cleanup trailing white space in SGML like files

2025-09-03 16:15:27 +00:00 · 2015-10-22 16:09:46 +11:00
parent 04893d38e0
commit 30eec077db
74 changed files with 444 additions and 436 deletions
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -17,7 +17,7 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <article xmlns="http://docbook.org/ns/docbook" version="5.0" class="faq">
-  
+
  <info>
    <copyright>
      <year>2004</year>
@@ -40,9 +40,9 @@
    </copyright>
  </info>
  <qandaset defaultlabel="qanda">
-	  
+
-    <qandadiv><title>Compilation and Installation Questions</title>	  
+    <qandadiv><title>Compilation and Installation Questions</title>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -58,7 +58,7 @@
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -67,7 +67,7 @@
      </question>
      <answer>
 	<para>
-	  Short Answer: No. 
+	  Short Answer: No.
 	</para>
 	<para>
 	  Long Answer: There really isn't a default configuration which fits
@@ -90,9 +90,9 @@
 	</para>
      </answer>
    </qandaentry>
-    
+
    </qandadiv> <!-- Compilation and Installation Questions -->
-	    
+
    <qandadiv><title>Configuration and Setup Questions</title>
    <qandaentry>
@@ -122,7 +122,7 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
 	</informalexample>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <!-- configuration -->
      <question>
@@ -248,7 +248,7 @@ view "chaos" chaos {
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -263,7 +263,7 @@ view "chaos" chaos {
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -356,7 +356,7 @@ Slave 10.0.1.2:
 	</informalexample>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -389,7 +389,7 @@ named-checkzone example.com tmp</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -413,7 +413,7 @@ named-checkzone example.com tmp</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -508,7 +508,7 @@ Master 10.0.1.1:
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -548,7 +548,7 @@ Master 10.0.1.1:
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -600,7 +600,7 @@ zone "example.net" {
 	</informalexample>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -691,9 +691,9 @@ server ::/0 { bogus yes; };
 </programlisting>
      </answer>
    </qandaentry>
-    
+
    </qandadiv> <!-- Configuration and Setup Questions -->
-    
+
    <qandadiv><title>Operations Questions</title>
    <qandaentry>
@@ -765,7 +765,7 @@ server ::/0 { bogus yes; };
    </qandadiv> <!-- Operations Questions -->
    <qandadiv><title>General Questions</title>
-	    
+
    <qandaentry>
      <question>
 	<para>
@@ -810,7 +810,7 @@ server ::/0 { bogus yes; };
 	</para>
      </answer>
    </qandaentry>
-	    
+
    <qandaentry>
      <question>
 	<para>
@@ -845,7 +845,7 @@ server ::/0 { bogus yes; };
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -863,7 +863,7 @@ server ::/0 { bogus yes; };
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -879,7 +879,7 @@ server ::/0 { bogus yes; };
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -906,7 +906,7 @@ serial-query-rate 5; // default 20</programlisting>
      </answer>
    </qandaentry>
-    <qandaentry>	    
+    <qandaentry>
      <question>
 	<para>
 	  I don't get RRSIG's returned when I use "dig +dnssec".
@@ -918,7 +918,7 @@ serial-query-rate 5; // default 20</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -1002,7 +1002,7 @@ empty:
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -1079,7 +1079,7 @@ empty:
    </qandaentry>
    </qandadiv> <!-- General Questions -->
-    
+
    <qandadiv><title>Operating-System Specific Questions</title>
    <qandadiv><title>HPUX</title>
@@ -1109,9 +1109,9 @@ configure: error: need either working unistd.h or sys/select.h</programlisting>
    </qandadiv> <!-- HPUX -->
    <qandadiv><title>Linux</title>
-	    
+
    <qandaentry>
-      <question> 
+      <question>
 	<para>
 	  Why do I get the following errors:
 <programlisting>general: errno2result.c:109: unexpected error:
@@ -1174,7 +1174,7 @@ echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -1193,7 +1193,7 @@ echo "1" &gt; proc/sys/net/core/xfrm_larval_drop</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -1214,7 +1214,7 @@ modprobe capability</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -1274,7 +1274,7 @@ $ROOTDIR/var/tmp
 	  able to write or create files except in the directories
 	  above, with SELinux in Enforcing mode.
 	</para>
-  
+
 	<para>
 	  So, to allow named to update slave or DDNS zone files,
 	  it is best to locate them in $ROOTDIR/var/named/slaves,
@@ -1285,7 +1285,7 @@ zone "slave.zone." IN {
 	type slave;
 	file "slaves/slave.zone.db";
 	...
-};   
+};
 zone "ddns.zone." IN  {
 	type master;
 	allow-updates {...};
@@ -1318,13 +1318,13 @@ options {
 	  system-config-securitylevel GUI, using the 'setsebool'
 	  command, or in /etc/selinux/targeted/booleans.
 	</para>
-  
+
 	<para>
 	  You can disable SELinux protection for named entirely by
 	  setting the 'named_disable_trans=1' SELinux tunable boolean
 	  parameter.
 	</para>
-    
+
 	<para>
 	  The SELinux named policy defines these SELinux contexts for named:
 	  <informalexample>
@@ -1335,7 +1335,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	    </programlisting>
 	  </informalexample>
 	</para>
-   
+
 	<para>
 	  If you want to retain use of the SELinux policy for named,
 	  and put named files in different locations, you can do
@@ -1353,7 +1353,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	    </programlisting>
 	  </informalexample>
 	</para>
-  
+
 	<para>
 	  To create a custom modifiable named data location, e.g.
 	  '/var/log/named' for a log file, do:
@@ -1363,7 +1363,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	    </programlisting>
 	  </informalexample>
 	</para>
-   
+
 	<para>
   To create a custom zone file location, e.g. /root/zones/, do:
 	  <informalexample>
@@ -1372,7 +1372,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	    </programlisting>
 	  </informalexample>
 	</para>
-  
+
 	<para>
 	  See these man-pages for more information : selinux(8),
 	  named_selinux(8), chcon(1), setsebool(8)
@@ -1433,11 +1433,11 @@ proc /var/named/proc proc defaults 0 0</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    </qandadiv> <!-- Linux -->
-    
+
    <qandadiv><title>Windows</title>
-	    
+
    <qandaentry>
      <question>
 	<para>
@@ -1458,7 +1458,7 @@ proc /var/named/proc proc defaults 0 0</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    <qandaentry>
      <question>
 	<para>
@@ -1484,11 +1484,11 @@ options {
 	</informalexample>
      </answer>
    </qandaentry>
-	    
+
    </qandadiv> <!-- Windows -->
-    
+
    <qandadiv><title>FreeBSD</title>
-	    
+
    <qandaentry>
      <question>
 	<para>
@@ -1513,11 +1513,11 @@ rand_irqs="3 14 15"</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    </qandadiv> <!-- FreeBSD -->
-    
+
    <qandadiv><title>Solaris</title>
-	    
+
    <qandaentry>
      <question>
 	<para>
@@ -1535,7 +1535,7 @@ rand_irqs="3 14 15"</programlisting>
 	</para>
      </answer>
    </qandaentry>
-    
+
    </qandadiv> <!-- Solaris -->
    <qandadiv><title>Apple Mac OS X</title>
@@ -1601,7 +1601,7 @@ key "rndc-key" {
    </qandaentry>
    </qandadiv> <!-- Apple Mac OS X -->
-    
+
    </qandadiv> <!-- Operating-System Specific Questions -->
  </qandaset>
--- a/bin/check/named-checkconf.docbook
+++ b/bin/check/named-checkconf.docbook
@@ -71,7 +71,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>named-checkconf</command>
      checks the syntax, but not the semantics, of a
      <command>named</command> configuration file.  The file is parsed
@@ -92,7 +92,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -184,7 +184,7 @@
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><command>named-checkconf</command>
      returns an exit status of 1 if
      errors were detected and 0 otherwise.
@@ -192,7 +192,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/check/named-checkzone.docbook
+++ b/bin/check/named-checkzone.docbook
@@ -122,7 +122,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>named-checkzone</command>
      checks the syntax and integrity of a zone file.  It performs the
      same checks as <command>named</command> does when loading a
@@ -143,7 +143,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -387,7 +387,7 @@
        <listitem>
 	  <para>
            Check for records that are treated as different by DNSSEC but
-	    are semantically equal in plain DNS.  
+	    are semantically equal in plain DNS.
            Possible modes are <command>"fail"</command>,
            <command>"warn"</command> (default) and
            <command>"ignore"</command>.
@@ -511,7 +511,7 @@
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><command>named-checkzone</command>
      returns an exit status of 1 if
      errors were detected and 0 otherwise.
@@ -519,12 +519,12 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citerefentry>
-        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>  
+        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>RFC 1035</citetitle>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
--- a/bin/confgen/ddns-confgen.docbook
+++ b/bin/confgen/ddns-confgen.docbook
@@ -67,7 +67,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>tsig-keygen</command> and <command>ddns-confgen</command>
      are invocation methods for a utility that generates keys for use
@@ -99,7 +99,7 @@
      local DDNS key for use with <command>nsupdate -l</command>:
      it does this when a zone is configured with
      <command>update-policy local;</command>.
-      <command>ddns-confgen</command> is only needed when a 
+      <command>ddns-confgen</command> is only needed when a
      more elaborate configuration is required: for instance,
      if <command>nsupdate</command> is to be used from a remote
      system.
@@ -107,7 +107,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -215,7 +215,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
 	<refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
--- a/bin/confgen/rndc-confgen.docbook
+++ b/bin/confgen/rndc-confgen.docbook
@@ -72,7 +72,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>rndc-confgen</command>
      generates configuration files
      for <command>rndc</command>.  It can be used as a
@@ -90,7 +90,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -259,7 +259,7 @@
  </refsection>
  <refsection><info><title>EXAMPLES</title></info>
-    
+
    <para>
      To allow <command>rndc</command> to be used with
      no manual configuration, run
@@ -277,7 +277,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/delv/delv.docbook
+++ b/bin/delv/delv.docbook
@@ -85,7 +85,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>delv</command>
      (Domain Entity Lookup &amp; Validation) is a tool for sending
      DNS queries and validating the results, using the same internal
@@ -129,7 +129,7 @@
  </refsection>
  <refsection><info><title>SIMPLE USAGE</title></info>
-    
+
    <para>
      A typical invocation of <command>delv</command> looks like:
@@ -196,7 +196,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -398,7 +398,7 @@
  </refsection>
  <refsection><info><title>QUERY OPTIONS</title></info>
-    
+
    <para><command>delv</command>
      provides a number of query options which affect the way results are
@@ -585,7 +585,7 @@
 	  <listitem>
 	    <para>
 	      Set or clear the display options
-	      <option>+[no]comments</option>, 
+	      <option>+[no]comments</option>,
 	      <option>+[no]rrcomments</option>, and
 	      <option>+[no]trust</option> as a group.
 	    </para>
@@ -668,13 +668,13 @@
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <para><filename>/etc/bind.keys</filename></para>
    <para><filename>/etc/resolv.conf</filename></para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
 	<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
--- a/bin/dig/dig.docbook
+++ b/bin/dig/dig.docbook
@@ -98,7 +98,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dig</command>
      (domain information groper) is a flexible tool
      for interrogating DNS name servers.  It performs DNS lookups and
@@ -144,7 +144,7 @@
    <para>
      The IN and CH class names overlap with the IN and CH top level
      domain names.  Either use the <option>-t</option> and
-      <option>-c</option> options to specify the type and class, 
+      <option>-c</option> options to specify the type and class,
      use the <option>-q</option> the specify the domain name, or
      use "IN." and "CH." when looking up these top level domains.
    </para>
@@ -152,7 +152,7 @@
  </refsection>
  <refsection><info><title>SIMPLE USAGE</title></info>
-    
+
    <para>
      A typical invocation of <command>dig</command> looks like:
@@ -218,7 +218,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -421,7 +421,7 @@
  </refsection>
  <refsection><info><title>QUERY OPTIONS</title></info>
-    
+
    <para><command>dig</command>
      provides a number of query options which affect
@@ -1160,7 +1160,7 @@
  </refsection>
  <refsection><info><title>MULTIPLE QUERIES</title></info>
-    
+
    <para>
      The BIND 9 implementation of <command>dig </command>
@@ -1209,7 +1209,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
  </refsection>
  <refsection><info><title>IDN SUPPORT</title></info>
-    
+
    <para>
      If <command>dig</command> has been built with IDN (internationalized
      domain name) support, it can accept and display non-ASCII domain names.
@@ -1218,13 +1218,13 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
      reply from the server.
      If you'd like to turn off the IDN support for some reason, defines
      the <envar>IDN_DISABLE</envar> environment variable.
-      The IDN support is disabled if the variable is set when 
+      The IDN support is disabled if the variable is set when
      <command>dig</command> runs.
    </para>
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <para><filename>/etc/resolv.conf</filename>
    </para>
    <para><filename>${HOME}/.digrc</filename>
@@ -1232,7 +1232,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
 	<refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
@@ -1247,7 +1247,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
  </refsection>
  <refsection><info><title>BUGS</title></info>
-    
+
    <para>
      There are probably too many query options.
    </para>
--- a/bin/dig/host.docbook
+++ b/bin/dig/host.docbook
@@ -77,7 +77,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>host</command>
      is a simple utility for performing DNS lookups.
@@ -240,7 +240,7 @@
    </para>
    <para>
-      The <option>-s</option> option tells <command>host</command> 
+      The <option>-s</option> option tells <command>host</command>
      <emphasis>not</emphasis> to send the query to the next nameserver
      if any server responds with a SERVFAIL response, which is the
      reverse of normal stub resolver behavior.
@@ -260,10 +260,10 @@
  </refsection>
  <refsection><info><title>IDN SUPPORT</title></info>
-    
+
    <para>
      If <command>host</command> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names. 
+      domain name) support, it can accept and display non-ASCII domain names.
      <command>host</command> appropriately converts character encoding of
      domain name before sending a request to DNS server or displaying a
      reply from the server.
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -87,7 +87,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>Nslookup</command>
      is a program to query Internet domain name servers.  <command>Nslookup</command>
      has two modes: interactive and non-interactive.  Interactive mode allows
@@ -100,7 +100,7 @@
  </refsection>
  <refsection><info><title>ARGUMENTS</title></info>
-    
+
    <para>
      Interactive mode is entered in the following cases:
      <orderedlist numeration="loweralpha" inheritnum="ignore" continuation="restarts">
@@ -144,7 +144,7 @@ nslookup -query=hinfo  -timeout=10
  </refsection>
  <refsection><info><title>INTERACTIVE COMMANDS</title></info>
-    
+
    <variablelist>
      <varlistentry>
        <term><constant>host</constant> <optional>server</optional></term>
@@ -480,13 +480,13 @@ nslookup -query=hinfo  -timeout=10
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <para><filename>/etc/resolv.conf</filename>
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-dsfromkey.docbook
+++ b/bin/dnssec/dnssec-dsfromkey.docbook
@@ -84,7 +84,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-dsfromkey</command>
      outputs the Delegation Signer (DS) resource record (RR), as defined in
      RFC 3658 and RFC 4509, for the given key(s).
@@ -92,7 +92,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -183,7 +183,7 @@
          <para>
            Include ZSKs when generating DS records.  Without this option,
            only keys which have the KSK flag set will be converted to DS
-            records and printed.  Useful only in zone file mode. 
+            records and printed.  Useful only in zone file mode.
          </para>
        </listitem>
      </varlistentry>
@@ -252,7 +252,7 @@
  </refsection>
  <refsection><info><title>EXAMPLE</title></info>
-    
+
    <para>
      To build the SHA-256 DS RR from the
      <userinput>Kexample.com.+003+26160</userinput>
@@ -268,7 +268,7 @@
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <para>
      The keyfile can be designed by the key identification
      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
@@ -283,14 +283,14 @@
  </refsection>
  <refsection><info><title>CAVEAT</title></info>
-    
+
    <para>
      A keyfile error can give a "file not found" even if the file exists.
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-importkey.docbook
+++ b/bin/dnssec/dnssec-importkey.docbook
@@ -71,7 +71,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-importkey</command>
      reads a public DNSKEY record and generates a pair of
      .key/.private files.  The DNSKEY record may be read from an
@@ -92,7 +92,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -110,7 +110,7 @@
          </para>
        </listitem>
      </varlistentry>
-  
+
      <varlistentry>
        <term>-K <replaceable class="parameter">directory</replaceable></term>
        <listitem>
@@ -142,7 +142,7 @@
 	  </para>
        </listitem>
      </varlistentry>
-  
+
      <varlistentry>
        <term>-v <replaceable class="parameter">level</replaceable></term>
        <listitem>
@@ -165,7 +165,7 @@
  </refsection>
  <refsection><info><title>TIMING OPTIONS</title></info>
-    
+
    <para>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
      If the argument begins with a '+' or '-', it is interpreted as
@@ -205,7 +205,7 @@
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <para>
      A keyfile can be designed by the key identification
      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
@@ -215,7 +215,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-keyfromlabel.docbook
+++ b/bin/dnssec/dnssec-keyfromlabel.docbook
@@ -79,7 +79,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-keyfromlabel</command>
      generates a key pair of files that referencing a key object stored
      in a cryptographic hardware service module (HSM).  The private key
@@ -96,7 +96,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -364,7 +364,7 @@
  </refsection>
  <refsection><info><title>TIMING OPTIONS</title></info>
-    
+
    <para>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
@@ -450,7 +450,7 @@
          </para>
          <para>
            If the key is being created as an explicit successor to another
-            key, then the default prepublication interval is 30 days; 
+            key, then the default prepublication interval is 30 days;
            otherwise it is zero.
          </para>
          <para>
@@ -467,7 +467,7 @@
  </refsection>
  <refsection><info><title>GENERATED KEY FILES</title></info>
-    
+
    <para>
      When <command>dnssec-keyfromlabel</command> completes
      successfully,
@@ -491,7 +491,7 @@
        </para>
      </listitem>
    </itemizedlist>
-    <para><command>dnssec-keyfromlabel</command> 
+    <para><command>dnssec-keyfromlabel</command>
      creates two files, with names based
      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
      contains the public key, and
@@ -513,7 +513,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-keygen.docbook
+++ b/bin/dnssec/dnssec-keygen.docbook
@@ -96,7 +96,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-keygen</command>
      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
      and RFC 4034.  It can also generate keys for use with
@@ -111,7 +111,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -441,7 +441,7 @@
  </refsection>
  <refsection><info><title>TIMING OPTIONS</title></info>
-    
+
    <para>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
@@ -529,7 +529,7 @@
          </para>
          <para>
            If the key is being created as an explicit successor to another
-            key, then the default prepublication interval is 30 days; 
+            key, then the default prepublication interval is 30 days;
            otherwise it is zero.
          </para>
          <para>
@@ -547,7 +547,7 @@
  <refsection><info><title>GENERATED KEYS</title></info>
-    
+
    <para>
      When <command>dnssec-keygen</command> completes
      successfully,
@@ -572,7 +572,7 @@
        </para>
      </listitem>
    </itemizedlist>
-    <para><command>dnssec-keygen</command> 
+    <para><command>dnssec-keygen</command>
      creates two files, with names based
      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
      contains the public key, and
@@ -600,7 +600,7 @@
  </refsection>
  <refsection><info><title>EXAMPLE</title></info>
-    
+
    <para>
      To generate a 768-bit DSA key for the domain
      <userinput>example.com</userinput>, the following command would be
@@ -622,7 +622,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-revoke.docbook
+++ b/bin/dnssec/dnssec-revoke.docbook
@@ -60,7 +60,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-revoke</command>
      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
      in RFC 5011, and creates a new pair of key files containing the
@@ -69,7 +69,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -80,7 +80,7 @@
 	  </para>
        </listitem>
      </varlistentry>
-  
+
      <varlistentry>
        <term>-K <replaceable class="parameter">directory</replaceable></term>
        <listitem>
@@ -159,7 +159,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-settime.docbook
+++ b/bin/dnssec/dnssec-settime.docbook
@@ -66,7 +66,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-settime</command>
      reads a DNSSEC private key file and sets the key timing metadata
      as specified by the <option>-P</option>, <option>-A</option>,
@@ -93,7 +93,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -105,13 +105,13 @@
            fail when attempting to update a legacy key.  With this option,
            the key will be recreated in the new format, but with the
            original key data retained.  The key's creation date will be
-            set to the present time.  If no other values are specified, 
+            set to the present time.  If no other values are specified,
-            then the key's publication and activation dates will also 
+            then the key's publication and activation dates will also
            be set to the present time.
 	  </para>
        </listitem>
      </varlistentry>
-  
+
      <varlistentry>
        <term>-K <replaceable class="parameter">directory</replaceable></term>
        <listitem>
@@ -145,7 +145,7 @@
 	  </para>
        </listitem>
      </varlistentry>
-  
+
      <varlistentry>
 	<term>-V</term>
        <listitem>
@@ -184,7 +184,7 @@
  </refsection>
  <refsection><info><title>TIMING OPTIONS</title></info>
-    
+
    <para>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
      If the argument begins with a '+' or '-', it is interpreted as
@@ -281,7 +281,7 @@
          </para>
          <para>
            If the key is being set to be an explicit successor to another
-            key, then the default prepublication interval is 30 days; 
+            key, then the default prepublication interval is 30 days;
            otherwise it is zero.
          </para>
          <para>
@@ -297,7 +297,7 @@
  </refsection>
  <refsection><info><title>PRINTING OPTIONS</title></info>
-    
+
    <para>
      <command>dnssec-settime</command> can also be used to print the
      timing metadata associated with a key.
@@ -335,7 +335,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-signzone.docbook
+++ b/bin/dnssec/dnssec-signzone.docbook
@@ -107,7 +107,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-signzone</command>
      signs a zone.  It generates
      NSEC and RRSIG records and produces a signed version of the
@@ -119,7 +119,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -174,7 +174,7 @@
 	    (<option>-S</option>) is used, DNSKEY records are also
 	    included. The resulting file can be included in the original
 	    zone file with <command>$INCLUDE</command>. This option
-	    cannot be combined with <option>-O raw</option>, 
+	    cannot be combined with <option>-O raw</option>,
            <option>-O map</option>, or serial number updating.
          </para>
        </listitem>
@@ -551,7 +551,7 @@
          <para>
            Normally, when a previously-signed zone is passed as input
            to the signer, and a DNSKEY record has been removed and
-            replaced with a new one, signatures from the old key 
+            replaced with a new one, signatures from the old key
            that are still within their validity period are retained.
 	    This allows the zone to continue to validate with cached
 	    copies of the old DNSKEY RRset.  The <option>-Q</option>
@@ -632,7 +632,7 @@
                <para>
                  If the key's activation date is set and in the past, the
                  key is published (regardless of publication date) and
-                  used to sign the zone.  
+                  used to sign the zone.
                </para>
 	      </listitem>
            </varlistentry>
@@ -800,7 +800,7 @@
  </refsection>
  <refsection><info><title>EXAMPLE</title></info>
-    
+
    <para>
      The following command signs the <userinput>example.com</userinput>
      zone with the DSA key generated by <command>dnssec-keygen</command>
@@ -831,7 +831,7 @@ db.example.com.signed
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/dnssec/dnssec-verify.docbook
+++ b/bin/dnssec/dnssec-verify.docbook
@@ -60,7 +60,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-verify</command>
      verifies that a zone is fully signed for each algorithm found
      in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -69,7 +69,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -192,7 +192,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/named/bind9.xsl
+++ b/bin/named/bind9.xsl
@@ -49,7 +49,7 @@
            function loadGraphs(){
              var g;
-    
+
              while(g = graphs.shift()){
                // alert("going for: " + g.target);
                if(g.data.length > 1){
@@ -59,7 +59,7 @@
            }
            <xsl:if test="server/counters[@type=&quot;qtype&quot;]/counter">
-              // Server Incoming Query Types         
+              // Server Incoming Query Types
              graphs.push({
                           'title' : "Server Incoming Query Types",
                           'target': 'chart_incoming_qtypes',
@@ -67,7 +67,7 @@
                           'data': [['Type','Counter'],<xsl:for-each select="server/counters[@type=&quot;qtype&quot;]/counter">['<xsl:value-of select="@name"/>',<xsl:value-of select="."/>],</xsl:for-each>]
                           });
            </xsl:if>
-  
+
            <xsl:if test="server/counters[@type=&quot;opcode&quot;]/counter">
              // Server Incoming Requests by opcode
              graphs.push({
--- a/bin/named/lwresd.docbook
+++ b/bin/named/lwresd.docbook
@@ -77,7 +77,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>lwresd</command>
      is the daemon providing name lookup
@@ -87,7 +87,7 @@
      resolver protocol rather than the DNS protocol.
    </para>
-    <para><command>lwresd</command> 
+    <para><command>lwresd</command>
      listens for resolver queries on a
      UDP port on the IPv4 loopback interface, 127.0.0.1.  This
      means that <command>lwresd</command> can only be used by
@@ -115,7 +115,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
@@ -217,7 +217,7 @@
            <replaceable class="parameter">trace</replaceable>,
            <replaceable class="parameter">record</replaceable>,
            <replaceable class="parameter">size</replaceable>, and
-            <replaceable class="parameter">mctx</replaceable>.  
+            <replaceable class="parameter">mctx</replaceable>.
            These correspond to the ISC_MEM_DEBUGXXXX flags described in
            <filename>&lt;isc/mem.h&gt;</filename>.
          </para>
@@ -324,7 +324,7 @@
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <variablelist>
@@ -351,7 +351,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/named/named.conf.docbook
+++ b/bin/named/named.conf.docbook
@@ -60,7 +60,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><filename>named.conf</filename> is the configuration file
      for
      <command>named</command>.  Statements are enclosed
@@ -80,7 +80,7 @@
  </refsection>
  <refsection><info><title>ACL</title></info>
-    
+
    <literallayout class="normal">
 acl <replaceable>string</replaceable> { <replaceable>address_match_element</replaceable>; ... };
@@ -88,7 +88,7 @@ acl <replaceable>string</replaceable> { <replaceable>address_match_element</repl
  </refsection>
  <refsection><info><title>KEY</title></info>
-    
+
    <literallayout class="normal">
 key <replaceable>domain_name</replaceable> {
 	algorithm <replaceable>string</replaceable>;
@@ -98,7 +98,7 @@ key <replaceable>domain_name</replaceable> {
  </refsection>
  <refsection><info><title>MASTERS</title></info>
-    
+
    <literallayout class="normal">
 masters <replaceable>string</replaceable> <optional> port <replaceable>integer</replaceable> </optional> {
 	( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> <optional>port <replaceable>integer</replaceable></optional> |
@@ -108,7 +108,7 @@ masters <replaceable>string</replaceable> <optional> port <replaceable>integer</
  </refsection>
  <refsection><info><title>SERVER</title></info>
-    
+
    <literallayout class="normal">
 server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable> | <replaceable>ipv6_address<optional>/prefixlen</optional></replaceable> ) {
 	bogus <replaceable>boolean</replaceable>;
@@ -132,7 +132,7 @@ server ( <replaceable>ipv4_address<optional>/prefixlen</optional></replaceable>
  </refsection>
  <refsection><info><title>TRUSTED-KEYS</title></info>
-    
+
    <literallayout class="normal">
 trusted-keys {
 	<replaceable>domain_name</replaceable> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
@@ -141,7 +141,7 @@ trusted-keys {
  </refsection>
  <refsection><info><title>MANAGED-KEYS</title></info>
-    
+
    <literallayout class="normal">
 managed-keys {
 	<replaceable>domain_name</replaceable> <constant>initial-key</constant> <replaceable>flags</replaceable> <replaceable>protocol</replaceable> <replaceable>algorithm</replaceable> <replaceable>key</replaceable>; ...
@@ -150,7 +150,7 @@ managed-keys {
  </refsection>
  <refsection><info><title>CONTROLS</title></info>
-    
+
    <literallayout class="normal">
 controls {
 	inet ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> | * )
@@ -163,7 +163,7 @@ controls {
  </refsection>
  <refsection><info><title>LOGGING</title></info>
-    
+
    <literallayout class="normal">
 logging {
 	channel <replaceable>string</replaceable> {
@@ -182,7 +182,7 @@ logging {
  </refsection>
  <refsection><info><title>LWRES</title></info>
-    
+
    <literallayout class="normal">
 lwres {
 	listen-on <optional> port <replaceable>integer</replaceable> </optional> {
@@ -198,7 +198,7 @@ lwres {
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <literallayout class="normal">
 options {
 	avoid-v4-udp-ports { <replaceable>port</replaceable>; ... };
@@ -413,7 +413,7 @@ options {
  </refsection>
  <refsection><info><title>VIEW</title></info>
-    
+
    <literallayout class="normal">
 view <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
 	match-clients { <replaceable>address_match_element</replaceable>; ... };
@@ -583,7 +583,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
  </refsection>
  <refsection><info><title>ZONE</title></info>
-    
+
    <literallayout class="normal">
 zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable> {
 	type ( master | slave | stub | hint | redirect |
@@ -681,13 +681,13 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <para><filename>/etc/named.conf</filename>
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
 	<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/named/named.docbook
+++ b/bin/named/named.docbook
@@ -87,7 +87,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>named</command>
      is a Domain Name System (DNS) server,
      part of the BIND 9 distribution from ISC.  For more
@@ -103,7 +103,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -436,7 +436,7 @@
  </refsection>
  <refsection><info><title>SIGNALS</title></info>
-    
+
    <para>
      In routine operation, signals should not be used to control
      the nameserver; <command>rndc</command> should be used
@@ -472,7 +472,7 @@
  </refsection>
  <refsection><info><title>CONFIGURATION</title></info>
-    
+
    <para>
      The <command>named</command> configuration file is too complex
      to describe in detail here.  A complete description is provided
@@ -492,7 +492,7 @@
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <variablelist>
@@ -519,7 +519,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citetitle>RFC 1033</citetitle>,
      <citetitle>RFC 1034</citetitle>,
      <citetitle>RFC 1035</citetitle>,
--- a/bin/nsupdate/nsupdate.docbook
+++ b/bin/nsupdate/nsupdate.docbook
@@ -85,7 +85,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>nsupdate</command>
      is used to submit Dynamic DNS Update requests as defined in RFC 2136
      to a name server.
@@ -144,7 +144,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -353,7 +353,7 @@
  </refsection>
  <refsection><info><title>INPUT FORMAT</title></info>
-    
+
    <para><command>nsupdate</command>
      reads input from
      <parameter>filename</parameter>
@@ -785,7 +785,7 @@
  </refsection>
  <refsection><info><title>EXAMPLES</title></info>
-    
+
    <para>
      The examples below show how
      <command>nsupdate</command>
@@ -836,7 +836,7 @@
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -885,7 +885,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citetitle>RFC 2136</citetitle>,
      <citetitle>RFC 3007</citetitle>,
@@ -907,7 +907,7 @@
  </refsection>
  <refsection><info><title>BUGS</title></info>
-    
+
    <para>
      The TSIG key is redundantly stored in two separate files.
      This is a consequence of nsupdate using the DST library
--- a/bin/pkcs11/pkcs11-destroy.docbook
+++ b/bin/pkcs11/pkcs11-destroy.docbook
@@ -59,7 +59,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>pkcs11-destroy</command> destroys keys stored in a
      PKCS#11 device, identified by their <option>ID</option> or
@@ -73,7 +73,7 @@
  </refsection>
  <refsection><info><title>ARGUMENTS</title></info>
-    
+
    <variablelist>
      <varlistentry>
        <term>-m <replaceable class="parameter">module</replaceable></term>
@@ -138,7 +138,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>pkcs11-keygen</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/pkcs11/pkcs11-keygen.docbook
+++ b/bin/pkcs11/pkcs11-keygen.docbook
@@ -62,7 +62,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>pkcs11-keygen</command> causes a PKCS#11 device to generate
      a new key pair with the given <option>label</option> (which must be
@@ -71,7 +71,7 @@
  </refsection>
  <refsection><info><title>ARGUMENTS</title></info>
-    
+
    <variablelist>
      <varlistentry>
        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
@@ -185,7 +185,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/pkcs11/pkcs11-list.docbook
+++ b/bin/pkcs11/pkcs11-list.docbook
@@ -57,7 +57,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>pkcs11-list</command>
      lists the PKCS#11 objects with <option>ID</option> or
@@ -66,7 +66,7 @@
  </refsection>
  <refsection><info><title>ARGUMENTS</title></info>
-    
+
    <variablelist>
      <varlistentry>
        <term>-P</term>
@@ -130,7 +130,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/pkcs11/pkcs11-tokens.docbook
+++ b/bin/pkcs11/pkcs11-tokens.docbook
@@ -51,7 +51,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>pkcs11-tokens</command>
      lists the PKCS#11 available tokens with defaults from the slot/token
@@ -60,7 +60,7 @@
  </refsection>
  <refsection><info><title>ARGUMENTS</title></info>
-    
+
    <variablelist>
      <varlistentry>
        <term>-m <replaceable class="parameter">module</replaceable></term>
@@ -76,7 +76,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>pkcs11-destroy</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/python/dnssec-checkds.docbook
+++ b/bin/python/dnssec-checkds.docbook
@@ -65,7 +65,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-checkds</command>
      verifies the correctness of Delegation Signer (DS) or DNSSEC
      Lookaside Validation (DLV) resource records for keys in a specified
@@ -74,7 +74,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -92,7 +92,7 @@
        <term>-l <replaceable class="parameter">domain</replaceable></term>
        <listitem>
          <para>
-            Check for a DLV record in the specified lookaside domain, 
+            Check for a DLV record in the specified lookaside domain,
            instead of checking for a DS record in the zone's parent.
            For example, to check for DLV records for "example.com"
            in ISC's DLV zone, use:
@@ -124,7 +124,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dnssec-dsfromkey</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/python/dnssec-coverage.docbook
+++ b/bin/python/dnssec-coverage.docbook
@@ -61,7 +61,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>dnssec-coverage</command>
      verifies that the DNSSEC keys for a given zone or a set of zones
      have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -90,7 +90,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -122,7 +122,7 @@
          <para>
            The length of time to check for DNSSEC coverage.  Key events
            scheduled further into the future than <option>duration</option>
-            will be ignored, and assumed to be correct.  
+            will be ignored, and assumed to be correct.
          </para>
          <para>
            The value of <option>duration</option> can be set in seconds,
@@ -243,7 +243,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>dnssec-checkds</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/rndc/rndc.conf.docbook
+++ b/bin/rndc/rndc.conf.docbook
@@ -60,7 +60,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><filename>rndc.conf</filename> is the configuration file
      for <command>rndc</command>, the BIND 9 name server control
      utility.  This file has a similar structure and syntax to
@@ -147,7 +147,7 @@
  </refsection>
  <refsection><info><title>EXAMPLE</title></info>
-    
+
    <para><programlisting>
      options {
@@ -219,7 +219,7 @@
  </refsection>
  <refsection><info><title>NAME SERVER CONFIGURATION</title></info>
-    
+
    <para>
      The name server must be configured to accept rndc connections and
      to recognize the key specified in the <filename>rndc.conf</filename>
@@ -230,7 +230,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
--- a/bin/rndc/rndc.docbook
+++ b/bin/rndc/rndc.docbook
@@ -70,7 +70,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>rndc</command>
      controls the operation of a name
      server.  It supersedes the <command>ndc</command> utility
@@ -102,7 +102,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -226,7 +226,7 @@
  </refsection>
  <refsection><info><title>COMMANDS</title></info>
-    
+
    <para>
      A list of commands supported by <command>rndc</command> can
      be seen by running <command>rndc</command> without arguments.
@@ -745,7 +745,7 @@
 	    operations (such as signing or generating
 	    NSEC3 chains) is stored in the zone in the form
 	    of DNS resource records of type
-	    <command>sig-signing-type</command>. 
+	    <command>sig-signing-type</command>.
 	    <command>rndc signing -list</command> converts
 	    these records into a human-readable form,
 	    indicating which keys are currently signing
@@ -771,7 +771,7 @@
 	    flags, iterations, and salt, in that order.
 	  </para>
 	  <para>
-	    Currently, the only defined value for hash algorithm 
+	    Currently, the only defined value for hash algorithm
 	    is <literal>1</literal>, representing SHA-1.
 	    The <option>flags</option> may be set to
 	    <literal>0</literal> or <literal>1</literal>,
@@ -964,7 +964,7 @@
  </refsection>
  <refsection><info><title>LIMITATIONS</title></info>
-    
+
    <para>
      There is currently no way to provide the shared secret for a
      <option>key_id</option> without using the configuration file.
@@ -975,7 +975,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
 	<refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
--- a/bin/tools/arpaname.docbook
+++ b/bin/tools/arpaname.docbook
@@ -51,7 +51,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>arpaname</command> translates IP addresses (IPv4 and
      IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
@@ -59,7 +59,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
    </para>
--- a/bin/tools/dnstap-read.docbook
+++ b/bin/tools/dnstap-read.docbook
@@ -53,7 +53,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>dnstap-read</command>
      reads <command>dnstap</command> data from a specified file
@@ -65,7 +65,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
      <varlistentry>
@@ -102,7 +102,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/tools/genrandom.docbook
+++ b/bin/tools/genrandom.docbook
@@ -56,7 +56,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>genrandom</command>
      generates a file or a set of files containing a specified quantity
@@ -66,7 +66,7 @@
  </refsection>
  <refsection><info><title>ARGUMENTS</title></info>
-    
+
    <variablelist>
      <varlistentry>
        <term>-n <replaceable class="parameter">number</replaceable></term>
@@ -99,7 +99,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>rand</refentrytitle><manvolnum>3</manvolnum>
--- a/bin/tools/isc-hmac-fixup.docbook
+++ b/bin/tools/isc-hmac-fixup.docbook
@@ -54,7 +54,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      Versions of BIND 9 up to and including BIND 9.6 had a bug causing
      HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -81,7 +81,7 @@
  </refsection>
  <refsection><info><title>SECURITY CONSIDERATIONS</title></info>
-    
+
    <para>
      Secrets that have been converted by <command>isc-hmac-fixup</command>
      are shortened, but as this is how the HMAC protocol works in
@@ -93,7 +93,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
      <citetitle>RFC 2104</citetitle>.
--- a/bin/tools/mdig.docbook
+++ b/bin/tools/mdig.docbook
@@ -77,7 +77,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>mdig</command>
      is a multiple/pipelined query version of <command>dig</command>:
      instead of waiting for a response after sending each query,
@@ -126,7 +126,7 @@
  </refsection>
  <refsection><info><title>ANYWHERE OPTIONS</title></info>
-    
+
    <para>
      The <option>-f</option> option makes <command>mdig</command>
@@ -149,7 +149,7 @@
  </refsection>
  <refsection><info><title>GLOBAL OPTIONS</title></info>
-    
+
    <para>
      The <option>-4</option> option forces <command>mdig</command> to
@@ -390,7 +390,7 @@
  </refsection>
  <refsection><info><title>LOCAL OPTIONS</title></info>
-    
+
    <para>
      The <option>-c</option> option sets the query class to
@@ -653,7 +653,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
      </citerefentry>,
--- a/bin/tools/named-journalprint.docbook
+++ b/bin/tools/named-journalprint.docbook
@@ -52,14 +52,14 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>named-journalprint</command>
      prints the contents of a zone journal file in a human-readable
-      form. 
+      form.
    </para>
    <para>
-      Journal files are automatically created by <command>named</command> 
+      Journal files are automatically created by <command>named</command>
      when changes are made to dynamic zones (e.g., by
      <command>nsupdate</command>).  They record each addition
      or deletion of a resource record, in binary format, allowing the
@@ -79,7 +79,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citerefentry>
        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
--- a/bin/tools/named-rrchecker.docbook
+++ b/bin/tools/named-rrchecker.docbook
@@ -56,7 +56,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>named-rrchecker</command>
     read a individual DNS resource record from standard input and checks if it
     is syntactically correct.
@@ -85,7 +85,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citetitle>RFC 1034</citetitle>,
      <citetitle>RFC 1035</citetitle>,
--- a/bin/tools/nsec3hash.docbook
+++ b/bin/tools/nsec3hash.docbook
@@ -55,7 +55,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      <command>nsec3hash</command> generates an NSEC3 hash based on
      a set of NSEC3 parameters.  This can be used to check the validity
@@ -64,7 +64,7 @@
  </refsection>
  <refsection><info><title>ARGUMENTS</title></info>
-    
+
    <variablelist>
      <varlistentry>
        <term>salt</term>
@@ -108,7 +108,7 @@
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para>
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
      <citetitle>RFC 5155</citetitle>.
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -1819,7 +1819,7 @@ nameserver 172.16.72.4
 	<para>
 	  TSIG keys can be generated using the <command>tsig-keygen</command>
 	  command; the output of the command is a <command>key</command> directive
-	  suitable for inclusion in <filename>named.conf</filename>.  The 
+	  suitable for inclusion in <filename>named.conf</filename>.  The
 	  key name, algorithm and size can be specified by command line parameters;
 	  the defaults are "tsig-key", HMAC-SHA256, and 256 bits, respectively.
 	</para>
@@ -1899,7 +1899,7 @@ key "host1-host2." {
 	  signed using the specified key.  Keys may also be specified
 	  in the <command>also-notify</command> statement of a master
 	  or slave zone, causing NOTIFY messages to be signed using
-	  the specified key.  
+	  the specified key.
 	</para>
 	<para>
 	  Keys can also be specified in a <command>server</command>
@@ -2004,7 +2004,7 @@ allow-update { !{ !localnets; any; }; key host1-host2. ;};
      <para>
 	The TKEY process is initiated by a client or server by sending
 	a query of type TKEY to a TKEY-aware server.  The query must include
-	an appropriate KEY record in the additional section, and 
+	an appropriate KEY record in the additional section, and
 	must be signed using either TSIG or SIG(0) with a previously
 	established key.  The server's response, if successful, will
 	contain a TKEY record in its answer section.  After this transaction,
@@ -4809,11 +4809,11 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 		event payloads which are encoded using Protocol Buffers
 		(<command>libprotobuf-c</command>, a mechanism for
 		serializing structured data developed
-		by Google, Inc.; see 
+		by Google, Inc.; see
 		<link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="https://developers.google.com/protocol-buffers/">https://developers.google.com/protocol-buffers</link>).
 	      </para>
 	      <para>
-		To enable <command>dnstap</command> at compile time, 
+		To enable <command>dnstap</command> at compile time,
 		the <command>fstrm</command> and <command>protobuf-c</command>
 		libraries must be available, and BIND must be configured with
 		<option>--enable-dnstap</option>.
--- a/doc/arm/dlz.xml
+++ b/doc/arm/dlz.xml
@@ -16,7 +16,7 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dlz-info"><info><title>DLZ (Dynamically Loadable Zones)</title></info>
-  
+
  <para>
    DLZ (Dynamically Loadable Zones) is an extension to BIND 9 that allows
    zone data to be retrieved directly from an external database.  There is
@@ -55,7 +55,7 @@
  </para>
  <section><info><title>Configuring DLZ</title></info>
-    
+
    <para>
      A DLZ database is configured with a <command>dlz</command>
      statement in <filename>named.conf</filename>:
@@ -103,7 +103,7 @@
    </screen>
  </section>
  <section><info><title>Sample DLZ Driver</title></info>
-    
+
    <para>
      For guidance in implementation of DLZ modules, the directory
      <filename>contrib/dlz/example</filename> contains a basic
--- a/doc/arm/dnssec.xml
+++ b/doc/arm/dnssec.xml
@@ -16,23 +16,23 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dnssec.dynamic.zones"><info><title>DNSSEC, Dynamic Zones, and Automatic Signing</title></info>
-  
+
  <para>As of BIND 9.7.0 it is possible to change a dynamic zone
  from insecure to signed and back again. A secure zone can use
  either NSEC or NSEC3 chains.</para>
  <section><info><title>Converting from insecure to secure</title></info>
-    
+
  </section>
  <para>Changing a zone from insecure to secure can be done in two
-  ways: using a dynamic DNS update, or the 
+  ways: using a dynamic DNS update, or the
  <command>auto-dnssec</command> zone option.</para>
-  <para>For either method, you need to configure 
+  <para>For either method, you need to configure
-  <command>named</command> so that it can see the 
+  <command>named</command> so that it can see the
  <filename>K*</filename> files which contain the public and private
  parts of the keys that will be used to sign the zone. These files
-  will have been generated by 
+  will have been generated by
  <command>dnssec-keygen</command>. You can do this by placing them
-  in the key-directory, as specified in 
+  in the key-directory, as specified in
  <filename>named.conf</filename>:</para>
  <programlisting>
 	zone example.net {
@@ -48,7 +48,7 @@
  well. An NSEC chain will be generated as part of the initial
  signing process.</para>
  <section><info><title>Dynamic DNS update method</title></info>
-    
+
  </section>
  <para>To insert the keys via dynamic update:</para>
  <screen>
@@ -59,7 +59,7 @@
 	&gt; send
 </screen>
  <para>While the update request will complete almost immediately,
-  the zone will not be completely signed until 
+  the zone will not be completely signed until
  <command>named</command> has had time to walk the zone and
  generate the NSEC and RRSIG records. The NSEC record at the apex
  will be added last, to signal that there is a complete NSEC
@@ -77,7 +77,7 @@
 	&gt; send
 </screen>
  <para>Again, this update request will complete almost
-  immediately; however, the record won't show up until 
+  immediately; however, the record won't show up until
  <command>named</command> has had a chance to build/remove the
  relevant chain. A private type record will be created to record
  the state of the operation (see below for more details), and will
@@ -85,19 +85,19 @@
  <para>While the initial signing and NSEC/NSEC3 chain generation
  is happening, other updates are possible as well.</para>
  <section><info><title>Fully automatic zone signing</title></info>
-    
+
  </section>
-  <para>To enable automatic signing, add the 
+  <para>To enable automatic signing, add the
-  <command>auto-dnssec</command> option to the zone statement in 
+  <command>auto-dnssec</command> option to the zone statement in
-  <filename>named.conf</filename>. 
+  <filename>named.conf</filename>.
-  <command>auto-dnssec</command> has two possible arguments: 
+  <command>auto-dnssec</command> has two possible arguments:
-  <constant>allow</constant> or 
+  <constant>allow</constant> or
  <constant>maintain</constant>.</para>
-  <para>With 
+  <para>With
-  <command>auto-dnssec allow</command>, 
+  <command>auto-dnssec allow</command>,
  <command>named</command> can search the key directory for keys
  matching the zone, insert them into the zone, and use them to
-  sign the zone. It will do so only when it receives an 
+  sign the zone. It will do so only when it receives an
  <command>rndc sign &lt;zonename&gt;</command>.</para>
  <para>
  <!-- TODO: this is repeated in the ARM -->
@@ -105,7 +105,7 @@
  functionality, but will also automatically adjust the zone's
  DNSKEY records on schedule according to the keys' timing metadata.
  (See <xref linkend="man.dnssec-keygen"/> and
-  <xref linkend="man.dnssec-settime"/> for more information.) 
+  <xref linkend="man.dnssec-settime"/> for more information.)
  </para>
  <para>
  <command>named</command> will periodically search the key directory
@@ -119,7 +119,7 @@
  </para>
  <para>
  If keys are present in the key directory the first time the zone
-  is loaded, the zone will be signed immediately, without waiting for an 
+  is loaded, the zone will be signed immediately, without waiting for an
  <command>rndc sign</command> or <command>rndc loadkeys</command>
  command. (Those commands can still be used when there are unscheduled
  key changes, however.)
@@ -141,15 +141,15 @@
  the zone is signed and the NSEC3 chain is completed, the NSEC3PARAM
  record will appear in the zone.
  </para>
-  <para>Using the 
+  <para>Using the
  <command>auto-dnssec</command> option requires the zone to be
-  configured to allow dynamic updates, by adding an 
+  configured to allow dynamic updates, by adding an
-  <command>allow-update</command> or 
+  <command>allow-update</command> or
  <command>update-policy</command> statement to the zone
  configuration. If this has not been done, the configuration will
  fail.</para>
  <section><info><title>Private-type records</title></info>
-    
+
  </section>
  <para>The state of the signing process is signaled by
  private-type records (with a default type value of 65534). When
@@ -187,18 +187,18 @@
 </literallayout>
  </para>
  <section><info><title>DNSKEY rollovers</title></info>
-    
+
  </section>
  <para>As with insecure-to-secure conversions, rolling DNSSEC
-  keys can be done in two ways: using a dynamic DNS update, or the 
+  keys can be done in two ways: using a dynamic DNS update, or the
  <command>auto-dnssec</command> zone option.</para>
  <section><info><title>Dynamic DNS update method</title></info>
-    
+
  </section>
  <para> To perform key rollovers via dynamic update, you need to add
-  the <filename>K*</filename> files for the new keys so that 
+  the <filename>K*</filename> files for the new keys so that
  <command>named</command> can find them. You can then add the new
-  DNSKEY RRs via dynamic update. 
+  DNSKEY RRs via dynamic update.
  <command>named</command> will then cause the zone to be signed
  with the new keys. When the signing is complete the private type
  records will be updated so that the last octet is non
@@ -212,15 +212,15 @@
  be able to verify at least one signature when you remove the old
  DNSKEY.</para>
  <para>The old DNSKEY can be removed via UPDATE. Take care to
-  specify the correct key. 
+  specify the correct key.
  <command>named</command> will clean out any signatures generated
  by the old key after the update completes.</para>
  <section><info><title>Automatic key rollovers</title></info>
-    
+
  </section>
  <para>When a new key reaches its activation date (as set by
  <command>dnssec-keygen</command> or <command>dnssec-settime</command>),
-  if the <command>auto-dnssec</command> zone option is set to 
+  if the <command>auto-dnssec</command> zone option is set to
  <constant>maintain</constant>, <command>named</command> will
  automatically carry out the key rollover.  If the key's algorithm
  has not previously been used to sign the zone, then the zone will
@@ -232,7 +232,7 @@
  completes in 30 days, after which it will be safe to remove the
  old key from the DNSKEY RRset.</para>
  <section><info><title>NSEC3PARAM rollovers via UPDATE</title></info>
-    
+
  </section>
  <para>Add the new NSEC3PARAM record via dynamic update. When the
  new NSEC3 chain has been generated, the NSEC3PARAM flag field
@@ -240,7 +240,7 @@
  record. The old chain will be removed after the update request
  completes.</para>
  <section><info><title>Converting from NSEC to NSEC3</title></info>
-    
+
  </section>
  <para>To do this, you just need to add an NSEC3PARAM record. When
  the conversion is complete, the NSEC chain will have been removed
@@ -248,30 +248,30 @@
  chain will be generated before the NSEC chain is
  destroyed.</para>
  <section><info><title>Converting from NSEC3 to NSEC</title></info>
-    
+
  </section>
  <para>To do this, use <command>nsupdate</command> to
  remove all NSEC3PARAM records with a zero flag
  field. The NSEC chain will be generated before the NSEC3 chain is
  removed.</para>
  <section><info><title>Converting from secure to insecure</title></info>
-    
+
  </section>
  <para>To convert a signed zone to unsigned using dynamic DNS,
  delete all the DNSKEY records from the zone apex using
  <command>nsupdate</command>. All signatures, NSEC or NSEC3 chains,
  and associated NSEC3PARAM records will be removed automatically.
  This will take place after the update request completes.</para>
-  <para> This requires the 
+  <para> This requires the
-  <command>dnssec-secure-to-insecure</command> option to be set to 
+  <command>dnssec-secure-to-insecure</command> option to be set to
-  <userinput>yes</userinput> in 
+  <userinput>yes</userinput> in
  <filename>named.conf</filename>.</para>
  <para>In addition, if the <command>auto-dnssec maintain</command>
  zone statement is used, it should be removed or changed to
  <command>allow</command> instead (or it will re-sign).
  </para>
  <section><info><title>Periodic re-signing</title></info>
-    
+
  </section>
  <para>In any secure zone which supports dynamic updates, <command>named</command>
  will periodically re-sign RRsets which have not been re-signed as
@@ -279,14 +279,14 @@
  adjusted so as to spread the re-sign load over time rather than
  all at once.</para>
  <section><info><title>NSEC3 and OPTOUT</title></info>
-    
+
  </section>
  <para>
  <command>named</command> only supports creating new NSEC3 chains
  where all the NSEC3 records in the zone have the same OPTOUT
-  state. 
+  state.
  <command>named</command> supports UPDATES to zones where the NSEC3
-  records in the chain have mixed OPTOUT state. 
+  records in the chain have mixed OPTOUT state.
  <command>named</command> does not support changing the OPTOUT
  state of an individual NSEC3 record, the entire chain needs to be
  changed if the OPTOUT state of an individual NSEC3 needs to be
--- a/doc/arm/dyndb.xml
+++ b/doc/arm/dyndb.xml
@@ -16,7 +16,7 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="dyndb-info"><info><title>DynDB (Dynamic Database)</title></info>
-  
+
  <para>
    DynDB is an extension to BIND 9 which, like DLZ
    (see <xref linkend="dlz-info"/>), allows zone data to be
@@ -41,7 +41,7 @@
  </para>
  <section><info><title>Configuring DynDB</title></info>
-    
+
    <para>
      A DynDB database is configured with a <command>dyndb</command>
      statement in <filename>named.conf</filename>:
@@ -68,7 +68,7 @@
    </para>
  </section>
  <section><info><title>Sample DynDB Module</title></info>
-    
+
    <para>
      For guidance in implementation of DynDB modules, the directory
      <filename>bin/tests/system/dyndb/driver</filename>.
--- a/doc/arm/libdns.xml
+++ b/doc/arm/libdns.xml
@@ -16,7 +16,7 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="bind9.library"><info><title>BIND 9 DNS Library Support</title></info>
-  
+
  <para>This version of BIND 9 "exports" its internal libraries so
  that they can be used by third-party applications more easily (we
  call them "export" libraries in this document). In addition to
@@ -53,7 +53,7 @@
    </listitem>
  </itemizedlist>
  <section><info><title>Prerequisite</title></info>
-    
+
  <para>GNU make is required to build the export libraries (other
  part of BIND 9 can still be built with other types of make). In
  the reminder of this document, "make" means GNU make. Note that
@@ -61,7 +61,7 @@
  than "make" (e.g. "gmake") to indicate it's GNU make.</para>
  </section>
  <section><info><title>Compilation</title></info>
-    
+
  <screen>
 $ <userinput>./configure --enable-exportlib <replaceable>[other flags]</replaceable></userinput>
 $ <userinput>make</userinput>
@@ -75,7 +75,7 @@ $ <userinput>make</userinput>
  lib/export/samples directory (see below).</para>
  </section>
  <section><info><title>Installation</title></info>
-    
+
  <screen>
 $ <userinput>cd lib/export</userinput>
 $ <userinput>make install</userinput>
@@ -96,7 +96,7 @@ $ <userinput>make install</userinput>
  <filename>lib/export/samples/Makefile-postinstall.in</filename>.</para>
  </section>
  <section><info><title>Known Defects/Restrictions</title></info>
-    
+
  <itemizedlist>
    <listitem>
 <!-- TODO: what about AIX? -->
@@ -142,7 +142,7 @@ $ <userinput>make</userinput>
  </itemizedlist>
  </section>
  <section><info><title>The dns.conf File</title></info>
-    
+
  <para>The IRS library supports an "advanced" configuration file
  related to the DNS library for configuration parameters that
  would be beyond the capability of the
@@ -159,13 +159,13 @@ $ <userinput>make</userinput>
  <xref linkend="trusted-keys"/> for details.)</para>
  </section>
  <section><info><title>Sample Applications</title></info>
-    
+
  <para>Some sample application programs using this API are
  provided for reference. The following is a brief description of
  these applications.
  </para>
  <section><info><title>sample: a simple stub resolver utility</title></info>
-    
+
  <para>
  It sends a query of a given name (of a given optional RR type) to a
  specified recursive server, and prints the result as a list of
@@ -232,7 +232,7 @@ $ <userinput>make</userinput>
  </variablelist>
  </section>
  <section><info><title>sample-async: a simple stub resolver, working asynchronously</title></info>
-    
+
  <para>
  Similar to "sample", but accepts a list
  of (query) domain names as a separate file and resolves the names
@@ -278,7 +278,7 @@ $ <userinput>make</userinput>
    </variablelist>
  </section>
  <section><info><title>sample-request: a simple DNS transaction client</title></info>
-    
+
  <para>
  It sends a query to a specified server, and
  prints the response with minimal processing. It doesn't act as a
@@ -330,7 +330,7 @@ $ <userinput>make</userinput>
  </variablelist>
  </section>
  <section><info><title>sample-gai: getaddrinfo() and getnameinfo() test code</title></info>
-    
+
  <para>
  This is a test program
  to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -346,7 +346,7 @@ $ <userinput>make</userinput>
  </para>
  </section>
  <section><info><title>sample-update: a simple dynamic update client program</title></info>
-    
+
  <para>
  It accepts a single update command as a
  command-line argument, sends an update request message to the
@@ -448,14 +448,14 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
   <para>
     removes all A RRs for foo.dynamic.example.com using the given key.
   </para>
-   <screen>   
+   <screen>
 $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dynamic.example.com"</userinput></screen>
   <para>
     removes all RRs for foo.dynamic.example.com using the given key.
   </para>
  </section>
  <section><info><title>nsprobe: domain/name server checker in terms of RFC 4074</title></info>
-    
+
  <para>
  It checks a set
  of domains to see the name servers of the domains behave
@@ -520,7 +520,7 @@ $ <userinput>sample-update -a sample-update -k Kxxx.+nnn+mmmm.key delete "foo.dy
  </section>
  </section>
  <section><info><title>Library References</title></info>
-    
+
  <para>As of this writing, there is no formal "manual" of the
  libraries, except this document, header files (some of them
  provide pretty detailed explanations), and sample application
--- a/doc/arm/managed-keys.xml
+++ b/doc/arm/managed-keys.xml
@@ -16,25 +16,25 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="rfc5011.support"><info><title>Dynamic Trust Anchor Management</title></info>
-  
+
  <para>BIND 9.7.0 introduces support for RFC 5011, dynamic trust
-  anchor management. Using this feature allows 
+  anchor management. Using this feature allows
  <command>named</command> to keep track of changes to critical
  DNSSEC keys without any need for the operator to make changes to
  configuration files.</para>
  <section><info><title>Validating Resolver</title></info>
-    
+
    <!-- TODO: command tag is overloaded for configuration and executables -->
    <para>To configure a validating resolver to use RFC 5011 to
-    maintain a trust anchor, configure the trust anchor using a 
+    maintain a trust anchor, configure the trust anchor using a
    <command>managed-keys</command> statement. Information about
-    this can be found in 
+    this can be found in
    <xref linkend="managed-keys"/>.</para>
    <!-- TODO: managed-keys examples
 also in DNSSEC section above here in ARM -->
  </section>
  <section><info><title>Authoritative Server</title></info>
-    
+
    <para>To set up an authoritative zone for RFC 5011 trust anchor
    maintenance, generate two (or more) key signing keys (KSKs) for
    the zone. Sign the zone with one of them; this is the "active"
@@ -50,21 +50,21 @@ also in DNSSEC section above here in ARM -->
    timer has completed, the active KSK can be revoked, and the
    zone can be "rolled over" to the newly accepted key.</para>
    <para>The easiest way to place a stand-by key in a zone is to
-    use the "smart signing" features of 
+    use the "smart signing" features of
-    <command>dnssec-keygen</command> and 
+    <command>dnssec-keygen</command> and
    <command>dnssec-signzone</command>. If a key with a publication
    date in the past, but an activation date which is unset or in
-    the future, " 
+    the future, "
    <command>dnssec-signzone -S</command>" will include the DNSKEY
    record in the zone, but will not sign with it:</para>
    <screen>
 $ <userinput>dnssec-keygen -K keys -f KSK -P now -A now+2y example.net</userinput>
 $ <userinput>dnssec-signzone -S -K keys example.net</userinput>
 </screen>
-    <para>To revoke a key, the new command 
+    <para>To revoke a key, the new command
    <command>dnssec-revoke</command> has been added. This adds the
-    REVOKED bit to the key flags and re-generates the 
+    REVOKED bit to the key flags and re-generates the
-    <filename>K*.key</filename> and 
+    <filename>K*.key</filename> and
    <filename>K*.private</filename> files.</para>
    <para>After revoking the active key, the zone must be signed
    with both the revoked KSK and the new active KSK. (Smart
@@ -82,7 +82,7 @@ $ <userinput>dnssec-signzone -S -K keys example.net</userinput>
    "<filename>Kexample.com.+005+10128</filename>".</para>
    <para>If two keys have IDs exactly 128 apart, and one is
    revoked, then the two key IDs will collide, causing several
-    problems. To prevent this, 
+    problems. To prevent this,
    <command>dnssec-keygen</command> will not generate a new key if
    another key is present which may collide. This checking will
    only occur if the new keys are written to the same directory
--- a/doc/arm/notes-wrapper.xml
+++ b/doc/arm/notes-wrapper.xml
@@ -18,6 +18,6 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <article xmlns="http://docbook.org/ns/docbook" version="5.0"><info><title/></info>
-  
+
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="notes.xml"/>
 </article>
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -23,14 +23,14 @@
 <section xmlns="http://docbook.org/ns/docbook" version="5.0"><info/>
  <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="noteversion.xml"/>
  <section xml:id="relnotes_intro"><info><title>Introduction</title></info>
-    
+
    <para>
      This document summarizes changes since the last production release
      of BIND on the corresponding major release branch.
    </para>
  </section>
  <section xml:id="relnotes_download"><info><title>Download</title></info>
-    
+
    <para>
      The latest versions of BIND 9 software can always be found at
      <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="http://www.isc.org/downloads/">http://www.isc.org/downloads/</link>.
@@ -40,7 +40,7 @@
    </para>
  </section>
  <section xml:id="relnotes_security"><info><title>Security Fixes</title></info>
-    
+
    <itemizedlist>
      <listitem>
 	<para>
@@ -140,7 +140,7 @@
    </itemizedlist>
  </section>
  <section xml:id="relnotes_features"><info><title>New Features</title></info>
-    
+
    <itemizedlist>
      <listitem>
 	<para>
@@ -209,7 +209,7 @@
 	  whose assistance is gratefully acknowledged.
 	</para>
 	<para>
-	  To enable <command>dnstap</command> at compile time, 
+	  To enable <command>dnstap</command> at compile time,
 	  the <command>fstrm</command> and <command>protobuf-c</command>
 	  libraries must be available, and BIND must be configured with
 	  <option>--enable-dnstap</option>.
@@ -507,7 +507,7 @@
    </itemizedlist>
  </section>
  <section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
-    
+
    <itemizedlist>
      <listitem>
 	<para>
@@ -675,7 +675,7 @@
    </itemizedlist>
  </section>
  <section xml:id="relnotes_port"><info><title>Porting Changes</title></info>
-    
+
    <itemizedlist>
      <listitem>
 	<para>
@@ -692,7 +692,7 @@
    </itemizedlist>
  </section>
  <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
-    
+
    <itemizedlist>
      <listitem>
 	<para>
@@ -869,7 +869,7 @@
    </itemizedlist>
  </section>
  <section xml:id="end_of_life"><info><title>End of Life</title></info>
-    
+
    <para>
      The end of life for BIND 9.11 is yet to be determined but
      will not be before BIND 9.13.0 has been released for 6 months.
@@ -877,7 +877,7 @@
    </para>
  </section>
  <section xml:id="relnotes_thanks"><info><title>Thank You</title></info>
-    
+
    <para>
      Thank you to everyone who assisted us in making this release possible.
      If you would like to contribute to ISC to assist us in continuing to
--- a/doc/arm/pkcs11.xml
+++ b/doc/arm/pkcs11.xml
@@ -18,7 +18,7 @@
 <!-- Converted by db4-upgrade version 1.0 -->
 <section xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pkcs11"><info><title>PKCS#11 (Cryptoki) support</title></info>
-  
+
  <para>
    PKCS#11 (Public Key Cryptography Standard #11) defines a
    platform-independent API for the control of hardware security
@@ -50,7 +50,7 @@
    the PKCS#11 API to drive the HSM directly.
  </para>
  <section><info><title>Prerequisites</title></info>
-    
+
    <para>
      See the documentation provided by your HSM vendor for
      information about installing, initializing, testing and
@@ -58,7 +58,7 @@
    </para>
  </section>
  <section><info><title>Native PKCS#11</title></info>
-    
+
    <para>
      Native PKCS#11 mode will only work with an HSM capable of carrying
      out <emphasis>every</emphasis> cryptographic operation BIND 9 may
@@ -90,7 +90,7 @@ $ <userinput>./configure --enable-native-pkcs11 \
      the <command>pkcs11-*</command> tools.)
    </para>
    <section><info><title>Building SoftHSMv2</title></info>
-      
+
      <para>
 	SoftHSMv2, the latest development version of SoftHSM, is available
 	from
@@ -127,7 +127,7 @@ $ <userinput> /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s
    </section>
  </section>
  <section><info><title>OpenSSL-based PKCS#11</title></info>
-    
+
    <para>
      OpenSSL-based PKCS#11 mode uses a modified version of the
      OpenSSL library; stock OpenSSL does not fully support PKCS#11.
@@ -187,7 +187,7 @@ $ <userinput> /opt/pkcs11/usr/bin/softhsm-util --init-token 0 --slot 0 --label s
      it with the path to your HSM's PKCS#11 provider library.
    </para>
    <section><info><title>Patching OpenSSL</title></info>
-      
+
      <screen>
 $ <userinput>wget <link xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="">http://www.openssl.org/source/openssl-0.9.8zc.tar.gz</link></userinput>
  </screen>
@@ -219,7 +219,7 @@ $ <userinput>patch -p1 -d openssl-0.9.8zc \
    </section>
    <section><info><title>Building OpenSSL for the AEP Keyper on Linux</title></info>
      <!-- Example 1 -->
-      
+
      <para>
 	The AEP Keyper is a highly secure key storage device,
 	but does not provide hardware cryptographic acceleration. It
@@ -261,7 +261,7 @@ $ <userinput>./Configure linux-generic32 -m32 -pthread \
    </section>
    <section><info><title>Building OpenSSL for the SCA 6000 on Solaris</title></info>
      <!-- Example 2 -->
-      
+
      <para>
 	The SCA-6000 PKCS#11 provider is installed as a system
 	library, libpkcs11. It is a true crypto accelerator, up to 4
@@ -283,14 +283,14 @@ $ <userinput>./Configure solaris64-x86_64-cc \
 	(For a 32-bit build, use "solaris-x86-cc" and /usr/lib/libpkcs11.so.)
      </para>
      <para>
-	After configuring, run 
+	After configuring, run
-	<command>make</command> and 
+	<command>make</command> and
 	<command>make test</command>.
      </para>
    </section>
    <section><info><title>Building OpenSSL for SoftHSM</title></info>
      <!-- Example 3 -->
-      
+
      <para>
 	SoftHSM (version 1) is a software library developed by the
 	OpenDNSSEC project
@@ -365,7 +365,7 @@ $ <userinput>./Configure linux-x86_64 -pthread \
    </para>
    <section><info><title>Configuring BIND 9 for Linux with the AEP Keyper</title></info>
      <!-- Example 4 -->
-      
+
      <para>
 	To link with the PKCS#11 provider, threads must be
 	enabled in the BIND 9 build.
@@ -385,7 +385,7 @@ $ <userinput>./configure CC="gcc -m32" --enable-threads \
    </section>
    <section><info><title>Configuring BIND 9 for Solaris with the SCA 6000</title></info>
      <!-- Example 5 -->
-      
+
      <para>
 	To link with the PKCS#11 provider, threads must be
 	enabled in the BIND 9 build.
@@ -407,7 +407,7 @@ $ <userinput>./configure CC="cc -xarch=amd64" --enable-threads \
    </section>
    <section><info><title>Configuring BIND 9 for SoftHSM</title></info>
      <!-- Example 6 -->
-      
+
      <screen>
 $ <userinput>cd ../bind9</userinput>
 $ <userinput>./configure --enable-threads \
@@ -427,12 +427,12 @@ $ <userinput>./configure --enable-threads \
    </para>
  </section>
  <section><info><title>PKCS#11 Tools</title></info>
-    
+
    <para>
      BIND 9 includes a minimal set of tools to operate the
-      HSM, including 
+      HSM, including
      <command>pkcs11-keygen</command> to generate a new key pair
-      within the HSM, 
+      within the HSM,
      <command>pkcs11-list</command> to list objects currently
      available,
      <command>pkcs11-destroy</command> to remove objects, and
@@ -449,7 +449,7 @@ $ <userinput>./configure --enable-threads \
    </para>
  </section>
  <section><info><title>Using the HSM</title></info>
-    
+
    <para>
      For OpenSSL-based PKCS#11, we must first set up the runtime
      environment so the OpenSSL and PKCS#11 libraries can be loaded:
@@ -468,7 +468,7 @@ $ <userinput>export LD_LIBRARY_PATH=/opt/pkcs11/usr/lib:${LD_LIBRARY_PATH}</user
      For example, when operating an AEP Keyper, it is necessary to
      specify the location of the "machine" file, which stores
      information about the Keyper for use by the provider
-      library. If the machine file is in 
+      library. If the machine file is in
      <filename>/opt/Keyper/PKCS11Provider/machine</filename>,
      use:
    </para>
@@ -477,12 +477,12 @@ $ <userinput>export KEYPER_LIBRARY_PATH=/opt/Keyper/PKCS11Provider</userinput>
 </screen>
    <para>
      Such environment variables must be set whenever running
-      any tool that uses the HSM, including 
+      any tool that uses the HSM, including
-      <command>pkcs11-keygen</command>, 
+      <command>pkcs11-keygen</command>,
-      <command>pkcs11-list</command>, 
+      <command>pkcs11-list</command>,
-      <command>pkcs11-destroy</command>, 
+      <command>pkcs11-destroy</command>,
-      <command>dnssec-keyfromlabel</command>, 
+      <command>dnssec-keyfromlabel</command>,
-      <command>dnssec-signzone</command>, 
+      <command>dnssec-signzone</command>,
      <command>dnssec-keygen</command>, and
      <command>named</command>.
    </para>
@@ -569,7 +569,7 @@ example.net.signed
 </screen>
  </section>
  <section><info><title>Specifying the engine on the command line</title></info>
-    
+
    <para>
      When using OpenSSL-based PKCS#11, the "engine" to be used by
      OpenSSL can be specified in <command>named</command> and all of
@@ -589,7 +589,7 @@ example.net.signed
 $ <userinput>dnssec-signzone -E '' -S example.net</userinput>
 </screen>
    <para>
-      This causes 
+      This causes
      <command>dnssec-signzone</command> to run as if it were compiled
      without the --with-pkcs11 option.
    </para>
@@ -600,13 +600,13 @@ $ <userinput>dnssec-signzone -E '' -S example.net</userinput>
    </para>
  </section>
  <section><info><title>Running named with automatic zone re-signing</title></info>
-    
+
    <para>
      If you want <command>named</command> to dynamically re-sign zones
      using HSM keys, and/or to to sign new records inserted via nsupdate,
      then <command>named</command> must have access to the HSM PIN. In OpenSSL-based PKCS#11,
      this is accomplished by placing the PIN into the openssl.cnf file
-      (in the above examples, 
+      (in the above examples,
      <filename>/opt/pkcs11/usr/ssl/openssl.cnf</filename>).
    </para>
    <para>
--- a/doc/xsl/copyright.xsl
+++ b/doc/xsl/copyright.xsl
@@ -71,7 +71,7 @@
  </xsl:variable>
 </xsl:stylesheet>
-<!-- 
+<!--
  - Local variables:
  - mode: sgml
  - End:
--- a/doc/xsl/isc-docbook-chunk.xsl.in
+++ b/doc/xsl/isc-docbook-chunk.xsl.in
@@ -14,7 +14,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- ISC customizations for Docbook-XSL chunked HTML generator --> 
+<!-- ISC customizations for Docbook-XSL chunked HTML generator -->
 <xsl:stylesheet version="1.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
@@ -64,7 +64,7 @@
 </xsl:stylesheet>
-<!-- 
+<!--
  - Local variables:
  - mode: sgml
  - End:
--- a/doc/xsl/isc-docbook-html.xsl.in
+++ b/doc/xsl/isc-docbook-html.xsl.in
@@ -14,7 +14,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- ISC customizations for Docbook-XSL HTML generator --> 
+<!-- ISC customizations for Docbook-XSL HTML generator -->
 <xsl:stylesheet version="1.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
@@ -57,7 +57,7 @@
 </xsl:stylesheet>
-<!-- 
+<!--
  - Local variables:
  - mode: sgml
  - End:
--- a/doc/xsl/isc-docbook-text.xsl
+++ b/doc/xsl/isc-docbook-text.xsl
@@ -16,7 +16,7 @@
 <!-- $Id$ -->
-<!-- Tweaks to Docbook-XSL HTML for producing flat ASCII text. --> 
+<!-- Tweaks to Docbook-XSL HTML for producing flat ASCII text. -->
 <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"
 		xmlns:l="http://docbook.sourceforge.net/xmlns/l10n/1.0">
@@ -43,7 +43,7 @@
 </xsl:stylesheet>
-<!-- 
+<!--
  - Local variables:
  - mode: sgml
  - End:
--- a/doc/xsl/isc-manpage.xsl.in
+++ b/doc/xsl/isc-manpage.xsl.in
@@ -48,7 +48,7 @@
    <xsl:text>.ad l&#10;</xsl:text>
  </xsl:variable>
-  <!-- 
+  <!--
    - Override Docbook template to insert our copyright,
    - disable chunking, and suppress output of .so files.
   -->
@@ -88,7 +88,7 @@
    </xsl:choose>
  </xsl:template>
-  <!-- 
+  <!--
    - Override Docbook template to change formatting.
    - We just want the element name in boldface, no subsection header.
   -->
@@ -139,7 +139,7 @@
 </xsl:stylesheet>
-<!-- 
+<!--
  - Local variables:
  - mode: sgml
  - End:
--- a/doc/xsl/isc-notes-html.xsl.in
+++ b/doc/xsl/isc-notes-html.xsl.in
@@ -14,7 +14,7 @@
 - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- ISC customizations for Docbook-XSL HTML generator --> 
+<!-- ISC customizations for Docbook-XSL HTML generator -->
 <xsl:stylesheet version="1.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
@@ -62,7 +62,7 @@
 </xsl:stylesheet>
-<!-- 
+<!--
  - Local variables:
  - mode: sgml
  - End:
--- a/doc/xsl/notes-param.xsl
+++ b/doc/xsl/notes-param.xsl
@@ -21,7 +21,7 @@
  xmlns:db="http://docbook.org/ns/docbook">
 </xsl:stylesheet>
-<!-- 
+<!--
  - Local variables:
  - mode: sgml
  - End:
--- a/doc/xsl/pre-latex.xsl
+++ b/doc/xsl/pre-latex.xsl
@@ -19,7 +19,7 @@
 <!--
  - Whack &mdash; into something that won't choke LaTeX.
  - There's probably a better way to do this, but this will work for now.
-  --> 
+  -->
 <xsl:stylesheet version="1.0"
  xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
--- a/isc-config.sh.docbook
+++ b/isc-config.sh.docbook
@@ -57,7 +57,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><command>isc-config.sh</command>
 	prints information related to the installed version of ISC BIND,
 	such as the compiler and linker flags required to compile
@@ -80,7 +80,7 @@
  </refsection>
  <refsection><info><title>OPTIONS</title></info>
-    
+
    <variablelist>
@@ -142,7 +142,7 @@
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><command>isc-config.sh</command>
      returns an exit status of 1 if
      invoked with invalid arguments or no arguments at all.
--- a/lib/lwres/man/lwres.docbook
+++ b/lib/lwres/man/lwres.docbook
@@ -58,7 +58,7 @@
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      The BIND 9 lightweight resolver library is a simple, name service
      independent stub resolver library.  It provides hostname-to-address
@@ -74,7 +74,7 @@
  </refsection>
  <refsection><info><title>OVERVIEW</title></info>
-    
+
    <para>
      The lwresd library implements multiple name service APIs.
      The standard
@@ -128,7 +128,7 @@
    </para>
  </refsection>
  <refsection><info><title>CLIENT-SIDE LOW-LEVEL API CALL FLOW</title></info>
-    
+
    <para>
      When a client program wishes to make an lwres request using the
      native low-level API, it typically performs the following
@@ -176,7 +176,7 @@
    </para>
  </refsection>
  <refsection><info><title>SERVER-SIDE LOW-LEVEL API CALL FLOW</title></info>
-    
+
    <para>
      When implementing the server side of the lightweight resolver
      protocol using the lwres library, a sequence of actions like the
@@ -218,7 +218,7 @@
    <para/>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres_gethostent</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
--- a/lib/lwres/man/lwres_buffer.docbook
+++ b/lib/lwres/man/lwres_buffer.docbook
@@ -204,7 +204,7 @@ void
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      These functions provide bounds checked access to a region of memory
      where data is being read or written.
--- a/lib/lwres/man/lwres_config.docbook
+++ b/lib/lwres/man/lwres_config.docbook
@@ -95,7 +95,7 @@ lwres_conf_t *
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_conf_init()</function>
      creates an empty
@@ -133,7 +133,7 @@ lwres_conf_t *
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><function>lwres_conf_parse()</function>
      returns <errorcode>LWRES_R_SUCCESS</errorcode>
@@ -154,7 +154,7 @@ lwres_conf_t *
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>stdio</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
@@ -164,7 +164,7 @@ lwres_conf_t *
    </para>
  </refsection>
  <refsection><info><title>FILES</title></info>
-    
+
    <para><filename>/etc/resolv.conf</filename>
    </para>
  </refsection>
--- a/lib/lwres/man/lwres_context.docbook
+++ b/lib/lwres/man/lwres_context.docbook
@@ -120,7 +120,7 @@ void *
 </funcsynopsis>
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_context_create()</function>
      creates a <type>lwres_context_t</type> structure for use in
@@ -219,7 +219,7 @@ void *
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><function>lwres_context_create()</function>
      returns <errorcode>LWRES_R_NOMEMORY</errorcode> if memory for
@@ -245,7 +245,7 @@ void *
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres_conf_init</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
--- a/lib/lwres/man/lwres_gabn.docbook
+++ b/lib/lwres/man/lwres_gabn.docbook
@@ -114,7 +114,7 @@ void
 </funcsynopsis>
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      These are low-level routines for creating and parsing
      lightweight resolver name-to-address lookup request and
@@ -213,7 +213,7 @@ typedef struct {
    </para>
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      The getaddrbyname opcode functions
      <function>lwres_gabnrequest_render()</function>,
@@ -251,7 +251,7 @@ typedef struct {
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>
--- a/lib/lwres/man/lwres_gai_strerror.docbook
+++ b/lib/lwres/man/lwres_gai_strerror.docbook
@@ -65,7 +65,7 @@ char *
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_gai_strerror()</function>
      returns an error message corresponding to an error code returned by
@@ -177,7 +177,7 @@ char *
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>strerror</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
--- a/lib/lwres/man/lwres_getaddrinfo.docbook
+++ b/lib/lwres/man/lwres_getaddrinfo.docbook
@@ -97,7 +97,7 @@ struct  addrinfo {
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_getaddrinfo()</function>
      is used to get a list of IP addresses and port numbers for host
@@ -323,7 +323,7 @@ struct  addrinfo {
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><function>lwres_getaddrinfo()</function>
      returns zero on success or one of the error codes listed in
@@ -337,7 +337,7 @@ struct  addrinfo {
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
--- a/lib/lwres/man/lwres_gethostent.docbook
+++ b/lib/lwres/man/lwres_gethostent.docbook
@@ -151,7 +151,7 @@ void
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      These functions provide hostname-to-address and
      address-to-hostname lookups by means of the lightweight resolver.
@@ -313,7 +313,7 @@ struct  hostent {
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      The functions
      <function>lwres_gethostbyname()</function>,
@@ -397,7 +397,7 @@ struct  hostent {
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>gethostent</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
@@ -413,7 +413,7 @@ struct  hostent {
  </refsection>
  <refsection><info><title>BUGS</title></info>
-    
+
    <para><function>lwres_gethostbyname()</function>,
      <function>lwres_gethostbyname2()</function>,
      <function>lwres_gethostbyaddr()</function>
--- a/lib/lwres/man/lwres_getipnode.docbook
+++ b/lib/lwres/man/lwres_getipnode.docbook
@@ -85,7 +85,7 @@ void
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      These functions perform thread safe, protocol independent
@@ -240,7 +240,7 @@ struct  hostent {
    </para>
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      If an error occurs,
      <function>lwres_getipnodebyname()</function>
@@ -300,7 +300,7 @@ struct  hostent {
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>RFC2553</refentrytitle>
      </citerefentry>,
--- a/lib/lwres/man/lwres_getnameinfo.docbook
+++ b/lib/lwres/man/lwres_getnameinfo.docbook
@@ -72,7 +72,7 @@ int
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
       This function is equivalent to the
@@ -163,13 +163,13 @@ int
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><function>lwres_getnameinfo()</function>
      returns 0 on success or a non-zero error code if an error occurs.
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>RFC2133</refentrytitle>
      </citerefentry>,
@@ -191,7 +191,7 @@ int
    </para>
  </refsection>
  <refsection><info><title>BUGS</title></info>
-    
+
    <para>
      RFC2133 fails to define what the nonzero return values of
      <citerefentry>
--- a/lib/lwres/man/lwres_getrrsetbyname.docbook
+++ b/lib/lwres/man/lwres_getrrsetbyname.docbook
@@ -100,7 +100,7 @@ struct  rrsetinfo {
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_getrrsetbyname()</function>
      gets a set of resource records associated with a
      <parameter>hostname</parameter>, <parameter>class</parameter>,
@@ -148,7 +148,7 @@ struct  rrsetinfo {
    <para/>
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para><function>lwres_getrrsetbyname()</function>
      returns zero on success, and one of the following error codes if
      an error occurred:
@@ -211,7 +211,7 @@ struct  rrsetinfo {
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>.
--- a/lib/lwres/man/lwres_gnba.docbook
+++ b/lib/lwres/man/lwres_gnba.docbook
@@ -126,7 +126,7 @@ void
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      These are low-level routines for creating and parsing
      lightweight resolver address-to-name lookup request and
@@ -214,7 +214,7 @@ typedef struct {
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      The getnamebyaddr opcode functions
      <function>lwres_gnbarequest_render()</function>,
@@ -252,7 +252,7 @@ typedef struct {
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>.
--- a/lib/lwres/man/lwres_hstrerror.docbook
+++ b/lib/lwres/man/lwres_hstrerror.docbook
@@ -71,7 +71,7 @@ const char *
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_herror()</function>
      prints the string <parameter>s</parameter> on
@@ -126,7 +126,7 @@ const char *
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      The string <errorname>Unknown resolver error</errorname> is returned by
      <function>lwres_hstrerror()</function>
@@ -136,7 +136,7 @@ const char *
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>herror</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
--- a/lib/lwres/man/lwres_inetntop.docbook
+++ b/lib/lwres/man/lwres_inetntop.docbook
@@ -69,7 +69,7 @@ const char *
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_net_ntop()</function>
      converts an IP address of protocol family
@@ -90,7 +90,7 @@ const char *
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      If successful, the function returns <parameter>dst</parameter>:
@@ -105,7 +105,7 @@ const char *
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>RFC1884</refentrytitle>
      </citerefentry>,
--- a/lib/lwres/man/lwres_noop.docbook
+++ b/lib/lwres/man/lwres_noop.docbook
@@ -115,7 +115,7 @@ void
 </funcsynopsis>
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      These are low-level routines for creating and parsing
      lightweight resolver no-op request and response messages.
@@ -207,7 +207,7 @@ typedef struct {
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      The no-op opcode functions
      <function>lwres_nooprequest_render()</function>,
@@ -246,7 +246,7 @@ typedef struct {
    </para>
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres_packet</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>
--- a/lib/lwres/man/lwres_packet.docbook
+++ b/lib/lwres/man/lwres_packet.docbook
@@ -72,7 +72,7 @@ lwres_result_t
 </funcsynopsis>
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para>
      These functions rely on a
      <type>struct lwres_lwpacket</type>
@@ -273,7 +273,7 @@ struct lwres_lwpacket {
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      Successful calls to
      <function>lwres_lwpacket_renderheader()</function> and
--- a/lib/lwres/man/lwres_resutil.docbook
+++ b/lib/lwres/man/lwres_resutil.docbook
@@ -95,7 +95,7 @@ lwres_result_t
  </refsynopsisdiv>
  <refsection><info><title>DESCRIPTION</title></info>
-    
+
    <para><function>lwres_string_parse()</function>
      retrieves a DNS-encoded string starting the current pointer of
@@ -181,7 +181,7 @@ typedef struct {
  </refsection>
  <refsection><info><title>RETURN VALUES</title></info>
-    
+
    <para>
      Successful calls to
      <function>lwres_string_parse()</function>
@@ -222,7 +222,7 @@ typedef struct {
  </refsection>
  <refsection><info><title>SEE ALSO</title></info>
-    
+
    <para><citerefentry>
        <refentrytitle>lwres_buffer</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
--- a/util/update_copyrights
+++ b/util/update_copyrights
@@ -559,6 +559,14 @@ foreach $file (keys %file_types) {
 				$body = "$body$_";
 			}
 			$_ = $body;
 		} elsif ($type eq "SGML" && $sysyears =~ /$this_year/) {
 			my $body = "";
 			while (<SOURCE>) {
 			# Remove trailing white space.
 			s/[ \t]*$//;
 				$body = "$body$_";
 			}
 			$_ = $body;
 		} else {
 			undef $/;
 			$_ = <SOURCE>;