diff --git a/CHANGES b/CHANGES
index a590558886..da00868330 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+5334.	[doc]		Update documentation with dnssec-policy clarifications.
+			Also change some defaults.
+
 5333.	[bug]		Fix duration printing on Solaris when value is not
 			an ISO 8601 duration. [GL #1460]
 
diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
index c352dbf30a..c730866b9b 100644
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -11146,8 +11146,8 @@ example.com                 CNAME   rpz-tcp-only.
 		<para>
 		  A margin that is added to the publish interval in key
 		  timing equations to give some extra time to cover
-		  unforeseen events.  Default is <constant>PT5M</constant>
-		  (5 minutes).
+		  unforeseen events.  Default is <constant>PT1H</constant>
+		  (1 hour).
 		</para>
 	      </listitem>
 	    </varlistentry>
@@ -11158,8 +11158,8 @@ example.com                 CNAME   rpz-tcp-only.
 		<para>
 		  A margin that is added to the retire interval in key
 		  timing equations to give some extra time to cover
-		  unforeseen events.  Default is <constant>PT5M</constant>
-		  (5 minutes).
+		  unforeseen events.  Default is <constant>PT1H</constant>
+		  (1 hour).
 		</para>
 	      </listitem>
 	    </varlistentry>
@@ -11251,7 +11251,7 @@ example.com                 CNAME   rpz-tcp-only.
 	      <listitem>
 		<para>
 		  The TTL of the DS RRset that the parent uses.  Default is
-		  <constant>PT1H</constant> (1 hour).
+		  <constant>P1D</constant> (1 day).
 		</para>
 	      </listitem>
 	    </varlistentry>
diff --git a/doc/arm/dnssec-policy.grammar.xml b/doc/arm/dnssec-policy.grammar.xml
index 2055f30dfa..ae3839cbf4 100644
--- a/doc/arm/dnssec-policy.grammar.xml
+++ b/doc/arm/dnssec-policy.grammar.xml
@@ -13,7 +13,6 @@
 
 <programlisting>
 <command>dnssec-policy</command> <replaceable>string</replaceable> {
-<<<<<<< HEAD
     <command>dnskey-ttl</command> <replaceable>duration</replaceable>;
     <command>keys</command> { ( csk | ksk | zsk ) key-directory lifetime <replaceable>duration</replaceable> algorithm <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ] ; ... };
     <command>parent-ds-ttl</command> <replaceable>duration</replaceable>;
diff --git a/lib/dns/include/dns/kasp.h b/lib/dns/include/dns/kasp.h
index 396ef5cade..e98a486e06 100644
--- a/lib/dns/include/dns/kasp.h
+++ b/lib/dns/include/dns/kasp.h
@@ -99,9 +99,9 @@ struct dns_kasp {
 #define DNS_KASP_SIG_VALIDITY		(86400*14)
 #define DNS_KASP_SIG_VALIDITY_DNSKEY	(86400*14)
 #define DNS_KASP_KEY_TTL		(3600)
-#define DNS_KASP_DS_TTL			(3600)
-#define DNS_KASP_PUBLISH_SAFETY		(300)
-#define DNS_KASP_RETIRE_SAFETY		(300)
+#define DNS_KASP_DS_TTL			(86400)
+#define DNS_KASP_PUBLISH_SAFETY		(3600)
+#define DNS_KASP_RETIRE_SAFETY		(3600)
 #define DNS_KASP_ZONE_MAXTTL		(86400)
 #define DNS_KASP_ZONE_PROPDELAY		(300)
 #define DNS_KASP_PARENT_PROPDELAY	(3600)