runs \
-  | --run | --ru | --r)
-    ac_prev=runstatedir ;;
-  -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
-  | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
-  | --run=* | --ru=* | --r=*)
-    runstatedir=$ac_optarg ;;
-
   -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
     ac_prev=sbindir ;;
   -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1499,7 +1488,7 @@ fi
 for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
 		datadir sysconfdir sharedstatedir localstatedir includedir \
 		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
-		libdir localedir mandir runstatedir
+		libdir localedir mandir
 do
   eval ac_val=\$$ac_var
   # Remove trailing slashes.
@@ -1652,7 +1641,6 @@ Fine tuning of the installation directories:
   --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
   --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
   --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
-  --runstatedir=DIR       modifiable per-process data [LOCALSTATEDIR/run]
   --libdir=DIR            object code libraries [EPREFIX/lib]
   --includedir=DIR        C header files [PREFIX/include]
   --oldincludedir=DIR     C header files for non-gcc [/usr/include]
diff --git a/doc/arm/Bv9ARM.ch01.html b/doc/arm/Bv9ARM.ch01.html
index 9378acde536..dd9928894eb 100644
--- a/doc/arm/Bv9ARM.ch01.html
+++ b/doc/arm/Bv9ARM.ch01.html
@@ -614,6 +614,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch02.html b/doc/arm/Bv9ARM.ch02.html
index c278dcc4831..f7e2bb7beb8 100644
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -146,6 +146,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch03.html b/doc/arm/Bv9ARM.ch03.html
index ba25dc16e3b..4e3b5bb5840 100644
--- a/doc/arm/Bv9ARM.ch03.html
+++ b/doc/arm/Bv9ARM.ch03.html
@@ -759,6 +759,6 @@ controls {
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index 33ab304c79e..48ef8a2337b 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -2867,6 +2867,6 @@ $ORIGIN 0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch05.html b/doc/arm/Bv9ARM.ch05.html
index b59c4b33fe0..3609e50faf4 100644
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -2889,6 +2889,8 @@ badresp:1,adberr:0,findfail:0,valfail:0]
                     reopen a closed output stream. The minimum is 1 second,
                     the maximum is 600 seconds (10 minutes), and the default
                     is 5 seconds.
+                    For convenience, TTL-style time unit suffixes may be
+                    used to specify the value.
                   
                 </li>
 </ul></div>
@@ -3300,20 +3302,6 @@ badresp:1,adberr:0,findfail:0,valfail:0]
                 effect during the initial configuration load at server
                 startup time and is ignored on subsequent reloads.
               </p>
-              <p>
-                If BIND is built with
-                <span class="command"><strong>configure --disable-crypto-rand</strong></span>, then
-                entropy is <span class="emphasis"><em>not</em></span> sourced from the
-                cryptographic library. In this case, if
-                <span class="command"><strong>random-device</strong></span> is not specified, the
-                default value is the system random device,
-                <code class="filename">/dev/random</code> or the equivalent.
-                This default can be overridden with
-                <span class="command"><strong>configure --with-randomdev</strong></span>.
-                If no system random device exists, then no entropy source
-                will be configured, and <span class="command"><strong>named</strong></span> will only
-                be able to use pseudo-random numbers.
-              </p>
             </dd>
 <dt><span class="term"><span class="command"><strong>preferred-glue</strong></span></span></dt>
 <dd>
@@ -4118,6 +4106,14 @@ options {
                   Not implemented in BIND 9.
                 </p>
               </dd>
+<dt><span class="term"><span class="command"><strong>root-key-sentinel</strong></span></span></dt>
+<dd>
+                <p>
+                  Respond to root key sentinel probes as described in
+                  draft-ietf-dnsop-kskroll-sentinel-08. The default is
+                  <strong class="userinput"><code>yes</code></strong>.
+                </p>
+              </dd>
 <dt><span class="term"><span class="command"><strong>maintain-ixfr-base</strong></span></span></dt>
 <dd>
                 <p>
@@ -6522,8 +6518,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   begin listening for queries on any newly discovered
                   interfaces (provided they are allowed by the
                   <span class="command"><strong>listen-on</strong></span> configuration), and
-                  will
-                  stop listening on interfaces that have gone away.
+                  will stop listening on interfaces that have gone away.
+                  For convenience, TTL-style time unit suffixes may be
+                  used to specify the value.
                 </p>
               </dd>
 <dt><span class="term"><span class="command"><strong>statistics-interval</strong></span></span></dt>
@@ -6828,8 +6825,9 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   To reduce network traffic and increase performance,
                   the server stores negative answers. <span class="command"><strong>max-ncache-ttl</strong></span> is
                   used to set a maximum retention time for these answers in
-                  the server
-                  in seconds. The default
+                  the server in seconds.
+                  For convenience, TTL-style time unit suffixes may be
+                  used to specify the value.  The default
                   <span class="command"><strong>max-ncache-ttl</strong></span> is <code class="literal">10800</code> seconds (3 hours).
                   <span class="command"><strong>max-ncache-ttl</strong></span> cannot exceed
                   7 days and will
@@ -6841,6 +6839,8 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                 <p>
                   Sets the maximum time for which the server will
                   cache ordinary (positive) answers in seconds.
+                  For convenience, TTL-style time unit suffixes may be
+                  used to specify the value.
                   The default is 604800 (one week).
                   A value of zero may cause all queries to return
                   SERVFAIL, because of lost caches of intermediate
@@ -6902,6 +6902,11 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   set to one hour before the current time to allow
                   for a limited amount of clock skew.
                 </p>
+                <p>
+                  The <span class="command"><strong>sig-validity-interval</strong></span> can be
+                  overridden for DNSKEY records by setting
+                  <span class="command"><strong>dnskey-sig-validity</strong></span>.
+                </p>
                 <p>
                   The <span class="command"><strong>sig-validity-interval</strong></span>
                   should be, at least, several multiples of the SOA
@@ -6909,6 +6914,21 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                   between the various timer and expiry dates.
                 </p>
               </dd>
+<dt><span class="term"><span class="command"><strong>dnskey-sig-validity</strong></span></span></dt>
+<dd>
+                <p>
+                  Specifies the number of days into the future when
+                  DNSSEC signatures that are automatically generated
+                  for DNSKEY RRsets as a result of dynamic updates
+                  (<a class="xref" href="Bv9ARM.ch04.html#dynamic_update" title="Dynamic Update">the section called &#8220;Dynamic Update&#8221;</a>) will expire.
+                  If set to a non-zero value, this overrides the
+                  value set by <span class="command"><strong>sig-validity-interval</strong></span>.
+                  The default is zero, meaning
+                  <span class="command"><strong>sig-validity-interval</strong></span> is used.
+                  The maximum value is 3660 days (10 years), and
+                  higher values will be rejected.
+                </p>
+              </dd>
 <dt><span class="term"><span class="command"><strong>sig-signing-nodes</strong></span></span></dt>
 <dd>
                 <p>
@@ -7651,7 +7671,7 @@ deny-answer-aliases { "example.net"; };
             multiple policy zones.  To maximize performance, a radix
             tree is used to quickly identify response policy zones
             containing triggers that match the current query.  This
-            imposes an upper limit of 32 on the number of policy zones
+            imposes an upper limit of 64 on the number of policy zones
             in a single <span class="command"><strong>response-policy</strong></span> option; more
             than that is a configuration error.
           </p>
@@ -8027,6 +8047,8 @@ deny-answer-aliases { "example.net"; };
             to a maximum value.
             The <span class="command"><strong>max-policy-ttl</strong></span> clause changes the
             maximum seconds from its default of 5.
+            For convenience, TTL-style time unit suffixes may be
+            used to specify the value.
           </p>
 
           <p>
@@ -8112,7 +8134,9 @@ example.com                 CNAME   rpz-tcp-only.
             If an update to a RPZ zone (for example, via IXFR) happens less
             than <code class="option">min-update-interval</code> seconds after the most
             recent update, then the changes will not be carried out until this
-            interval has elapsed.  The default is <code class="literal">5</code> seconds.
+            interval has elapsed.  The default is <code class="literal">60</code> seconds.
+            For convenience, TTL-style time unit suffixes may be
+            used to specify the value.
           </p>
         </div>
 
@@ -10365,69 +10389,68 @@ example.com. NS ns2.example.net.
               <span class="command"><strong>update-policy</strong></span> option, respectively.
             </p>
             <p>
-              The <span class="command"><strong>allow-update</strong></span> clause works the
-              same way as in previous versions of <acronym class="acronym">BIND</acronym>.
-              It grants given clients the permission to update any
-              record of any name in the zone.
+              The <span class="command"><strong>allow-update</strong></span> clause is a simple
+              access control list.  Any client that matches
+              the ACL is granted permission to update any record
+              in the zone.
             </p>
             <p>
               The <span class="command"><strong>update-policy</strong></span> clause
               allows more fine-grained control over what updates are
-              allowed.  A set of rules is specified, where each rule
-              either grants or denies permissions for one or more
-              names to be updated by one or more identities.  If
-              the dynamic update request message is signed (that is,
-              it includes either a TSIG or SIG(0) record), the
-              identity of the signer can be determined.
+              allowed.  It specifies a set of rules, in which each rule
+              either grants or denies permission for one or more
+              names in the zone to be updated by one or more
+              identities. Identity is determined by the key that
+              signed the update request using either TSIG or SIG(0).
+              In most cases, <span class="command"><strong>update-policy</strong></span> rules
+              only apply to key-based identities.  There is no way
+              to specify update permissions based on client source
+              address.
             </p>
             <p>
-              Rules are specified in the <span class="command"><strong>update-policy</strong></span>
-              zone option, and are only meaningful for master zones.
-              When the <span class="command"><strong>update-policy</strong></span> statement
-              is present, it is a configuration error for the
-              <span class="command"><strong>allow-update</strong></span> statement to be
-              present.  The <span class="command"><strong>update-policy</strong></span> statement
-              (except when set to <code class="literal">local</code>) only
-              examines the signer of a message; the source
-              address is not relevant.
+              <span class="command"><strong>update-policy</strong></span> rules are only meaningful
+              for zones of type <span class="command"><strong>master</strong></span>, and are
+              not allowed in any other zone type.
+              It is a configuration error to specify both
+              <span class="command"><strong>allow-update</strong></span> and
+              <span class="command"><strong>update-policy</strong></span> at the same time.
             </p>
             <p>
               A pre-defined <span class="command"><strong>update-policy</strong></span> rule can be
               switched on with the command
               <span class="command"><strong>update-policy local;</strong></span>.
-              Switching on this rule in a zone causes
-              <span class="command"><strong>named</strong></span> to generate a TSIG session key and
-              place it in a file. That key will then be allowed to update
-              the zone, if the update request is sent from localhost.
+              Using this in a zone causes
+              <span class="command"><strong>named</strong></span> to generate a TSIG session key
+              when starting up and store it in a file; this key can then
+              be used by local clients to update the zone while
+              <span class="command"><strong>named</strong></span> is running.
               By default, the session key is stored in the file
-              <code class="filename">/var/run/named/session.key</code>; the key name
-              is "local-ddns" and the key algorithm is HMAC-SHA256.
+              <code class="filename">/var/run/named/session.key</code>, the key name
+              is "local-ddns", and the key algorithm is HMAC-SHA256.
               These values are configurable with the
               <span class="command"><strong>session-keyfile</strong></span>,
               <span class="command"><strong>session-keyname</strong></span> and
-              <span class="command"><strong>session-keyalg</strong></span> options, respectively).
-            </p>
-            <p>
-              A client on the local system, if it is run with appropriate
+              <span class="command"><strong>session-keyalg</strong></span> options, respectively.
+              A client running on the local system, if run with appropriate
               permissions, may read the session key from the key file and
-              use the key to sign update requests.  The zone's update
+              use it to sign update requests.  The zone's update
               policy will be set to allow that key to change any record
               within the zone.  Assuming the key name is "local-ddns",
-              this policy is:
+              this policy is equivalent to:
             </p>
 
             <pre class="programlisting">update-policy { grant local-ddns zonesub any; };
             </pre>
 
             <p>
-              ...with an additional restriction that only clients
+              ...with the additional restriction that only clients
               connecting from the local system will be permitted to send
               updates.
             </p>
             <p>
-              Note that only one session key is generated; all zones
-              configured to use <span class="command"><strong>update-policy local</strong></span>
-              will accept the same key.
+              Note that only one session key is generated by
+              <span class="command"><strong>named</strong></span>; all zones configured to use
+              <span class="command"><strong>update-policy local</strong></span> will accept the same key.
             </p>
             <p>
               The command <span class="command"><strong>nsupdate -l</strong></span> implements this
@@ -10440,50 +10463,60 @@ example.com. NS ns2.example.net.
             </p>
 
 <pre class="programlisting">
-( <span class="command"><strong>grant</strong></span> | <span class="command"><strong>deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>nametype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
+( <span class="command"><strong>grant</strong></span> | <span class="command"><strong>deny</strong></span> ) <em class="replaceable"><code>identity</code></em> <em class="replaceable"><code>ruletype</code></em> [<span class="optional"> <em class="replaceable"><code>name</code></em> </span>] [<span class="optional"> <em class="replaceable"><code>types</code></em> </span>]
 </pre>
 
             <p>
-              Each rule grants or denies privileges.  Once a message has
-              successfully matched a rule, the operation is immediately
-              granted or denied and no further rules are examined.  A rule
-              is matched when the signer matches the identity field, the
-              name matches the name field in accordance with the nametype
-              field, and the type matches the types specified in the type
-              field.
+              Each rule grants or denies privileges.  Rules are checked
+              in the order in which they are specified in the
+              <span class="command"><strong>update-policy</strong></span> statement. Once a message
+              has successfully matched a rule, the operation is immediately
+              granted or denied, and no further rules are examined.  There
+              are 13 types of rules; the rule type is specified by the
+              <span class="command"><strong>ruletype</strong></span> field, and the interpretation
+              of other fields varies depending on the rule type.
             </p>
             <p>
-              No signer is required for <em class="replaceable"><code>tcp-self</code></em>
-              or <em class="replaceable"><code>6to4-self</code></em> however the standard
-              reverse mapping / prefix conversion must match the identity
-              field.
+              In general, a rule is matched when the
+              key that signed an update request matches the
+              <span class="command"><strong>identity</strong></span> field, the name of the record
+              to be updated matches the <span class="command"><strong>name</strong></span> field
+              (in the manner specified by the <span class="command"><strong>ruletype</strong></span>
+              field), and the type of the record to be updated matches the
+              <span class="command"><strong>types</strong></span> field. Details for each rule type
+              are described below.
             </p>
             <p>
-              The identity field specifies a name or a wildcard
-              name.  Normally, this is the name of the TSIG or
-              SIG(0) key used to sign the update request.  When a
-              TKEY exchange has been used to create a shared secret,
-              the identity of the shared secret is the same as the
-              identity of the key used to authenticate the TKEY
-              exchange.  TKEY is also the negotiation method used
-              by GSS-TSIG, which establishes an identity that is
-              the Kerberos principal of the client, such as
-              <strong class="userinput"><code>"user@host.domain"</code></strong>.  When the
-              <em class="replaceable"><code>identity</code></em> field specifies
-              a wildcard name, it is subject to DNS wildcard
-              expansion, so the rule will apply to multiple identities.
-              The <em class="replaceable"><code>identity</code></em> field must
-              contain a fully-qualified domain name.
+              The <span class="command"><strong>identity</strong></span> field must be set to
+              a fully-qualified domain name.  In most cases, this
+              represensts the name of the TSIG or SIG(0) key that must be
+              used to sign the update request.  If the specified name is a
+              wildcard, it is subject to DNS wildcard expansion, and the
+              rule may apply to multiple identities.  When a TKEY exchange
+              has been used to create a shared secret, the identity of
+              the key used to authenticate the TKEY exchange will be
+              used as the identity of the shared secret.  Some rule types
+              use indentities matching the client's Kerberos principal
+              (e.g, <strong class="userinput"><code>"host/machine@REALM"</code></strong>) or
+              Windows realm (<strong class="userinput"><code>machine$@REALM</code></strong>).
             </p>
             <p>
-              For nametypes <code class="varname">krb5-self</code>,
-              <code class="varname">ms-self</code>, <code class="varname">krb5-subdomain</code>,
-              and <code class="varname">ms-subdomain</code> the
-              <em class="replaceable"><code>identity</code></em> field specifies
-              the Windows or Kerberos realm of the machine belongs to.
+              The <em class="replaceable"><code>name</code></em> field also specifies
+              a fully-qualified domain name. This often
+              represents the name of the record to be updated.
+              Interpretation of this field is dependent on rule type.
             </p>
             <p>
-              The <em class="replaceable"><code>nametype</code></em> field has 13
+              If no <span class="command"><strong>types</strong></span> are explicitly specified,
+              then a rule matches all types except RRSIG, NS, SOA, NSEC
+              and NSEC3. Types may be specified by name, including
+              "ANY" (ANY matches all types except NSEC and NSEC3,
+              which can never be updated).  Note that when an attempt
+              is made to delete all records associated with a name,
+              the rules are checked for each existing record type.
+            </p>
+            <p>
+              The <em class="replaceable"><code>ruletype</code></em> field has 13
               values:
               <code class="varname">name</code>, <code class="varname">subdomain</code>,
               <code class="varname">wildcard</code>, <code class="varname">self</code>,
@@ -10577,20 +10610,23 @@ example.com. NS ns2.example.net.
                     </td>
 <td>
                       <p>
-                        This rule matches when the name being updated
-                        matches the contents of the
+                        This rule matches when the name of the record
+                        being updated matches the contents of the
                         <em class="replaceable"><code>identity</code></em> field.
                         The <em class="replaceable"><code>name</code></em> field
-                        is ignored, but should be the same as the
-                        <em class="replaceable"><code>identity</code></em> field or
+                        is ignored. To avoid confusion, it is recommended
+                        that this field be set to the same value as the
+                        <em class="replaceable"><code>identity</code></em> field or to
                         "."
-                        The <code class="varname">self</code> nametype is
-                        most useful when allowing using one key per
+                      </p>
+                      <p>
+                        The <code class="varname">self</code> rule type is
+                        most useful when allowing one key per
                         name to update, where the key has the same
-                        name as the name to be updated.  The
-                        <em class="replaceable"><code>identity</code></em> would
-                        be specified as <code class="constant">*</code> (an asterisk) in
-                        this case.
+                        name as the record to be updated.  In this case,
+                        the <em class="replaceable"><code>identity</code></em> field
+                        can be specified as <code class="constant">*</code>
+                        (an asterisk).
                       </p>
                     </td>
 </tr>
@@ -10699,11 +10735,18 @@ example.com. NS ns2.example.net.
                     </td>
 <td>
                       <p>
-                        Allow updates that have been sent via TCP and
-                        for which the standard mapping from the initiating
-                        IP address into the IN-ADDR.ARPA and IP6.ARPA
-                        namespaces match the name to be updated.  The
-                        name field should be set to "."
+                        This rule allows updates that have been sent via
+                        TCP and for which the standard mapping from the
+                        client's IP address into the
+                        <code class="literal">in-addr.arpa</code> and
+                        <code class="literal">ip6.arpa</code>
+                        namespaces match the name to be updated.
+                        The <span class="command"><strong>identity</strong></span> field must match
+                        that name.  The <span class="command"><strong>name</strong></span> field
+                        should be set to ".".
+                        Note that, since identity is based on the client's
+                        IP address, it is not necessary for update request
+                        messages to be signed.
                       </p>
                       <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
@@ -10720,11 +10763,30 @@ example.com. NS ns2.example.net.
                     </td>
 <td>
                       <p>
-                        Allow the 6to4 prefix to be update by any TCP
-                        connection from the 6to4 network or from the
-                        corresponding IPv4 address.  This is intended
-                        to allow NS or DNAME RRsets to be added to the
-                        reverse tree.
+                        This allows the name matching a 6to4 IPv6 prefix,
+                        as specified in RFC 3056, to be updated by any
+                        TCP connection from either the 6to4 network or
+                        from the corresponding IPv4 address.  This is
+                        intended to allow NS or DNAME RRsets to be added
+                        to the <code class="literal">ip6.arpa</code> reverse tree.
+                      </p>
+                      <p>
+                        The <span class="command"><strong>identity</strong></span> field must match
+                        the 6to4 prefix in <code class="literal">ip6.arpa</code>.
+                        The <span class="command"><strong>name</strong></span> field should
+                        be set to ".".
+                        Note that, since identity is based on the client's
+                        IP address, it is not necessary for update request
+                        messages to be signed.
+                      </p>
+                      <p>
+                        In addition, if specified for an
+                        <code class="literal">ip6.arpa</code> name outside of the
+                        <code class="literal">2.0.0.2.ip6.arpa</code> namespace,
+                        the corresponding /48 reverse name can be updated.
+                        For example, TCP/IPv6 connections
+                        from 2001:DB8:ED0C::/48 can update records at
+                        <code class="literal">C.0.D.E.8.B.D.0.1.0.0.2.ip6.arpa</code>.
                       </p>
                       <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
@@ -10780,21 +10842,6 @@ example.com. NS ns2.example.net.
 </tbody>
 </table>
             </div>
-
-            <p>
-              In all cases, the <em class="replaceable"><code>name</code></em>
-              field must specify a fully-qualified domain name.
-            </p>
-
-            <p>
-              If no types are explicitly specified, this rule matches
-              all types except RRSIG, NS, SOA, NSEC and NSEC3. Types
-              may be specified by name, including "ANY" (ANY matches
-              all types except NSEC and NSEC3, which can never be
-              updated).  Note that when an attempt is made to delete
-              all records associated with a name, the rules are
-              checked for each existing record type.
-            </p>
           </div>
 
           <div class="section">
@@ -14625,6 +14672,6 @@ HOST-127.EXAMPLE. MX 0 .
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index 941d37d8d04..3bed6c52154 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -399,6 +399,6 @@ allow-query { !{ !10/8; any; }; key example; };
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index cba71c02bce..d6ab258963c 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -136,6 +136,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index c7fa64c9554..f3461dacb80 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -36,9 +36,10 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl class="toc">
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0-dev</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
@@ -53,17 +54,41 @@
 </div>
       <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.0-dev</h2></div></div></div>
+<a name="id-1.9.2"></a>Release Notes for BIND Version 9.13.0</h2></div></div></div>
   
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
     <p>
-      BIND 9.13 is unstable development release of BIND.
+      BIND 9.13 is an unstable development release of BIND.
       This document summarizes new features and functional changes that
-      have been introduced on this branch.  With each development
-      release leading up to the stable BIND 9.14 release, this document
-      will be updated with additional features added and bugs fixed.
+      have been introduced on this branch.  With each development release
+      leading up to the stable BIND 9.14 release, this document will be
+      updated with additional features added and bugs fixed.
+    </p>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_versions"></a>Note on Version Numbering</h3></div></div></div>
+    <p>
+      Prior to BIND 9.13, new feature development releases were tagged
+      as "alpha" and "beta", leading up to the first stable release
+      for a given development branch, which always ended in ".0".
+    </p>
+    <p>
+      Now, however, BIND has adopted the "odd-unstable/even-stable"
+      release numbering convention. There will be no "alpha" or "beta"
+      releases in the 9.13 branch, only increasing version numbers.
+      So, for example, what would previously have been called 9.13.0a1,
+      9.13.0a2, 9.13.0b1, and so on, will instead be called 9.13.0,
+      9.13.1, 9.13.2, etc.
+    </p>
+    <p>
+      The first stable release from this development branch will be
+      renamed as 9.14.0. Thereafter, maintenance releases will continue
+      on the 9.14 branch, while unstable feature development proceeds in
+      9.15.
     </p>
   </div>
 
@@ -82,54 +107,129 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+	<p>
+	  None.
+	</p>
+      </li></ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
     <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem">
 	<p>
-	  Addresses could be referenced after being freed during resolver
-	  processing, causing an assertion failure. The chances of this
-	  happening were remote, but the introduction of a delay in
-	  resolution increased them. This bug is disclosed in
-	  CVE-2017-3145. [RT #46839]
+	  BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
+	  library to add IDNA2008 support.  Previously, BIND supported
+	  IDNA2003 using the (now obsolete and unsupported)
+	  <span class="command"><strong>idnkit-1</strong></span> library.
 	</p>
       </li>
 <li class="listitem">
 	<p>
-	  update-policy rules that otherwise ignore the name field now
-	  require that it be set to "." to ensure that any type list
-	  present is properly interpreted.  If the name field was omitted
-	  from the rule declaration and a type list was present it wouldn't
-	  be interpreted as expected.
+	  <span class="command"><strong>named</strong></span> now supports the "root key sentinel"
+	  mechanism. This enables validating resolvers to indicate to
+	  which trust anchors are configured for the root, so that
+	  information about root key rollover status can be gathered.
+	  To disable this feature, add
+	  <span class="command"><strong>root-key-sentinel no;</strong></span> to
+	  <code class="filename">named.conf</code>.
 	</p>
       </li>
-</ul></div>
-  </div>
-
-  <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+<li class="listitem">
 	<p>
-	  None.
+	  The <span class="command"><strong>dnskey-sig-validity</strong></span> option allows the
+	  <span class="command"><strong>sig-validity-interval</strong></span> to be overriden for
+	  signatures covering DNSKEY RRsets. [GL #145]
 	</p>
-      </li></ul></div>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
 	<p>
 	  <span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
 	  keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
 	  to generate these keys. [RT #46404]
 	</p>
-      </li></ul></div>
+      </li>
+<li class="listitem">
+	<p>
+	  Support for OpenSSL 0.9.x has been removed.  OpenSSL version
+	  1.0.0 or greater, or LibreSSL is now required.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  The <span class="command"><strong>configure --enable-seccomp</strong></span> option,
+	  which formerly turned on system-call filtering on Linux, has
+	  been removed. [GL #93]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  IPv4 addresses in forms other than dotted-quad are no longer
+	  accepted in master files. [GL #13] [GL #56]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  IDNA2003 support via (bundled) idnkit-1.0 has been removed.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  The "rbtdb64" database implementation (a parallel
+	  implementation of "rbt") has been removed. [GL #217]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  The <span class="command"><strong>-r randomdev</strong></span> option to explicitly select
+	  random device has been removed from the
+	  <span class="command"><strong>ddns-confgen</strong></span>,
+	  <span class="command"><strong>rndc-confgen</strong></span>,
+	  <span class="command"><strong>nsupdate</strong></span>,
+	  <span class="command"><strong>dnssec-confgen</strong></span>, and
+	  <span class="command"><strong>dnssec-signzone</strong></span> commands.
+	</p>
+	<p>
+	  The <span class="command"><strong>-p</strong></span> option to use pseudo-random data
+	  has been removed from the <span class="command"><strong>dnssec-signzone</strong></span>
+	  command.
+	</p>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
     <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  BIND will now always use the best CSPRNG (cryptographically-secure
+	  pseudo-random number generator) available on the platform where
+	  it is compiled.  It will use <span class="command"><strong>arc4random()</strong></span>
+	  family of functions on BSD operating systems,
+	  <span class="command"><strong>getrandom()</strong></span> on Linux and Solaris,
+	  <span class="command"><strong>CryptGenRandom</strong></span> on Windows, and the selected
+	  cryptography provider library (OpenSSL or PKCS#11) as the last
+	  resort. [GL #221]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  BIND can no longer be built without DNSSEC support. A cryptography
+	  provder (i.e., OpenSSL or a hardware service module with
+	  PKCS#11 support) must be available. [GL #244]
+	</p>
+      </li>
 <li class="listitem">
 	<p>
 	  Zone types <span class="command"><strong>primary</strong></span> and
@@ -145,29 +245,38 @@
 	  [RT #43670]
 	</p>
       </li>
-</ul></div>
-  </div>
-
-  <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem">
 	<p>
-	  When answering authoritative queries, <span class="command"><strong>named</strong></span>
-	  does not return the target of a cross-zone CNAME between two
-	  locally served zones; this prevents accidental cache poisoning.
-	  This same restriction was incorrectly applied to recursive
-	  queries as well; this has been fixed. [RT #47078]
+	  <span class="command"><strong>dig +nssearch</strong></span> will now list name servers
+	  that have timed out, in addition to those that respond. [GL #64]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>dig +noidnin</strong></span> can be used to disable IDN
+	  processing on the input domain name, when BIND is compiled
+	  with IDN support.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  Up to 64 <span class="command"><strong>response-policy</strong></span> zones are now
+	  supported by default; previously the limit was 32. [GL #123]
 	</p>
       </li>
 <li class="listitem">
 	<p>
-	  Attempting to validate improperly unsigned CNAME responses
-	  from secure zones could cause a validator loop. This caused
-	  a delay in returning SERVFAIL and also increased the chances
-	  of encountering the crash bug described in CVE-2017-3145.
-	  [RT #46839]
+	  Several configuration options for time periods can now use
+	  TTL value suffixes (for example, <code class="literal">2h</code> or
+	  <code class="literal">1d</code>) in addition to an integer number of
+	  seconds. These include
+	  <span class="command"><strong>fstrm-set-reopen-interval</strong></span>,
+	  <span class="command"><strong>interface-interval</strong></span>,
+	  <span class="command"><strong>max-cache-ttl</strong></span>,
+	  <span class="command"><strong>max-ncache-ttl</strong></span>,
+	  <span class="command"><strong>max-policy-ttl</strong></span>, and
+	  <span class="command"><strong>min-update-interval</strong></span>.
+	  [GL #203]
 	</p>
       </li>
 </ul></div>
@@ -175,6 +284,16 @@
 
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+	<p>
+	  None.
+	</p>
+      </li></ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_license"></a>License</h3></div></div></div>
     <p>
       BIND is open source software licenced under the terms of the Mozilla
@@ -208,8 +327,8 @@
     <p>
       The end of life date for BIND 9.14 has not yet been determined.
       For those needing long term support, the current Extended Support
-      Version (ESV) is BIND 9.11, which will be supported until December
-      2021. See
+      Version (ESV) is BIND 9.11, which will be supported until at
+      least December 2021. See
       <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
       for details of ISC's software support policy.
     </p>
@@ -245,6 +364,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index 39b7263d317..4de17c421e5 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -148,6 +148,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch10.html b/doc/arm/Bv9ARM.ch10.html
index 4f52c4f73e3..212d08cd17f 100644
--- a/doc/arm/Bv9ARM.ch10.html
+++ b/doc/arm/Bv9ARM.ch10.html
@@ -914,6 +914,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch11.html b/doc/arm/Bv9ARM.ch11.html
index 3da8ccd5473..674ca2d20bb 100644
--- a/doc/arm/Bv9ARM.ch11.html
+++ b/doc/arm/Bv9ARM.ch11.html
@@ -533,6 +533,6 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.ch12.html b/doc/arm/Bv9ARM.ch12.html
index 66663ed9f3e..78fe495d3cc 100644
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -185,7 +185,6 @@
       
       
       
-      
       
       
     </div>
@@ -207,6 +206,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index d6464318087..fea007da75d 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -32,7 +32,7 @@
 <div>
 <div><h1 class="title">
 <a name="id-1"></a>BIND 9 Administrator Reference Manual</h1></div>
-<div><p class="releaseinfo">BIND Version 9.13.0-dev</p></div>
+<div><p class="releaseinfo">BIND Version 9.13.0</p></div>
 <div><p class="copyright">Copyright © 2000-2018 Internet Systems Consortium, Inc. ("ISC")</p></div>
 </div>
 <hr>
@@ -234,9 +234,10 @@
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch08.html">A. Release Notes</a></span></dt>
 <dd><dl>
-<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0-dev</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#id-1.9.2">Release Notes for BIND Version 9.13.0</a></span></dt>
 <dd><dl>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_intro">Introduction</a></span></dt>
+<dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_versions">Note on Version Numbering</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_download">Download</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_security">Security Fixes</a></span></dt>
 <dt><span class="section"><a href="Bv9ARM.ch08.html#relnotes_features">New Features</a></span></dt>
@@ -427,6 +428,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/Bv9ARM.pdf b/doc/arm/Bv9ARM.pdf
index e2a6d833546..1062bc59cd4 100644
Binary files a/doc/arm/Bv9ARM.pdf and b/doc/arm/Bv9ARM.pdf differ
diff --git a/doc/arm/man.arpaname.html b/doc/arm/man.arpaname.html
index 5028bc52eb5..82611069954 100644
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -90,6 +90,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.ddns-confgen.html b/doc/arm/man.ddns-confgen.html
index e1cfd2a0935..1f944e854de 100644
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -53,7 +53,6 @@
       <code class="command">tsig-keygen</code> 
        [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
        [<code class="option">-h</code>]
-       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
        [name]
     </p></div>
     <div class="cmdsynopsis"><p>
@@ -154,20 +153,6 @@
             This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
 	  </p>
 	</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
-	  <p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating system does not provide a
-            <code class="filename">/dev/random</code> or equivalent device, the
-            default source of randomness is keyboard input.
-            <code class="filename">randomdev</code> specifies the name of a
-            character device or file containing random data to be used
-            instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard input
-            should be used.
-	  </p>
-	</dd>
 <dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
 <dd>
 	  <p>
@@ -235,6 +220,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.delv.html b/doc/arm/man.delv.html
index 2be7de3e0fa..190ec6861fd 100644
--- a/doc/arm/man.delv.html
+++ b/doc/arm/man.delv.html
@@ -625,6 +625,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dig.html b/doc/arm/man.dig.html
index 4d2d60db81a..56d6661f267 100644
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -248,9 +248,9 @@
 <dt><span class="term">-i</span></dt>
 <dd>
 	  <p>
-	    Do reverse IPv6 lookups using the obsolete RFC1886 IP6.INT
+	    Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
 	    domain, which is no longer in use. Obsolete bit string
-	    label queries (RFC2874) are not attempted.
+	    label queries (RFC 2874) are not attempted.
 	  </p>
 	</dd>
 <dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
@@ -295,11 +295,12 @@
 <dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
 <dd>
 	  <p>
-	    The resource record type to query. It can be any valid query type
-	    which is
-	    supported in BIND 9.  The default query type is "A", unless the
-	    <code class="option">-x</code> option is supplied to indicate a reverse lookup.
-	    A zone transfer can be requested by specifying a type of AXFR.  When
+	    The resource record type to query. It can be any valid query
+	    type.  If it is a resource record type supported in BIND 9, it
+	    can be given by the type mnemonic (such as "NS" or "AAAA").
+	    The default query type is "A", unless the <code class="option">-x</code>
+	    option is supplied to indicate a reverse lookup.  A zone
+	    transfer can be requested by specifying a type of AXFR.  When
 	    an incremental zone transfer (IXFR) is required, set the
 	    <em class="parameter"><code>type</code></em> to <code class="literal">ixfr=N</code>.
 	    The incremental zone transfer will contain the changes
@@ -307,6 +308,12 @@
 	    record was
 	    <em class="parameter"><code>N</code></em>.
 	  </p>
+	  <p>
+	    All resource record types can be expressed as "TYPEnn", where
+	    "nn" is the number of the type. If the resource record type is
+	    not supported in BIND 9, the result will be displayed as
+	    described in RFC 3597.
+	  </p>
 	</dd>
 <dt><span class="term">-u</span></dt>
 <dd>
@@ -637,6 +644,14 @@
 	      server that provided the answer.
 	    </p>
 	  </dd>
+<dt><span class="term"><code class="option">+[no]idnin</code></span></dt>
+<dd>
+	    <p>
+	      Process [do not process] IDN domain names on input.
+	      This requires IDN SUPPORT to have been enabled at
+	      compile time.  The default is to process IDN input.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
 <dd>
 	    <p>
@@ -713,7 +728,8 @@
 	      attempts to find the authoritative name servers for
 	      the zone containing the name being looked up and
 	      display the SOA record that each name server has for
-	      the zone.
+	      the zone. Addresses of servers that that did not
+	      respond are also printed.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
@@ -760,6 +776,14 @@
 	      the question section as a comment.
 	    </p>
 	  </dd>
+<dt><span class="term"><code class="option">+[no]raflag</code></span></dt>
+<dd>
+	    <p>
+	      Set [do not set] the RA (Recursion Available) bit in
+	      the query. The default is +noraflag. This bit should
+	      be ignored by the server for QUERY.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
 <dd>
 	    <p>
@@ -829,7 +853,7 @@
 <dd>
 	    <p>
 	      This feature is now obsolete and has been removed;
-              use <span class="command"><strong>delv</strong></span> instead.
+	      use <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+split=W</code></span></dt>
@@ -870,6 +894,14 @@
 	      this query.
 	    </p>
 	  </dd>
+<dt><span class="term"><code class="option">+[no]tcflag</code></span></dt>
+<dd>
+	    <p>
+	      Set [do not set] the TC (TrunCation) bit in the query.
+	      The default is +notcflag.  This bit should be ignored
+	      by the server for QUERY.
+	    </p>
+	  </dd>
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd>
 	    <p>
@@ -896,8 +928,8 @@
 <dd>
 	    <p>
 	      This feature is related to <span class="command"><strong>dig +sigchase</strong></span>,
-              which is obsolete and has been removed. Use
-              <span class="command"><strong>delv</strong></span> instead.
+	      which is obsolete and has been removed. Use
+	      <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]trace</code></span></dt>
@@ -933,9 +965,9 @@
 <dd>
 	    <p>
 	      Formerly specified trusted keys for use with
-              <span class="command"><strong>dig +sigchase</strong></span>.  This feature is now
-              obsolete and has been removed; use
-              <span class="command"><strong>delv</strong></span> instead.
+	      <span class="command"><strong>dig +sigchase</strong></span>.  This feature is now
+	      obsolete and has been removed; use
+	      <span class="command"><strong>delv</strong></span> instead.
 	    </p>
 	  </dd>
 <dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
@@ -1045,10 +1077,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <span class="command"><strong>dig</strong></span> appropriately converts character encoding of
       domain name before sending a request to DNS server or displaying a
       reply from the server.
-      If you'd like to turn off the IDN support for some reason, defines
-      the <code class="envar">IDN_DISABLE</code> environment variable.
-      The IDN support is disabled if the variable is set when
-      <span class="command"><strong>dig</strong></span> runs.
+      If you'd like to turn off the IDN support for some reason, use
+      parameters <em class="parameter"><code>+noidnin</code></em> and
+      <em class="parameter"><code>+noidnout</code></em>.
     </p>
   </div>
 
@@ -1076,7 +1107,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
       <span class="citerefentry">
 	<span class="refentrytitle">dnssec-keygen</span>(8)
       </span>,
-      <em class="citetitle">RFC1035</em>.
+      <em class="citetitle">RFC 1035</em>.
     </p>
   </div>
 
@@ -1107,6 +1138,6 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-cds.html b/doc/arm/man.dnssec-cds.html
index 9c71dd9451d..d9a65d88d83 100644
--- a/doc/arm/man.dnssec-cds.html
+++ b/doc/arm/man.dnssec-cds.html
@@ -376,6 +376,6 @@ nsupdate -l
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-checkds.html b/doc/arm/man.dnssec-checkds.html
index 0911657f873..860e1ce7920 100644
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -150,6 +150,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-coverage.html b/doc/arm/man.dnssec-coverage.html
index 83aceff62f4..85dedf19481 100644
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -270,6 +270,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-dsfromkey.html b/doc/arm/man.dnssec-dsfromkey.html
index e9a16b34844..2103f507c30 100644
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -289,6 +289,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-importkey.html b/doc/arm/man.dnssec-importkey.html
index f3fd7caa15d..eaeb9e31f36 100644
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -250,6 +250,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-keyfromlabel.html b/doc/arm/man.dnssec-keyfromlabel.html
index c3897e433f2..c5e0ed689cd 100644
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -498,6 +498,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-keygen.html b/doc/arm/man.dnssec-keygen.html
index 67528ea51fd..f4c8fe3c0e3 100644
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -75,7 +75,6 @@
        [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>]
        [<code class="option">-q</code>]
        [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
        [<code class="option">-S <em class="replaceable"><code>key</code></em></code>]
        [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>]
        [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
@@ -297,28 +296,6 @@
 	    a satisfactory key.
 	  </p>
 	</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-	  <p>
-	    Specifies a source of randomness.  Normally, when generating
-	    DNSSEC keys, this option has no effect; the random number
-	    generation function provided by the cryptographic library will
-	    be used.
-	  </p>
-	  <p>
-	    If that behavior is disabled at compile time, however,
-	    the specified file will be used as entropy source
-	    for key generation.  <code class="filename">randomdev</code> is
-	    the name of a character device or file containing random
-	    data to be used.  The special value <code class="filename">keyboard</code>
-	    indicates that keyboard input should be used.
-	  </p>
-	  <p>
-	    The default is <code class="filename">/dev/random</code> if the
-	    operating system provides it or an equivalent device;
-	    if not, the default source of randomness is keyboard input.
-	  </p>
-	</dd>
 <dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
 <dd>
 	  <p>
@@ -591,6 +568,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-keymgr.html b/doc/arm/man.dnssec-keymgr.html
index dd5b8be2255..c76a537e496 100644
--- a/doc/arm/man.dnssec-keymgr.html
+++ b/doc/arm/man.dnssec-keymgr.html
@@ -59,7 +59,6 @@
        [<code class="option">-v</code>]
        [<code class="option">-z</code>]
        [<code class="option">-g <em class="replaceable"><code>path</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>path</code></em></code>]
        [<code class="option">-s <em class="replaceable"><code>path</code></em></code>]
        [zone...]
     </p></div>
@@ -178,15 +177,6 @@
 	    and <span class="command"><strong>dnssec-settime</strong></span>.
 	  </p>
 	</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-	  <p>
-	    Specifies a path to a file containing random data.
-	    This is passed to the <span class="command"><strong>dnssec-keygen</strong></span> binary
-	    using its <code class="option">-r</code> option.
-
-	  </p>
-	</dd>
 <dt><span class="term">-s <em class="replaceable"><code>settime-path</code></em></span></dt>
 <dd>
 	  <p>
@@ -398,6 +388,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-revoke.html b/doc/arm/man.dnssec-revoke.html
index addd054d0e0..2452616892c 100644
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -171,6 +171,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-settime.html b/doc/arm/man.dnssec-settime.html
index c5b80105c6f..ee667fcc698 100644
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -349,6 +349,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-signzone.html b/doc/arm/man.dnssec-signzone.html
index d4e364aec0c..67cc2a05850 100644
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -72,10 +72,8 @@
        [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>]
        [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>]
        [<code class="option">-P</code>]
-       [<code class="option">-p</code>]
        [<code class="option">-Q</code>]
        [<code class="option">-R</code>]
-       [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
        [<code class="option">-S</code>]
        [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>]
        [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>]
@@ -418,15 +416,6 @@
             can be read by release 9.9.0 or higher; the default is 1.
           </p>
         </dd>
-<dt><span class="term">-p</span></dt>
-<dd>
-          <p>
-            Use pseudo-random data when signing the zone.  This is faster,
-            but less secure, than using real random data.  This option
-            may be useful when signing large zones or when the entropy
-            source is limited.
-          </p>
-        </dd>
 <dt><span class="term">-P</span></dt>
 <dd>
           <p>
@@ -471,20 +460,6 @@
             ("Double Signature Zone Signing Key Rollover").
           </p>
         </dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-          <p>
-            Specifies the source of randomness.  If the operating
-            system does not provide a <code class="filename">/dev/random</code>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <code class="filename">randomdev</code>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard
-            input should be used.
-          </p>
-        </dd>
 <dt><span class="term">-S</span></dt>
 <dd>
           <p>
@@ -725,6 +700,6 @@ db.example.com.signed
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnssec-verify.html b/doc/arm/man.dnssec-verify.html
index f0e82750262..c9a49025671 100644
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -202,6 +202,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.dnstap-read.html b/doc/arm/man.dnstap-read.html
index f1a2e603a82..1a7c5563493 100644
--- a/doc/arm/man.dnstap-read.html
+++ b/doc/arm/man.dnstap-read.html
@@ -138,11 +138,10 @@
 <td width="40%" align="left" valign="top">
 <span class="application">dnssec-verify</span> </td>
 <td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
-<td width="40%" align="right" valign="top"> <span class="application">host</span>
-</td>
+<td width="40%" align="right" valign="top"> host</td>
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.host.html b/doc/arm/man.host.html
index ab893724ff4..8f22a1efe41 100644
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -70,7 +70,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.19.7"></a><h2>DESCRIPTION</h2>
 
 
     <p><span class="command"><strong>host</strong></span>
@@ -97,7 +97,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.19.8"></a><h2>OPTIONS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-4</span></dt>
@@ -321,7 +321,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.9"></a><h2>IDN SUPPORT</h2>
+<a name="id-1.13.19.9"></a><h2>IDN SUPPORT</h2>
 
     <p>
       If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
@@ -337,14 +337,14 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.10"></a><h2>FILES</h2>
+<a name="id-1.13.19.10"></a><h2>FILES</h2>
 
     <p><code class="filename">/etc/resolv.conf</code>
     </p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.20.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.19.11"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">dig</span>(1)
@@ -375,6 +375,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.mdig.html b/doc/arm/man.mdig.html
index 1b1a7357acd..5b92154e617 100644
--- a/doc/arm/man.mdig.html
+++ b/doc/arm/man.mdig.html
@@ -84,7 +84,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.20.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>mdig</strong></span>
       is a multiple/pipelined query version of <span class="command"><strong>dig</strong></span>:
@@ -134,7 +134,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.8"></a><h2>ANYWHERE OPTIONS</h2>
+<a name="id-1.13.20.8"></a><h2>ANYWHERE OPTIONS</h2>
 
 
     <p>
@@ -158,7 +158,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.9"></a><h2>GLOBAL OPTIONS</h2>
+<a name="id-1.13.20.9"></a><h2>GLOBAL OPTIONS</h2>
 
 
     <p>
@@ -358,7 +358,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.10"></a><h2>LOCAL OPTIONS</h2>
+<a name="id-1.13.20.10"></a><h2>LOCAL OPTIONS</h2>
 
 
     <p>
@@ -583,7 +583,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.21.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.20.11"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">dig</span>(1)
@@ -610,6 +610,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-checkconf.html b/doc/arm/man.named-checkconf.html
index 1974aa2beb6..4f613a52f60 100644
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -61,7 +61,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.21.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named-checkconf</strong></span>
       checks the syntax, but not the semantics, of a
@@ -83,7 +83,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.21.8"></a><h2>OPTIONS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-h</span></dt>
@@ -160,7 +160,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.9"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.21.9"></a><h2>RETURN VALUES</h2>
 
     <p><span class="command"><strong>named-checkconf</strong></span>
       returns an exit status of 1 if
@@ -169,7 +169,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.22.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.21.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">named</span>(8)
@@ -200,6 +200,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-checkzone.html b/doc/arm/man.named-checkzone.html
index f36b1982a63..2033a1f639c 100644
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -111,7 +111,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.23.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.22.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
@@ -133,7 +133,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.23.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.22.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
@@ -421,7 +421,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.23.9"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.22.9"></a><h2>RETURN VALUES</h2>
 
     <p><span class="command"><strong>named-checkzone</strong></span>
       returns an exit status of 1 if
@@ -430,7 +430,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.23.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.22.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">named</span>(8)
@@ -463,6 +463,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-journalprint.html b/doc/arm/man.named-journalprint.html
index cb9bdd36c59..154f4d99d87 100644
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -56,7 +56,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.24.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.23.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>named-journalprint</strong></span>
@@ -84,7 +84,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.24.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.23.8"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
@@ -117,6 +117,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-nzd2nzf.html b/doc/arm/man.named-nzd2nzf.html
index d8a225ec4d9..feb9097f3f2 100644
--- a/doc/arm/man.named-nzd2nzf.html
+++ b/doc/arm/man.named-nzd2nzf.html
@@ -57,7 +57,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.25.6"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.24.6"></a><h2>DESCRIPTION</h2>
     
     <p>
       <span class="command"><strong>named-nzd2nzf</strong></span> converts an NZD database to NZF
@@ -71,7 +71,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.25.7"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.24.7"></a><h2>ARGUMENTS</h2>
     
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">filename</span></dt>
@@ -85,7 +85,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.25.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.24.8"></a><h2>SEE ALSO</h2>
     
     <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>
@@ -93,7 +93,7 @@
   </div>
 
   <div class="refsect1">
-<a name="id-1.13.25.9"></a><h2>AUTHOR</h2>
+<a name="id-1.13.24.9"></a><h2>AUTHOR</h2>
     
     <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
@@ -119,6 +119,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named-rrchecker.html b/doc/arm/man.named-rrchecker.html
index d235b4f8ee8..3fc4a8a7f2d 100644
--- a/doc/arm/man.named-rrchecker.html
+++ b/doc/arm/man.named-rrchecker.html
@@ -60,7 +60,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.25.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named-rrchecker</strong></span>
      read a individual DNS resource record from standard input and checks if it
@@ -90,7 +90,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.26.8"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.25.8"></a><h2>SEE ALSO</h2>
 
     <p>
       <em class="citetitle">RFC 1034</em>,
@@ -121,6 +121,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named.conf.html b/doc/arm/man.named.conf.html
index 7d255d6b3d5..800c8c263fd 100644
--- a/doc/arm/man.named.conf.html
+++ b/doc/arm/man.named.conf.html
@@ -55,7 +55,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.26.7"></a><h2>DESCRIPTION</h2>
 
     <p><code class="filename">named.conf</code> is the configuration file
       for
@@ -76,7 +76,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.8"></a><h2>ACL</h2>
+<a name="id-1.13.26.8"></a><h2>ACL</h2>
 
     <div class="literallayout"><p><br>
 acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -84,7 +84,7 @@ acl
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.9"></a><h2>CONTROLS</h2>
+<a name="id-1.13.26.9"></a><h2>CONTROLS</h2>
 
     <div class="literallayout"><p><br>
 controls {<br>
@@ -102,7 +102,7 @@ controls
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.10"></a><h2>DLZ</h2>
+<a name="id-1.13.26.10"></a><h2>DLZ</h2>
 
     <div class="literallayout"><p><br>
 dlz <em class="replaceable"><code>string</code></em> {<br>
@@ -113,7 +113,7 @@ dlz
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.11"></a><h2>DYNDB</h2>
+<a name="id-1.13.26.11"></a><h2>DYNDB</h2>
 
     <div class="literallayout"><p><br>
 dyndb <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>quoted_string</code></em> {<br>
@@ -122,7 +122,7 @@ dyndb
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.12"></a><h2>KEY</h2>
+<a name="id-1.13.26.12"></a><h2>KEY</h2>
 
     <div class="literallayout"><p><br>
 key <em class="replaceable"><code>string</code></em> {<br>
@@ -133,7 +133,7 @@ key
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.13"></a><h2>LOGGING</h2>
+<a name="id-1.13.26.13"></a><h2>LOGGING</h2>
 
     <div class="literallayout"><p><br>
 logging {<br>
@@ -156,7 +156,7 @@ logging
 
 
   <div class="refsection">
-<a name="id-1.13.27.14"></a><h2>MANAGED-KEYS</h2>
+<a name="id-1.13.26.14"></a><h2>MANAGED-KEYS</h2>
 
     <div class="literallayout"><p><br>
 managed-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em><br>
@@ -165,7 +165,7 @@ managed-keys
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.15"></a><h2>MASTERS</h2>
+<a name="id-1.13.26.15"></a><h2>MASTERS</h2>
 
     <div class="literallayout"><p><br>
 masters <em class="replaceable"><code>string</code></em> [ port <em class="replaceable"><code>integer</code></em> ] [ dscp<br>
@@ -176,7 +176,7 @@ masters
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.16"></a><h2>OPTIONS</h2>
+<a name="id-1.13.26.16"></a><h2>OPTIONS</h2>
 
     <div class="literallayout"><p><br>
 options {<br>
@@ -476,7 +476,7 @@ options
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.17"></a><h2>SERVER</h2>
+<a name="id-1.13.26.17"></a><h2>SERVER</h2>
 
     <div class="literallayout"><p><br>
 server <em class="replaceable"><code>netprefix</code></em> {<br>
@@ -515,7 +515,7 @@ server
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.18"></a><h2>STATISTICS-CHANNELS</h2>
+<a name="id-1.13.26.18"></a><h2>STATISTICS-CHANNELS</h2>
 
     <div class="literallayout"><p><br>
 statistics-channels {<br>
@@ -528,7 +528,7 @@ statistics-channels
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.19"></a><h2>TRUSTED-KEYS</h2>
+<a name="id-1.13.26.19"></a><h2>TRUSTED-KEYS</h2>
 
     <div class="literallayout"><p><br>
 trusted-keys { <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>integer</code></em> <em class="replaceable"><code>integer</code></em><br>
@@ -537,7 +537,7 @@ trusted-keys
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.20"></a><h2>VIEW</h2>
+<a name="id-1.13.26.20"></a><h2>VIEW</h2>
 
     <div class="literallayout"><p><br>
 view <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
@@ -910,7 +910,7 @@ view
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.21"></a><h2>ZONE</h2>
+<a name="id-1.13.26.21"></a><h2>ZONE</h2>
 
     <div class="literallayout"><p><br>
 zone <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
@@ -1009,14 +1009,14 @@ zone
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.22"></a><h2>FILES</h2>
+<a name="id-1.13.26.22"></a><h2>FILES</h2>
 
     <p><code class="filename">/etc/named.conf</code>
     </p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.27.23"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.26.23"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
 	<span class="refentrytitle">ddns-confgen</span>(8)
@@ -1057,6 +1057,6 @@ zone
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.named.html b/doc/arm/man.named.html
index 5d01ede92fd..afdc91cbdd2 100644
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -79,7 +79,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.27.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>named</strong></span>
       is a Domain Name System (DNS) server,
@@ -96,7 +96,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.27.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
@@ -375,7 +375,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.9"></a><h2>SIGNALS</h2>
+<a name="id-1.13.27.9"></a><h2>SIGNALS</h2>
 
     <p>
       In routine operation, signals should not be used to control
@@ -405,7 +405,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.10"></a><h2>CONFIGURATION</h2>
+<a name="id-1.13.27.10"></a><h2>CONFIGURATION</h2>
 
     <p>
       The <span class="command"><strong>named</strong></span> configuration file is too complex
@@ -426,7 +426,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.11"></a><h2>FILES</h2>
+<a name="id-1.13.27.11"></a><h2>FILES</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
@@ -447,7 +447,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.28.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.27.12"></a><h2>SEE ALSO</h2>
 
     <p><em class="citetitle">RFC 1033</em>,
       <em class="citetitle">RFC 1034</em>,
@@ -492,6 +492,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.nsec3hash.html b/doc/arm/man.nsec3hash.html
index fd570eb4c16..760ea3a248f 100644
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -67,7 +67,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.28.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>nsec3hash</strong></span> generates an NSEC3 hash based on
@@ -87,7 +87,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.28.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">salt</span></dt>
@@ -128,7 +128,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.29.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.28.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -155,6 +155,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.nslookup.html b/doc/arm/man.nslookup.html
index ff3d34ad041..9e419a49ba5 100644
--- a/doc/arm/man.nslookup.html
+++ b/doc/arm/man.nslookup.html
@@ -58,7 +58,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.29.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span class="command"><strong>Nslookup</strong></span>
@@ -72,7 +72,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.29.8"></a><h2>ARGUMENTS</h2>
 
     <p>
       Interactive mode is entered in the following cases:
@@ -121,7 +121,7 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.9"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id-1.13.29.9"></a><h2>INTERACTIVE COMMANDS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
@@ -372,7 +372,7 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.10"></a><h2>RETURN VALUES</h2>
+<a name="id-1.13.29.10"></a><h2>RETURN VALUES</h2>
     <p>
       <span class="command"><strong>nslookup</strong></span> returns with an exit status of 1
       if any query failed, and 0 otherwise.
@@ -380,14 +380,14 @@ nslookup -query=hinfo  -timeout=10
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.11"></a><h2>FILES</h2>
+<a name="id-1.13.29.11"></a><h2>FILES</h2>
 
     <p><code class="filename">/etc/resolv.conf</code>
     </p>
   </div>
 
   <div class="refsection">
-<a name="id-1.13.30.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.29.12"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">dig</span>(1)
@@ -420,6 +420,6 @@ nslookup -query=hinfo  -timeout=10
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 91b443abf70..e9eb2dc0a4d 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -64,7 +64,6 @@
        [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>]
        [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>]
        [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>]
-       [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>]
        [<code class="option">-v</code>]
        [<code class="option">-T</code>]
        [<code class="option">-P</code>]
@@ -78,7 +77,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.30.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>nsupdate</strong></span>
       is used to submit Dynamic DNS Update requests as defined in RFC 2136
@@ -138,7 +137,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.30.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
@@ -232,19 +231,6 @@
 	    one update request will be made.
 	  </p>
 	</dd>
-<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd>
-	<p>
-	  Where to obtain randomness. If the operating system
-	  does not provide a <code class="filename">/dev/random</code> or
-	  equivalent device, the default source of randomness is keyboard
-	  input.  <code class="filename">randomdev</code> specifies the name of
-	  a character device or file containing random data to be used
-	  instead of the default.  The special value
-	  <code class="filename">keyboard</code> indicates that keyboard input
-	  should be used.  This option may be specified multiple times.
-	</p>
-	</dd>
 <dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>
 <dd>
 	  <p>
@@ -322,7 +308,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.9"></a><h2>INPUT FORMAT</h2>
+<a name="id-1.13.30.9"></a><h2>INPUT FORMAT</h2>
 
     <p><span class="command"><strong>nsupdate</strong></span>
       reads input from
@@ -686,7 +672,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.10"></a><h2>EXAMPLES</h2>
+<a name="id-1.13.30.10"></a><h2>EXAMPLES</h2>
 
     <p>
       The examples below show how
@@ -742,7 +728,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.11"></a><h2>FILES</h2>
+<a name="id-1.13.30.11"></a><h2>FILES</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
@@ -780,7 +766,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.12"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.30.12"></a><h2>SEE ALSO</h2>
 
     <p>
       <em class="citetitle">RFC 2136</em>,
@@ -803,7 +789,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.31.13"></a><h2>BUGS</h2>
+<a name="id-1.13.30.13"></a><h2>BUGS</h2>
 
     <p>
       The TSIG key is redundantly stored in two separate files.
@@ -832,6 +818,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-destroy.html b/doc/arm/man.pkcs11-destroy.html
index 744962e1a7d..d11b1b05625 100644
--- a/doc/arm/man.pkcs11-destroy.html
+++ b/doc/arm/man.pkcs11-destroy.html
@@ -63,7 +63,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.32.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.31.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-destroy</strong></span> destroys keys stored in a
@@ -78,7 +78,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.32.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.31.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
@@ -127,7 +127,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.32.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.31.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
@@ -162,6 +162,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-keygen.html b/doc/arm/man.pkcs11-keygen.html
index ff445cff464..9417f6626b5 100644
--- a/doc/arm/man.pkcs11-keygen.html
+++ b/doc/arm/man.pkcs11-keygen.html
@@ -66,7 +66,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.33.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.32.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-keygen</strong></span> causes a PKCS#11 device to generate
@@ -76,7 +76,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.33.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.32.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
@@ -162,7 +162,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.33.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.32.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
@@ -200,6 +200,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-list.html b/doc/arm/man.pkcs11-list.html
index 3adf358019f..64638eb7e52 100644
--- a/doc/arm/man.pkcs11-list.html
+++ b/doc/arm/man.pkcs11-list.html
@@ -61,7 +61,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.34.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.33.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-list</strong></span>
@@ -75,7 +75,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.34.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.33.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-P</span></dt>
@@ -123,7 +123,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.34.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.33.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
@@ -158,6 +158,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.pkcs11-tokens.html b/doc/arm/man.pkcs11-tokens.html
index 0e0fb4b7ffb..58673d376f1 100644
--- a/doc/arm/man.pkcs11-tokens.html
+++ b/doc/arm/man.pkcs11-tokens.html
@@ -57,7 +57,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.35.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.34.7"></a><h2>DESCRIPTION</h2>
 
     <p>
       <span class="command"><strong>pkcs11-tokens</strong></span>
@@ -67,7 +67,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.35.8"></a><h2>ARGUMENTS</h2>
+<a name="id-1.13.34.8"></a><h2>ARGUMENTS</h2>
 
     <div class="variablelist"><dl class="variablelist">
 <dt><span class="term">-m <em class="replaceable"><code>module</code></em></span></dt>
@@ -88,7 +88,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.35.9"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.34.9"></a><h2>SEE ALSO</h2>
 
     <p>
       <span class="citerefentry">
@@ -123,6 +123,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index 588ffd9a4e8..0b6a4d3536a 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -58,7 +58,6 @@
        [<code class="option">-h</code>]
        [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
        [<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
        [<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
        [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
        [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
@@ -66,7 +65,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.35.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>rndc-confgen</strong></span>
       generates configuration files
@@ -85,7 +84,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.35.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
@@ -172,21 +171,6 @@
             The default is 953.
           </p>
         </dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
-<dd>
-          <p>
-            Specifies a source of random data for generating the
-            authorization.  If the operating
-            system does not provide a <code class="filename">/dev/random</code>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <code class="filename">randomdev</code>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard
-            input should be used.
-          </p>
-        </dd>
 <dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
 <dd>
           <p>
@@ -222,7 +206,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.9"></a><h2>EXAMPLES</h2>
+<a name="id-1.13.35.9"></a><h2>EXAMPLES</h2>
 
     <p>
       To allow <span class="command"><strong>rndc</strong></span> to be used with
@@ -241,7 +225,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.36.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.35.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">rndc</span>(8)
@@ -276,6 +260,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 535a58d4dea..1d137bcafc6 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -55,7 +55,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.36.7"></a><h2>DESCRIPTION</h2>
 
     <p><code class="filename">rndc.conf</code> is the configuration file
       for <span class="command"><strong>rndc</strong></span>, the BIND 9 name server control
@@ -143,7 +143,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.8"></a><h2>EXAMPLE</h2>
+<a name="id-1.13.36.8"></a><h2>EXAMPLE</h2>
 
 
     <pre class="programlisting">
@@ -221,7 +221,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.9"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id-1.13.36.9"></a><h2>NAME SERVER CONFIGURATION</h2>
 
     <p>
       The name server must be configured to accept rndc connections and
@@ -233,7 +233,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.37.10"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.36.10"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
         <span class="refentrytitle">rndc</span>(8)
@@ -268,6 +268,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index b494736cdf9..fc2077fcec6 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -67,7 +67,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.38.7"></a><h2>DESCRIPTION</h2>
+<a name="id-1.13.37.7"></a><h2>DESCRIPTION</h2>
 
     <p><span class="command"><strong>rndc</strong></span>
       controls the operation of a name
@@ -100,7 +100,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.38.8"></a><h2>OPTIONS</h2>
+<a name="id-1.13.37.8"></a><h2>OPTIONS</h2>
 
 
     <div class="variablelist"><dl class="variablelist">
@@ -210,7 +210,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.38.9"></a><h2>COMMANDS</h2>
+<a name="id-1.13.37.9"></a><h2>COMMANDS</h2>
 
     <p>
       A list of commands supported by <span class="command"><strong>rndc</strong></span> can
@@ -951,7 +951,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.38.10"></a><h2>LIMITATIONS</h2>
+<a name="id-1.13.37.10"></a><h2>LIMITATIONS</h2>
 
     <p>
       There is currently no way to provide the shared secret for a
@@ -963,7 +963,7 @@
   </div>
 
   <div class="refsection">
-<a name="id-1.13.38.11"></a><h2>SEE ALSO</h2>
+<a name="id-1.13.37.11"></a><h2>SEE ALSO</h2>
 
     <p><span class="citerefentry">
 	<span class="refentrytitle">rndc.conf</span>(5)
@@ -1002,6 +1002,6 @@
 </tr>
 </table>
 </div>
-<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0-dev</p>
+<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.13.0 (Development Release)</p>
 </body>
 </html>
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index fd14ce2f4bd..db17c9a9531 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -4,6 +4,7 @@
  - License, v. 2.0. If a copy of the MPL was not distributed with this
  - file, You can obtain one at http://mozilla.org/MPL/2.0/.
 -->
+<!-- $Id$ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -14,17 +15,41 @@
 
   <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id-1.2"></a>Release Notes for BIND Version 9.13.0-dev</h2></div></div></div>
+<a name="id-1.2"></a>Release Notes for BIND Version 9.13.0</h2></div></div></div>
   
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_intro"></a>Introduction</h3></div></div></div>
     <p>
-      BIND 9.13 is unstable development release of BIND.
+      BIND 9.13 is an unstable development release of BIND.
       This document summarizes new features and functional changes that
-      have been introduced on this branch.  With each development
-      release leading up to the stable BIND 9.14 release, this document
-      will be updated with additional features added and bugs fixed.
+      have been introduced on this branch.  With each development release
+      leading up to the stable BIND 9.14 release, this document will be
+      updated with additional features added and bugs fixed.
+    </p>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_versions"></a>Note on Version Numbering</h3></div></div></div>
+    <p>
+      Prior to BIND 9.13, new feature development releases were tagged
+      as "alpha" and "beta", leading up to the first stable release
+      for a given development branch, which always ended in ".0".
+    </p>
+    <p>
+      Now, however, BIND has adopted the "odd-unstable/even-stable"
+      release numbering convention. There will be no "alpha" or "beta"
+      releases in the 9.13 branch, only increasing version numbers.
+      So, for example, what would previously have been called 9.13.0a1,
+      9.13.0a2, 9.13.0b1, and so on, will instead be called 9.13.0,
+      9.13.1, 9.13.2, etc.
+    </p>
+    <p>
+      The first stable release from this development branch will be
+      renamed as 9.14.0. Thereafter, maintenance releases will continue
+      on the 9.14 branch, while unstable feature development proceeds in
+      9.15.
     </p>
   </div>
 
@@ -43,54 +68,129 @@
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_security"></a>Security Fixes</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+	<p>
+	  None.
+	</p>
+      </li></ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_features"></a>New Features</h3></div></div></div>
     <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem">
 	<p>
-	  Addresses could be referenced after being freed during resolver
-	  processing, causing an assertion failure. The chances of this
-	  happening were remote, but the introduction of a delay in
-	  resolution increased them. This bug is disclosed in
-	  CVE-2017-3145. [RT #46839]
+	  BIND now can be compiled against the <span class="command"><strong>libidn2</strong></span>
+	  library to add IDNA2008 support.  Previously, BIND supported
+	  IDNA2003 using the (now obsolete and unsupported)
+	  <span class="command"><strong>idnkit-1</strong></span> library.
 	</p>
       </li>
 <li class="listitem">
 	<p>
-	  update-policy rules that otherwise ignore the name field now
-	  require that it be set to "." to ensure that any type list
-	  present is properly interpreted.  If the name field was omitted
-	  from the rule declaration and a type list was present it wouldn't
-	  be interpreted as expected.
+	  <span class="command"><strong>named</strong></span> now supports the "root key sentinel"
+	  mechanism. This enables validating resolvers to indicate to
+	  which trust anchors are configured for the root, so that
+	  information about root key rollover status can be gathered.
+	  To disable this feature, add
+	  <span class="command"><strong>root-key-sentinel no;</strong></span> to
+	  <code class="filename">named.conf</code>.
 	</p>
       </li>
-</ul></div>
-  </div>
-
-  <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_features"></a>New Features</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+<li class="listitem">
 	<p>
-	  None.
+	  The <span class="command"><strong>dnskey-sig-validity</strong></span> option allows the
+	  <span class="command"><strong>sig-validity-interval</strong></span> to be overriden for
+	  signatures covering DNSKEY RRsets. [GL #145]
 	</p>
-      </li></ul></div>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_removed"></a>Removed Features</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
 	<p>
 	  <span class="command"><strong>dnssec-keygen</strong></span> can no longer generate HMAC
 	  keys for TSIG authentication. Use <span class="command"><strong>tsig-keygen</strong></span>
 	  to generate these keys. [RT #46404]
 	</p>
-      </li></ul></div>
+      </li>
+<li class="listitem">
+	<p>
+	  Support for OpenSSL 0.9.x has been removed.  OpenSSL version
+	  1.0.0 or greater, or LibreSSL is now required.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  The <span class="command"><strong>configure --enable-seccomp</strong></span> option,
+	  which formerly turned on system-call filtering on Linux, has
+	  been removed. [GL #93]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  IPv4 addresses in forms other than dotted-quad are no longer
+	  accepted in master files. [GL #13] [GL #56]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  IDNA2003 support via (bundled) idnkit-1.0 has been removed.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  The "rbtdb64" database implementation (a parallel
+	  implementation of "rbt") has been removed. [GL #217]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  The <span class="command"><strong>-r randomdev</strong></span> option to explicitly select
+	  random device has been removed from the
+	  <span class="command"><strong>ddns-confgen</strong></span>,
+	  <span class="command"><strong>rndc-confgen</strong></span>,
+	  <span class="command"><strong>nsupdate</strong></span>,
+	  <span class="command"><strong>dnssec-confgen</strong></span>, and
+	  <span class="command"><strong>dnssec-signzone</strong></span> commands.
+	</p>
+	<p>
+	  The <span class="command"><strong>-p</strong></span> option to use pseudo-random data
+	  has been removed from the <span class="command"><strong>dnssec-signzone</strong></span>
+	  command.
+	</p>
+      </li>
+</ul></div>
   </div>
 
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
     <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem">
+	<p>
+	  BIND will now always use the best CSPRNG (cryptographically-secure
+	  pseudo-random number generator) available on the platform where
+	  it is compiled.  It will use <span class="command"><strong>arc4random()</strong></span>
+	  family of functions on BSD operating systems,
+	  <span class="command"><strong>getrandom()</strong></span> on Linux and Solaris,
+	  <span class="command"><strong>CryptGenRandom</strong></span> on Windows, and the selected
+	  cryptography provider library (OpenSSL or PKCS#11) as the last
+	  resort. [GL #221]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  BIND can no longer be built without DNSSEC support. A cryptography
+	  provder (i.e., OpenSSL or a hardware service module with
+	  PKCS#11 support) must be available. [GL #244]
+	</p>
+      </li>
 <li class="listitem">
 	<p>
 	  Zone types <span class="command"><strong>primary</strong></span> and
@@ -106,29 +206,38 @@
 	  [RT #43670]
 	</p>
       </li>
-</ul></div>
-  </div>
-
-  <div class="section">
-<div class="titlepage"><div><div><h3 class="title">
-<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
-    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
 <li class="listitem">
 	<p>
-	  When answering authoritative queries, <span class="command"><strong>named</strong></span>
-	  does not return the target of a cross-zone CNAME between two
-	  locally served zones; this prevents accidental cache poisoning.
-	  This same restriction was incorrectly applied to recursive
-	  queries as well; this has been fixed. [RT #47078]
+	  <span class="command"><strong>dig +nssearch</strong></span> will now list name servers
+	  that have timed out, in addition to those that respond. [GL #64]
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  <span class="command"><strong>dig +noidnin</strong></span> can be used to disable IDN
+	  processing on the input domain name, when BIND is compiled
+	  with IDN support.
+	</p>
+      </li>
+<li class="listitem">
+	<p>
+	  Up to 64 <span class="command"><strong>response-policy</strong></span> zones are now
+	  supported by default; previously the limit was 32. [GL #123]
 	</p>
       </li>
 <li class="listitem">
 	<p>
-	  Attempting to validate improperly unsigned CNAME responses
-	  from secure zones could cause a validator loop. This caused
-	  a delay in returning SERVFAIL and also increased the chances
-	  of encountering the crash bug described in CVE-2017-3145.
-	  [RT #46839]
+	  Several configuration options for time periods can now use
+	  TTL value suffixes (for example, <code class="literal">2h</code> or
+	  <code class="literal">1d</code>) in addition to an integer number of
+	  seconds. These include
+	  <span class="command"><strong>fstrm-set-reopen-interval</strong></span>,
+	  <span class="command"><strong>interface-interval</strong></span>,
+	  <span class="command"><strong>max-cache-ttl</strong></span>,
+	  <span class="command"><strong>max-ncache-ttl</strong></span>,
+	  <span class="command"><strong>max-policy-ttl</strong></span>, and
+	  <span class="command"><strong>min-update-interval</strong></span>.
+	  [GL #203]
 	</p>
       </li>
 </ul></div>
@@ -136,6 +245,16 @@
 
   <div class="section">
 <div class="titlepage"><div><div><h3 class="title">
+<a name="relnotes_bugs"></a>Bug Fixes</h3></div></div></div>
+    <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; "><li class="listitem">
+	<p>
+	  None.
+	</p>
+      </li></ul></div>
+  </div>
+
+  <div class="section">
+<div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_license"></a>License</h3></div></div></div>
     <p>
       BIND is open source software licenced under the terms of the Mozilla
@@ -169,8 +288,8 @@
     <p>
       The end of life date for BIND 9.14 has not yet been determined.
       For those needing long term support, the current Extended Support
-      Version (ESV) is BIND 9.11, which will be supported until December
-      2021. See
+      Version (ESV) is BIND 9.11, which will be supported until at
+      least December 2021. See
       <a class="link" href="https://www.isc.org/downloads/software-support-policy/" target="_top">https://www.isc.org/downloads/software-support-policy/</a>
       for details of ISC's software support policy.
     </p>
diff --git a/doc/arm/notes.pdf b/doc/arm/notes.pdf
index 663abae8a02..2ffa114b9ce 100644
Binary files a/doc/arm/notes.pdf and b/doc/arm/notes.pdf differ
diff --git a/doc/misc/master.zoneopt b/doc/misc/master.zoneopt
index 7bec788bb65..42b794de511 100644
--- a/doc/misc/master.zoneopt
+++ b/doc/misc/master.zoneopt
@@ -20,6 +20,7 @@ zone <string> [ <class> ] {
 	database <string>;
 	dialup ( notify | notify-passive | passive | refresh | <boolean> );
 	dlz <string>;
+	dnskey-sig-validity <integer>;
 	dnssec-dnskey-kskonly <boolean>;
 	dnssec-loadkeys-interval <integer>;
 	dnssec-secure-to-insecure <boolean>;
diff --git a/doc/misc/options b/doc/misc/options
index 6606dc93e14..e2bcd1eb9e0 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -92,7 +92,7 @@ options {
             <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
             port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
             <string> ]; ... } ] [ zone-directory <quoted_string> ] [
-            in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+            in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... };
         check-dup-records ( fail | warn | ignore );
         check-integrity <boolean>;
         check-mx ( fail | warn | ignore );
@@ -132,6 +132,7 @@ options {
         }; // may occur multiple times
         dns64-contact <string>;
         dns64-server <string>;
+        dnskey-sig-validity <integer>;
         dnsrps-enable <boolean>; // not configured
         dnsrps-options { <unspecified-text> }; // not configured
         dnssec-accept-expired <boolean>;
@@ -182,7 +183,7 @@ options {
         fstrm-set-output-notify-threshold <integer>; // not configured
         fstrm-set-output-queue-model ( mpsc | spsc ); // not configured
         fstrm-set-output-queue-size <integer>; // not configured
-        fstrm-set-reopen-interval <integer>; // not configured
+        fstrm-set-reopen-interval <ttlval>; // not configured
         geoip-directory ( <quoted_string> | none ); // not configured
         geoip-use-ecs <boolean>; // not configured
         glue-cache <boolean>;
@@ -192,7 +193,7 @@ options {
         host-statistics-max <integer>; // not implemented
         hostname ( <quoted_string> | none );
         inline-signing <boolean>;
-        interface-interval <integer>;
+        interface-interval <ttlval>;
         ixfr-from-differences ( primary | master | secondary | slave |
             <boolean> );
         keep-response-order { <address_match_element>; ... };
@@ -213,11 +214,11 @@ options {
         match-mapped-addresses <boolean>;
         max-acache-size ( unlimited | <sizeval> ); // obsolete
         max-cache-size ( default | unlimited | <sizeval> | <percentage> );
-        max-cache-ttl <integer>;
+        max-cache-ttl <ttlval>;
         max-clients-per-query <integer>;
         max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
         max-journal-size ( default | unlimited | <sizeval> );
-        max-ncache-ttl <integer>;
+        max-ncache-ttl <ttlval>;
         max-records <integer>;
         max-recursion-depth <integer>;
         max-recursion-queries <integer>;
@@ -305,12 +306,12 @@ options {
         response-padding { <address_match_element>; ... } block-size
             <integer>;
         response-policy { zone <quoted_string> [ log <boolean> ] [
-            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+            max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
             policy ( cname | disabled | drop | given | no-op | nodata |
             nxdomain | passthru | tcp-only <quoted_string> ) ] [
             recursive-only <boolean> ] [ nsip-enable <boolean> ] [
             nsdname-enable <boolean> ]; ... } [ break-dnssec <boolean> ] [
-            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+            max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
             min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
             qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [
             nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
@@ -459,7 +460,7 @@ view <string> [ <class> ] {
             <integer> ] [ dscp <integer> ] { ( <masters> | <ipv4_address> [
             port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key
             <string> ]; ... } ] [ zone-directory <quoted_string> ] [
-            in-memory <boolean> ] [ min-update-interval <integer> ]; ... };
+            in-memory <boolean> ] [ min-update-interval <ttlval> ]; ... };
         check-dup-records ( fail | warn | ignore );
         check-integrity <boolean>;
         check-mx ( fail | warn | ignore );
@@ -497,6 +498,7 @@ view <string> [ <class> ] {
         }; // may occur multiple times
         dns64-contact <string>;
         dns64-server <string>;
+        dnskey-sig-validity <integer>;
         dnsrps-enable <boolean>; // not configured
         dnsrps-options { <unspecified-text> }; // not configured
         dnssec-accept-expired <boolean>;
@@ -553,11 +555,11 @@ view <string> [ <class> ] {
         match-recursive-only <boolean>;
         max-acache-size ( unlimited | <sizeval> ); // obsolete
         max-cache-size ( default | unlimited | <sizeval> | <percentage> );
-        max-cache-ttl <integer>;
+        max-cache-ttl <ttlval>;
         max-clients-per-query <integer>;
         max-ixfr-log-size ( default | unlimited | <sizeval> ); // obsolete
         max-journal-size ( default | unlimited | <sizeval> );
-        max-ncache-ttl <integer>;
+        max-ncache-ttl <ttlval>;
         max-records <integer>;
         max-recursion-depth <integer>;
         max-recursion-queries <integer>;
@@ -632,20 +634,20 @@ view <string> [ <class> ] {
         response-padding { <address_match_element>; ... } block-size
             <integer>;
         response-policy { zone <quoted_string> [ log <boolean> ] [
-            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+            max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
             policy ( cname | disabled | drop | given | no-op | nodata |
             nxdomain | passthru | tcp-only <quoted_string> ) ] [
             recursive-only <boolean> ] [ nsip-enable <boolean> ] [
             nsdname-enable <boolean> ]; ... } [ break-dnssec <boolean> ] [
-            max-policy-ttl <integer> ] [ min-update-interval <integer> ] [
+            max-policy-ttl <ttlval> ] [ min-update-interval <ttlval> ] [
             min-ns-dots <integer> ] [ nsip-wait-recurse <boolean> ] [
             qname-wait-recurse <boolean> ] [ recursive-only <boolean> ] [
             nsip-enable <boolean> ] [ nsdname-enable <boolean> ] [
             dnsrps-enable <boolean> ] [ dnsrps-options { <unspecified-text>
             } ];
         rfc2308-type1 <boolean>; // not yet implemented
-        root-key-sentinel <boolean>;
         root-delegation-only [ exclude { <quoted_string>; ... } ];
+        root-key-sentinel <boolean>;
         rrset-order { [ class <string> ] [ type <string> ] [ name
             <quoted_string> ] <string> <string>; ... };
         send-cookie <boolean>;
@@ -743,6 +745,7 @@ view <string> [ <class> ] {
                 dialup ( notify | notify-passive | passive | refresh |
                     <boolean> );
                 dlz <string>;
+                dnskey-sig-validity <integer>;
                 dnssec-dnskey-kskonly <boolean>;
                 dnssec-loadkeys-interval <integer>;
                 dnssec-secure-to-insecure <boolean>;
@@ -850,6 +853,7 @@ zone <string> [ <class> ] {
         delegation-only <boolean>;
         dialup ( notify | notify-passive | passive | refresh | <boolean> );
         dlz <string>;
+        dnskey-sig-validity <integer>;
         dnssec-dnskey-kskonly <boolean>;
         dnssec-loadkeys-interval <integer>;
         dnssec-secure-to-insecure <boolean>;
diff --git a/doc/misc/slave.zoneopt b/doc/misc/slave.zoneopt
index a9e62a45031..248823a88bd 100644
--- a/doc/misc/slave.zoneopt
+++ b/doc/misc/slave.zoneopt
@@ -13,6 +13,7 @@ zone <string> [ <class> ] {
 	database <string>;
 	dialup ( notify | notify-passive | passive | refresh | <boolean> );
 	dlz <string>;
+	dnskey-sig-validity <integer>;
 	dnssec-dnskey-kskonly <boolean>;
 	dnssec-loadkeys-interval <integer>;
 	dnssec-update-mode ( maintain | no-resign );
diff --git a/isc-config.sh.1 b/isc-config.sh.1
index 869cdbe0ceb..2921c339300 100644
--- a/isc-config.sh.1
+++ b/isc-config.sh.1
@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" This Source Code Form is subject to the terms of the Mozilla Public
 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
@@ -90,5 +90,5 @@ returns an exit status of 1 if invoked with invalid arguments or no arguments at
 \fBInternet Systems Consortium, Inc\&.\fR
 .SH "COPYRIGHT"
 .br
-Copyright \(co 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
 .br
diff --git a/isc-config.sh.html b/isc-config.sh.html
index 8022b416a9a..849b12d8d3a 100644
--- a/isc-config.sh.html
+++ b/isc-config.sh.html
@@ -1,6 +1,6 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 <!--
- - Copyright (C) 2009, 2014-2017 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
  - 
  - This Source Code Form is subject to the terms of the Mozilla Public
  - License, v. 2.0. If a copy of the MPL was not distributed with this
diff --git a/lib/isc/tests/Atffile b/lib/isc/tests/Atffile
index 506c656e8fc..8681844d411 100644
--- a/lib/isc/tests/Atffile
+++ b/lib/isc/tests/Atffile
@@ -29,5 +29,5 @@ tp: socket_test
 tp: symtab_test
 tp: task_test
 tp: taskpool_test
-tp: timer_test
 tp: time_test
+tp: timer_test