regen master

2025-08-31 06:25:31 +00:00 · 2015-07-24 01:04:59 +00:00
parent 98869e60fa
commit 5d564da348
36 changed files with 347 additions and 347 deletions
--- a/doc/arm/Bv9ARM.ch02.html
+++ b/doc/arm/Bv9ARM.ch02.html
@@ -128,7 +128,7 @@
 <p>
        ISC <acronym class="acronym">BIND</acronym> 9 compiles and runs on a large
        number
-        of Unix-like operating systems and on 
+        of Unix-like operating systems and on
        Microsoft Windows Server 2003 and 2008, and Windows XP and Vista.
        For an up-to-date
        list of supported systems, see the README file in the top level
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -49,8 +49,8 @@
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
 <dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569920">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569938">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569988">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570006">Example split DNS setup</a></span></dt></dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570439">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
@@ -61,10 +61,10 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570734">Errors</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570748">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570797">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570866">SIG(0)</a></span></dt>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570934">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571002">Generating Keys</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571218">Signing the Zone</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571299">Configuring Servers</a></span></dt>
 </dl></dd>
@@ -72,32 +72,32 @@
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612846">Converting from insecure to secure</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612884">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563632">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563742">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563780">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563793">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563962">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563989">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563998">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564008">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564021">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573752">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573766">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563700">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563811">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563848">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563861">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564030">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564057">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564067">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564076">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573684">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573698">NSEC3 and OPTOUT</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573789">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573812">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612292">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612314">Authoritative Server</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667716">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667784">Prerequisites</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612429">Native PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613258">OpenSSL-based PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640165">PKCS#11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640201">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640487">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640535">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613122">OpenSSL-based PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640233">PKCS#11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640269">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640555">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640603">Running named with automatic zone re-signing</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
 <dd><dl>
@@ -271,7 +271,7 @@
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2569920"></a>Split DNS</h2></div></div></div>
+<a name="id2569988"></a>Split DNS</h2></div></div></div>
 <p>
        Setting up different views, or visibility, of the DNS space to
        internal and external resolvers is usually referred to as a
@@ -301,7 +301,7 @@
      </p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2569938"></a>Example split DNS setup</h3></div></div></div>
+<a name="id2570006"></a>Example split DNS setup</h3></div></div></div>
 <p>
        Let's say a company named <span class="emphasis"><em>Example, Inc.</em></span>
        (<code class="literal">example.com</code>)
@@ -761,7 +761,7 @@ allow-update { key host1-host2. ;};
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2570797"></a>SIG(0)</h2></div></div></div>
+<a name="id2570866"></a>SIG(0)</h2></div></div></div>
 <p>
        <acronym class="acronym">BIND</acronym> 9 partially supports DNSSEC SIG(0)
            transaction signatures as specified in RFC 2535 and RFC 2931.
@@ -822,7 +822,7 @@ allow-update { key host1-host2. ;};
      </p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2570934"></a>Generating Keys</h3></div></div></div>
+<a name="id2571002"></a>Generating Keys</h3></div></div></div>
 <p>
          The <span><strong class="command">dnssec-keygen</strong></span> program is used to
          generate keys.
@@ -931,7 +931,7 @@ allow-update { key host1-host2. ;};
          To enable <span><strong class="command">named</strong></span> to validate answers from
          other servers, the <span><strong class="command">dnssec-enable</strong></span> option
          must be set to <strong class="userinput"><code>yes</code></strong>, and the
-          <span><strong class="command">dnssec-validation</strong></span> options must be set to 
+          <span><strong class="command">dnssec-validation</strong></span> options must be set to
          <strong class="userinput"><code>yes</code></strong> or <strong class="userinput"><code>auto</code></strong>.
        </p>
 <p>
@@ -1047,7 +1047,7 @@ options {
          including missing, expired, or invalid signatures, a key which
          does not match the DS RRset in the parent zone, or an insecure
          response from a zone which, according to its parent, should have
-          been secure.  
+          been secure.
        </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
@@ -1142,7 +1142,7 @@ options {
 <p>While the initial signing and NSEC/NSEC3 chain generation
  is happening, other updates are possible as well.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563632"></a>Fully automatic zone signing</h3></div></div></div></div>
+<a name="id2563700"></a>Fully automatic zone signing</h3></div></div></div></div>
 <p>To enable automatic signing, add the 
  <span><strong class="command">auto-dnssec</strong></span> option to the zone statement in 
  <code class="filename">named.conf</code>. 
@@ -1205,7 +1205,7 @@ options {
  configuration. If this has not been done, the configuration will
  fail.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563742"></a>Private-type records</h3></div></div></div></div>
+<a name="id2563811"></a>Private-type records</h3></div></div></div></div>
 <p>The state of the signing process is signaled by
  private-type records (with a default type value of 65534). When
  signing is complete, these records will have a nonzero value for
@@ -1246,12 +1246,12 @@ options {
 <p>
  </p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563780"></a>DNSKEY rollovers</h3></div></div></div></div>
+<a name="id2563848"></a>DNSKEY rollovers</h3></div></div></div></div>
 <p>As with insecure-to-secure conversions, rolling DNSSEC
  keys can be done in two ways: using a dynamic DNS update, or the 
  <span><strong class="command">auto-dnssec</strong></span> zone option.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563793"></a>Dynamic DNS update method</h3></div></div></div></div>
+<a name="id2563861"></a>Dynamic DNS update method</h3></div></div></div></div>
 <p> To perform key rollovers via dynamic update, you need to add
  the <code class="filename">K*</code> files for the new keys so that 
  <span><strong class="command">named</strong></span> can find them. You can then add the new
@@ -1273,7 +1273,7 @@ options {
  <span><strong class="command">named</strong></span> will clean out any signatures generated
  by the old key after the update completes.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563962"></a>Automatic key rollovers</h3></div></div></div></div>
+<a name="id2564030"></a>Automatic key rollovers</h3></div></div></div></div>
 <p>When a new key reaches its activation date (as set by
  <span><strong class="command">dnssec-keygen</strong></span> or <span><strong class="command">dnssec-settime</strong></span>),
  if the <span><strong class="command">auto-dnssec</strong></span> zone option is set to 
@@ -1288,27 +1288,27 @@ options {
  completes in 30 days, after which it will be safe to remove the
  old key from the DNSKEY RRset.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563989"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
+<a name="id2564057"></a>NSEC3PARAM rollovers via UPDATE</h3></div></div></div></div>
 <p>Add the new NSEC3PARAM record via dynamic update. When the
  new NSEC3 chain has been generated, the NSEC3PARAM flag field
  will be zero. At this point you can remove the old NSEC3PARAM
  record. The old chain will be removed after the update request
  completes.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2563998"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
+<a name="id2564067"></a>Converting from NSEC to NSEC3</h3></div></div></div></div>
 <p>To do this, you just need to add an NSEC3PARAM record. When
  the conversion is complete, the NSEC chain will have been removed
  and the NSEC3PARAM record will have a zero flag field. The NSEC3
  chain will be generated before the NSEC chain is
  destroyed.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2564008"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
+<a name="id2564076"></a>Converting from NSEC3 to NSEC</h3></div></div></div></div>
 <p>To do this, use <span><strong class="command">nsupdate</strong></span> to
  remove all NSEC3PARAM records with a zero flag
  field. The NSEC chain will be generated before the NSEC3 chain is
  removed.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2564021"></a>Converting from secure to insecure</h3></div></div></div></div>
+<a name="id2564089"></a>Converting from secure to insecure</h3></div></div></div></div>
 <p>To convert a signed zone to unsigned using dynamic DNS,
  delete all the DNSKEY records from the zone apex using
  <span><strong class="command">nsupdate</strong></span>. All signatures, NSEC or NSEC3 chains,
@@ -1323,14 +1323,14 @@ options {
  <span><strong class="command">allow</strong></span> instead (or it will re-sign).
  </p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573752"></a>Periodic re-signing</h3></div></div></div></div>
+<a name="id2573684"></a>Periodic re-signing</h3></div></div></div></div>
 <p>In any secure zone which supports dynamic updates, <span><strong class="command">named</strong></span>
  will periodically re-sign RRsets which have not been re-signed as
  a result of some update action. The signature lifetimes will be
  adjusted so as to spread the re-sign load over time rather than
  all at once.</p>
 <div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title">
-<a name="id2573766"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
+<a name="id2573698"></a>NSEC3 and OPTOUT</h3></div></div></div></div>
 <p>
  <span><strong class="command">named</strong></span> only supports creating new NSEC3 chains
  where all the NSEC3 records in the zone have the same OPTOUT
@@ -1352,7 +1352,7 @@ options {
  configuration files.</p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2573789"></a>Validating Resolver</h3></div></div></div>
+<a name="id2612292"></a>Validating Resolver</h3></div></div></div>
 <p>To configure a validating resolver to use RFC 5011 to
    maintain a trust anchor, configure the trust anchor using a 
    <span><strong class="command">managed-keys</strong></span> statement. Information about
@@ -1363,7 +1363,7 @@ options {
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2573812"></a>Authoritative Server</h3></div></div></div>
+<a name="id2612314"></a>Authoritative Server</h3></div></div></div>
 <p>To set up an authoritative zone for RFC 5011 trust anchor
    maintenance, generate two (or more) key signing keys (KSKs) for
    the zone. Sign the zone with one of them; this is the "active"
@@ -1460,7 +1460,7 @@ $ <strong class="userinput"><code>dnssec-signzone -S -K keys example.net</code><
  </p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2667716"></a>Prerequisites</h3></div></div></div>
+<a name="id2667784"></a>Prerequisites</h3></div></div></div>
 <p>
      See the documentation provided by your HSM vendor for
      information about installing, initializing, testing and
@@ -1502,7 +1502,7 @@ $ <strong class="userinput"><code>./configure --enable-native-pkcs11 \
    </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613124"></a>Building SoftHSMv2</h4></div></div></div>
+<a name="id2613056"></a>Building SoftHSMv2</h4></div></div></div>
 <p>
 	SoftHSMv2, the latest development version of SoftHSM, is available
 	from
@@ -1540,7 +1540,7 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2613258"></a>OpenSSL-based PKCS#11</h3></div></div></div>
+<a name="id2613122"></a>OpenSSL-based PKCS#11</h3></div></div></div>
 <p>
      OpenSSL-based PKCS#11 mode uses a modified version of the
      OpenSSL library; stock OpenSSL does not fully support PKCS#11.
@@ -1598,7 +1598,7 @@ $ <strong class="userinput"><code> /opt/pkcs11/usr/bin/softhsm-util --init-token
    </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613296"></a>Patching OpenSSL</h4></div></div></div>
+<a name="id2613159"></a>Patching OpenSSL</h4></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>wget <a href="" target="_top">http://www.openssl.org/source/openssl-0.9.8zc.tar.gz</a></code></strong>
  </pre>
@@ -1631,7 +1631,7 @@ $ <strong class="userinput"><code>patch -p1 -d openssl-0.9.8zc \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613354"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
+<a name="id2613491"></a>Building OpenSSL for the AEP Keyper on Linux</h4></div></div></div>
 <p>
 	The AEP Keyper is a highly secure key storage device,
 	but does not provide hardware cryptographic acceleration. It
@@ -1673,7 +1673,7 @@ $ <strong class="userinput"><code>./Configure linux-generic32 -m32 -pthread \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613424"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
+<a name="id2613560"></a>Building OpenSSL for the SCA 6000 on Solaris</h4></div></div></div>
 <p>
 	The SCA-6000 PKCS#11 provider is installed as a system
 	library, libpkcs11. It is a true crypto accelerator, up to 4
@@ -1702,7 +1702,7 @@ $ <strong class="userinput"><code>./Configure solaris64-x86_64-cc \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2613473"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
+<a name="id2613609"></a>Building OpenSSL for SoftHSM</h4></div></div></div>
 <p>
 	SoftHSM (version 1) is a software library developed by the
 	OpenDNSSEC project
@@ -1777,7 +1777,7 @@ $ <strong class="userinput"><code>./Configure linux-x86_64 -pthread \
    </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2640048"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
+<a name="id2640116"></a>Configuring BIND 9 for Linux with the AEP Keyper</h4></div></div></div>
 <p>
 	To link with the PKCS#11 provider, threads must be
 	enabled in the BIND 9 build.
@@ -1797,7 +1797,7 @@ $ <strong class="userinput"><code>./configure CC="gcc -m32" --enable-threads \
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2640080"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
+<a name="id2640148"></a>Configuring BIND 9 for Solaris with the SCA 6000</h4></div></div></div>
 <p>
 	To link with the PKCS#11 provider, threads must be
 	enabled in the BIND 9 build.
@@ -1819,7 +1819,7 @@ $ <strong class="userinput"><code>./configure CC="cc -xarch=amd64" --enable-thre
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2640116"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
+<a name="id2640184"></a>Configuring BIND 9 for SoftHSM</h4></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>cd ../bind9</code></strong>
 $ <strong class="userinput"><code>./configure --enable-threads \
@@ -1840,7 +1840,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2640165"></a>PKCS#11 Tools</h3></div></div></div>
+<a name="id2640233"></a>PKCS#11 Tools</h3></div></div></div>
 <p>
      BIND 9 includes a minimal set of tools to operate the
      HSM, including 
@@ -1863,7 +1863,7 @@ $ <strong class="userinput"><code>./configure --enable-threads \
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2640201"></a>Using the HSM</h3></div></div></div>
+<a name="id2640269"></a>Using the HSM</h3></div></div></div>
 <p>
      For OpenSSL-based PKCS#11, we must first set up the runtime
      environment so the OpenSSL and PKCS#11 libraries can be loaded:
@@ -1984,7 +1984,7 @@ example.net.signed
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2640487"></a>Specifying the engine on the command line</h3></div></div></div>
+<a name="id2640555"></a>Specifying the engine on the command line</h3></div></div></div>
 <p>
      When using OpenSSL-based PKCS#11, the "engine" to be used by
      OpenSSL can be specified in <span><strong class="command">named</strong></span> and all of
@@ -2016,7 +2016,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2640535"></a>Running named with automatic zone re-signing</h3></div></div></div>
+<a name="id2640603"></a>Running named with automatic zone re-signing</h3></div></div></div>
 <p>
      If you want <span><strong class="command">named</strong></span> to dynamically re-sign zones
      using HSM keys, and/or to to sign new records inserted via nsupdate,
@@ -2224,7 +2224,7 @@ $ <strong class="userinput"><code>dnssec-signzone -E '' -S example.net</code></s
        the traditional "nibble" format used in the
        <span class="emphasis"><em>ip6.arpa</em></span> domain, as well as the older, deprecated
        <span class="emphasis"><em>ip6.int</em></span> domain.
-        Older versions of <acronym class="acronym">BIND</acronym> 9 
+        Older versions of <acronym class="acronym">BIND</acronym> 9
        supported the "binary label" (also known as "bitstring") format,
        but support of binary labels has been completely removed per
        RFC 3363.
--- a/doc/arm/Bv9ARM.ch05.html
+++ b/doc/arm/Bv9ARM.ch05.html
@@ -123,7 +123,7 @@
 <p>
        The number of client queries that the <span><strong class="command">lwresd</strong></span>
        daemon is able to serve can be set using the
-        <code class="option">lwres-tasks</code> and <code class="option">lwres-clients</code> 
+        <code class="option">lwres-tasks</code> and <code class="option">lwres-clients</code>
        statements in the configuration.
      </p>
 </div>
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -69,9 +69,9 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577350"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577447"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577611"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577729"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577660"><span><strong class="command">masters</strong></span> Statement Definition and
          Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577750"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577682"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
          Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
@@ -81,7 +81,7 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592974"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
            Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593477"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593409"><span><strong class="command">trusted-keys</strong></span> Statement Definition
            and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593530"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
@@ -92,14 +92,14 @@
            Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595777"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
 </dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599553">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599621">Zone File</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2601783">Discussion of MX Records</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602467">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602594">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602867"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602535">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602662">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602935"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -439,7 +439,7 @@
                  "as big as possible", depending on the context.
                  See the explanations of particular parameters
                  that use <code class="varname">size_spec</code>
-                  for details on how they interpret its use. 
+                  for details on how they interpret its use.
                </p>
                <p>
                  Numeric values can optionally be followed by a
@@ -458,7 +458,7 @@
                  way to safely set a very large number.
                </p>
                <p>
-                  <code class="varname">default</code> 
+                  <code class="varname">default</code>
                  uses the limit that was in force when the server was started.
                </p>
              </td>
@@ -788,7 +788,7 @@
                <p>
                  defines a named masters list for
                  inclusion in stub and slave zones'
-                  <span><strong class="command">masters</strong></span> or 
+                  <span><strong class="command">masters</strong></span> or
                  <span><strong class="command">also-notify</strong></span> lists.
                </p>
              </td>
@@ -2179,7 +2179,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
          of worker threads the lightweight resolver will dedicate to serving
          clients.  By default the number is the same as the number of CPUs on
          the system; this can be overridden using the <code class="option">-n</code>
-          command line option when starting the server. 
+          command line option when starting the server.
        </p>
 <p>
          The <code class="option">lwres-clients</code> specifies
@@ -2204,13 +2204,13 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 <div class="titlepage"><div><div><h3 class="title">
 <a name="id2577611"></a><span><strong class="command">masters</strong></span> Statement Grammar</h3></div></div></div>
 <pre class="programlisting">
-<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> | 
+<span><strong class="command">masters</strong></span> <em class="replaceable"><code>name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] { ( <em class="replaceable"><code>masters_list</code></em> |
      <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">key <em class="replaceable"><code>key</code></em></span>] ) ; [<span class="optional">...</span>] };
 </pre>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2577729"></a><span><strong class="command">masters</strong></span> Statement Definition and
+<a name="id2577660"></a><span><strong class="command">masters</strong></span> Statement Definition and
          Usage</h3></div></div></div>
 <p><span><strong class="command">masters</strong></span>
          lists allow for a common set of masters to be easily used by
@@ -2220,7 +2220,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2577750"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
+<a name="id2577682"></a><span><strong class="command">options</strong></span> Statement Grammar</h3></div></div></div>
 <p>
          This is the grammar of the <span><strong class="command">options</strong></span>
          statement in the <code class="filename">named.conf</code> file:
@@ -2285,7 +2285,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
    [<span class="optional"> forwarders { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; ... </span>] }; </span>]
    [<span class="optional"> dual-stack-servers [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] {
        ( <em class="replaceable"><code>domain_name</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>] |
-          <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>]) ; 
+          <em class="replaceable"><code>ip_addr</code></em> [<span class="optional">port <em class="replaceable"><code>ip_port</code></em></span>] [<span class="optional">dscp <em class="replaceable"><code>ip_dscp</code></em></span>]) ;
        ... }; </span>]
    [<span class="optional"> check-names ( <em class="replaceable"><code>master</code></em> | <em class="replaceable"><code>slave</code></em> | <em class="replaceable"><code>response</code></em> )
        ( <em class="replaceable"><code>warn</code></em> | <em class="replaceable"><code>fail</code></em> | <em class="replaceable"><code>ignore</code></em> ); </span>]
@@ -2336,7 +2336,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
    [<span class="optional"> query-source-v6 ( ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> )
        [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
        [<span class="optional"> dscp <em class="replaceable"><code>ip_dscp</code></em></span>] |
-        [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] 
+        [<span class="optional"> address ( <em class="replaceable"><code>ip6_addr</code></em> | <em class="replaceable"><code>*</code></em> ) </span>]
        [<span class="optional"> port ( <em class="replaceable"><code>ip_port</code></em> | <em class="replaceable"><code>*</code></em> ) </span>] )
        [<span class="optional"> dscp <em class="replaceable"><code>ip_dscp</code></em></span>] ; </span>]
    [<span class="optional"> use-queryport-pool <em class="replaceable"><code>yes_or_no</code></em>; </span>]
@@ -2789,7 +2789,7 @@ badresp:1,adberr:0,findfail:0,valfail:0]
                The pathname of a file to override the built-in trusted
                keys provided by <span><strong class="command">named</strong></span>.
                See the discussion of <span><strong class="command">dnssec-lookaside</strong></span>
-                and <span><strong class="command">dnssec-validation</strong></span> for details. 
+                and <span><strong class="command">dnssec-validation</strong></span> for details.
                If not specified, the default is
                <code class="filename">/etc/bind.keys</code>.
              </p></dd>
@@ -3042,7 +3042,7 @@ options {
 <p>
                Each <span><strong class="command">dns64</strong></span> supports an optional
                <span><strong class="command">mapped</strong></span> ACL that selects which
-                IPv4 addresses are to be mapped in the corresponding    
+                IPv4 addresses are to be mapped in the corresponding
                A RRset.  If not defined it defaults to
                <strong class="userinput"><code>any;</code></strong>.
              </p>
@@ -3127,7 +3127,7 @@ options {
 <p>
                  Species the default lifetime, in seconds,
                  that will be used for negative trust anchors added
-                  via <span><strong class="command">rndc nta</strong></span>. 
+                  via <span><strong class="command">rndc nta</strong></span>.
                </p>
 <p>
                  A negative trust anchor selectively disables
@@ -3160,7 +3160,7 @@ options {
                  domain has stopped validating due to operator error;
                  it temporarily disables DNSSEC validation for that
                  domain. In the interest of ensuring that DNSSEC
-                  validation is turned back on as soon as possible, 
+                  validation is turned back on as soon as possible,
                  <span><strong class="command">named</strong></span> will periodically send a
                  query to the domain, ignoring negative trust anchors,
                  to find out whether it can now be validated.  If so,
@@ -3233,7 +3233,7 @@ options {
                option can also accept <strong class="userinput"><code>yes</code></strong>
                or <strong class="userinput"><code>no</code></strong>; <strong class="userinput"><code>yes</code></strong>
                has the same meaning as <strong class="userinput"><code>full</code></strong>.
-                As of <acronym class="acronym">BIND</acronym> 9.10, 
+                As of <acronym class="acronym">BIND</acronym> 9.10,
                <strong class="userinput"><code>no</code></strong> has the same meaning
                as <strong class="userinput"><code>none</code></strong>; previously, it
                was the same as <strong class="userinput"><code>terse</code></strong>.
@@ -3539,7 +3539,7 @@ options {
                  with "geoip" ACL elements, this option indicates whether
                  the EDNS Client Subnet option, if present in a request,
                  should be used for matching against the GeoIP database.
-                  The default is 
+                  The default is
                  <span><strong class="command">geoip-use-ecs</strong></span> <strong class="userinput"><code>yes</code></strong>.
                </p></dd>
 <dt><span class="term"><span><strong class="command">has-old-clients</strong></span></span></dt>
@@ -3651,7 +3651,7 @@ options {
 <dt><span class="term"><span><strong class="command">request-nsid</strong></span></span></dt>
 <dd><p>
                  If <strong class="userinput"><code>yes</code></strong>, then an empty EDNS(0)
-                  NSID (Name Server Identifier) option is sent with all 
+                  NSID (Name Server Identifier) option is sent with all
                  queries to authoritative name servers during iterative
                  resolution. If the authoritative server returns an NSID
                  option in its response, then its contents are logged in
@@ -3886,7 +3886,7 @@ options {
 <p>
                  If <strong class="userinput"><code>yes</code></strong>,
                  the DNS client is at an IPv4 address, in <span><strong class="command">filter-aaaa</strong></span>,
-                  and if the response does not include DNSSEC signatures, 
+                  and if the response does not include DNSSEC signatures,
                  then all AAAA records are deleted from the response.
                  This filtering applies to all responses and not only
                  authoritative responses.
@@ -3898,8 +3898,8 @@ options {
                  because the DNSSEC protocol is designed detect deletions.
                </p>
 <p>
-                  This mechanism can erroneously cause other servers to 
-                  not give AAAA records to their clients.  
+                  This mechanism can erroneously cause other servers to
+                  not give AAAA records to their clients.
                  A recursing server with both IPv6 and IPv4 network connections
                  that queries an authoritative server using this mechanism
                  via IPv4 will be denied AAAA records even if its client is
@@ -4262,7 +4262,7 @@ options {
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2584669"></a>Dual-stack Servers</h4></div></div></div>
+<a name="id2584738"></a>Dual-stack Servers</h4></div></div></div>
 <p>
            Dual-stack servers are used as servers of last resort to work
            around
@@ -4538,7 +4538,7 @@ options {
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2585429"></a>Interfaces</h4></div></div></div>
+<a name="id2585497"></a>Interfaces</h4></div></div></div>
 <p>
            The interfaces and ports that the server will answer queries
            from may be specified using the <span><strong class="command">listen-on</strong></span> option. <span><strong class="command">listen-on</strong></span> takes
@@ -4697,7 +4697,7 @@ avoid-v6-udp-ports {};
 </pre>
 <p>
            Note: BIND 9.5.0 introduced
-            the <span><strong class="command">use-queryport-pool</strong></span> 
+            the <span><strong class="command">use-queryport-pool</strong></span>
            option to support a pool of such random ports, but this
            option is now obsolete because reusing the same ports in
            the pool may not be sufficiently secure.
@@ -5015,7 +5015,7 @@ avoid-v6-udp-ports {};
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2586652"></a>UDP Port Lists</h4></div></div></div>
+<a name="id2586721"></a>UDP Port Lists</h4></div></div></div>
 <p>
            <span><strong class="command">use-v4-udp-ports</strong></span>,
            <span><strong class="command">avoid-v4-udp-ports</strong></span>,
@@ -5057,7 +5057,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2586712"></a>Operating System Resource Limits</h4></div></div></div>
+<a name="id2586780"></a>Operating System Resource Limits</h4></div></div></div>
 <p>
            The server's usage of many system resources can be limited.
            Scaled values are allowed when specifying resource limits.  For
@@ -5172,7 +5172,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 <p>
                  A "soft quota" is also set.  When this lower
                  quota is exceeded, incoming requests are accepted, but
-                  for each one, a pending request will be dropped. 
+                  for each one, a pending request will be dropped.
                  If <code class="option">recursive-clients</code> is greater than
                  1000, the soft quota is set to
                  <code class="option">recursive-clients</code> minus 100;
@@ -5376,7 +5376,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                  or the value 0, will place no limit on cache size;
                  records will be purged from the cache only when their
                  TTLs expire.
-                  Any positive values less than 2MB will be ignored 
+                  Any positive values less than 2MB will be ignored
                  and reset to 2MB.
                  In a server with multiple views, the limit applies
                  separately to the cache of each view.
@@ -5391,7 +5391,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
                  waiting for
                  some data before being passed to accept.  Nonzero values
                  less than 10 will be silently raised. A value of 0 may also
-                  be used; on most platforms this sets the listen queue 
+                  be used; on most platforms this sets the listen queue
                  length to a system-defined default value.
                </p></dd>
 </dl></div>
@@ -6441,7 +6441,7 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2590160"></a>Content Filtering</h4></div></div></div>
+<a name="id2590228"></a>Content Filtering</h4></div></div></div>
 <p>
            <acronym class="acronym">BIND</acronym> 9 provides the ability to filter
            out DNS responses from external DNS servers containing
@@ -6564,7 +6564,7 @@ deny-answer-aliases { "example.net"; };
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2590558"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
+<a name="id2590695"></a>Response Policy Zone (RPZ) Rewriting</h4></div></div></div>
 <p>
            <acronym class="acronym">BIND</acronym> 9 includes a limited
            mechanism to modify DNS responses for requests
@@ -6617,7 +6617,7 @@ deny-answer-aliases { "example.net"; };
                    to the standard IPv6 text representation,
                    <strong class="userinput"><code>prefixlength.W8.W7.W6.W5.W4.W3.W2.W1.rpz-client-ip</code></strong>.
                    Each of W8,...,W1 is a one to four digit hexadecimal number
-                    representing 16 bits of the IPv6 address as in the standard 
+                    representing 16 bits of the IPv6 address as in the standard
                    text representation of IPv6 addresses, but reversed as in
                    IP6.ARPA. (Note that this representation of IPv6
                    address is different from IP6.ARPA where each hex
@@ -7340,7 +7340,7 @@ example.com                 CNAME   rpz-tcp-only.
            when a secondary server transfers a zone from another
            secondary server; when transferring from the primary, the
            expiration timer is set from the EXPIRE field of the SOA
-            record instead. 
+            record instead.
            The default is <span><strong class="command">yes</strong></span>.
          </p>
 <p>
@@ -7481,7 +7481,7 @@ example.com                 CNAME   rpz-tcp-only.
            whether the local server will add a NSID EDNS option
            to requests sent to the server.  This overrides
            <span><strong class="command">request-nsid</strong></span> set at the view or
-            option level. 
+            option level.
          </p>
 <p>
            The <span><strong class="command">send-cookie</strong></span> clause determines
@@ -7562,16 +7562,16 @@ example.com                 CNAME   rpz-tcp-only.
          port 8888, then the statistics are accessible in XML format at
          <a href="http://127.0.0.1:8888/" target="_top">http://127.0.0.1:8888/</a> or
          <a href="http://127.0.0.1:8888/xml" target="_top">http://127.0.0.1:8888/xml</a>. A CSS file is
-          included which can format the XML statistics into tables 
-          when viewed with a stylesheet-capable browser, and into 
+          included which can format the XML statistics into tables
+          when viewed with a stylesheet-capable browser, and into
          charts and graphs using the Google Charts API when using a
          javascript-capable browser.
        </p>
 <p>
          Applications that depend on a particular XML schema
-          can request 
+          can request
          <a href="http://127.0.0.1:8888/xml/v2" target="_top">http://127.0.0.1:8888/xml/v2</a> for version 2
-          of the statistics XML schema or 
+          of the statistics XML schema or
          <a href="http://127.0.0.1:8888/xml/v3" target="_top">http://127.0.0.1:8888/xml/v3</a> for version 3.
          If the requested schema is supported by the server, then
          it will respond; if not, it will return a "page not found"
@@ -7625,7 +7625,7 @@ example.com                 CNAME   rpz-tcp-only.
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2593477"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<a name="id2593409"></a><span><strong class="command">trusted-keys</strong></span> Statement Definition
            and Usage</h3></div></div></div>
 <p>
            The <span><strong class="command">trusted-keys</strong></span> statement defines
@@ -7681,7 +7681,7 @@ example.com                 CNAME   rpz-tcp-only.
 <a name="managed-keys"></a><span><strong class="command">managed-keys</strong></span> Statement Definition
            and Usage</h3></div></div></div>
 <p>
-            The <span><strong class="command">managed-keys</strong></span> statement, like 
+            The <span><strong class="command">managed-keys</strong></span> statement, like
            <span><strong class="command">trusted-keys</strong></span>, defines DNSSEC
            security roots.  The difference is that
            <span><strong class="command">managed-keys</strong></span> can be kept up to date
@@ -7727,7 +7727,7 @@ example.com                 CNAME   rpz-tcp-only.
            <code class="literal">initial-key</code>.  The difference is, whereas the
            keys listed in a <span><strong class="command">trusted-keys</strong></span> continue to be
            trusted until they are removed from
-            <code class="filename">named.conf</code>, an initializing key listed 
+            <code class="filename">named.conf</code>, an initializing key listed
            in a <span><strong class="command">managed-keys</strong></span> statement is only trusted
            <span class="emphasis"><em>once</em></span>: for as long as it takes to load the
            managed key database and start the RFC 5011 key maintenance
@@ -8098,7 +8098,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
    type static-stub;
    [<span class="optional"> allow-query { <em class="replaceable"><code>address_match_list</code></em> }; </span>]
    [<span class="optional"> server-addresses { [<span class="optional"> <em class="replaceable"><code>ip_addr</code></em> ; ... </span>] }; </span>]
-    [<span class="optional"> server-names { [<span class="optional"> <em class="replaceable"><code>namelist</code></em> </span>] }; </span>]  
+    [<span class="optional"> server-names { [<span class="optional"> <em class="replaceable"><code>namelist</code></em> </span>] }; </span>]
    [<span class="optional"> zone-statistics <em class="replaceable"><code>yes_or_no</code></em> ; </span>]
 };

@@ -8303,7 +8303,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
                      <p>
                        Each static-stub zone is configured with
                        internally generated NS and (if necessary)
-                        glue A or AAAA RRs 
+                        glue A or AAAA RRs
                      </p>
                    </td>
 </tr>
@@ -8387,7 +8387,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
                        2001:ffff:ffff::100.100.100.2, one would
                        configure a type redirect zone named ".",
                        with the zone file containing wildcard records
-                        that point to the desired addresses: 
+                        that point to the desired addresses:
                        <code class="literal">"*. IN A 100.100.100.2"</code>
                        and
                        <code class="literal">"*. IN AAAA 2001:ffff:ffff::100.100.100.2"</code>.
@@ -8395,7 +8395,7 @@ zone <em class="replaceable"><code>zone_name</code></em> [<span class="optional"
                      <p>
                        To redirect all Spanish names (under .ES) one
                        would use similar entries but with the names
-                        "*.ES." instead of "*.".  To redirect all 
+                        "*.ES." instead of "*.".  To redirect all
                        commercial Spanish names (under COM.ES) one
                        would use wildcard entries called "*.COM.ES.".
                      </p>
@@ -8905,7 +8905,7 @@ example.com. NS ns2.example.net.
                    <em class="replaceable"><code>zonename</code></em></strong></span> causes
                    <span><strong class="command">named</strong></span> to load keys from the key
                    repository and sign the zone with all keys that are
-                    active. 
+                    active.
                    <span><strong class="command">rndc loadkeys
                    <em class="replaceable"><code>zonename</code></em></strong></span> causes
                    <span><strong class="command">named</strong></span> to load keys from the key
@@ -8936,7 +8936,7 @@ example.com. NS ns2.example.net.
                    the zone is updated.
                  </p>
 <p>
-                    When set to 
+                    When set to
                    <span><strong class="command">serial-update-method unixtime;</strong></span>, the
                    SOA serial number will be set to the number of seconds
                    since the UNIX epoch, unless the serial number is
@@ -8944,7 +8944,7 @@ example.com. NS ns2.example.net.
                    case it is simply incremented by one.
                  </p>
 <p>
-                    When set to 
+                    When set to
                    <span><strong class="command">serial-update-method date;</strong></span>, the
                    new SOA serial number will be the current date
                    in the form "YYYYMMDD", followed by two zeroes,
@@ -9242,7 +9242,7 @@ example.com. NS ns2.example.net.
                      <p>
                        This rule takes a Windows machine principal
                        (machine$@REALM) for machine in REALM and
-                        and converts it machine.realm allowing the machine 
+                        and converts it machine.realm allowing the machine
                        to update machine.realm.  The REALM to be matched
                        is specified in the <em class="replaceable"><code>identity</code></em>
                        field.
@@ -9257,7 +9257,7 @@ example.com. NS ns2.example.net.
                    </td>
 <td>
                      <p>
-                        This rule takes a Windows machine principal 
+                        This rule takes a Windows machine principal
                        (machine$@REALM) for machine in REALM and
                        converts it to machine.realm allowing the machine
                        to update subdomains of machine.realm.  The REALM
@@ -9276,7 +9276,7 @@ example.com. NS ns2.example.net.
                      <p>
                        This rule takes a Kerberos machine principal
                        (host/machine@REALM) for machine in REALM and
-                        and converts it machine.realm allowing the machine 
+                        and converts it machine.realm allowing the machine
                        to update machine.realm.  The REALM to be matched
                        is specified in the <em class="replaceable"><code>identity</code></em>
                        field.
@@ -9291,7 +9291,7 @@ example.com. NS ns2.example.net.
                    </td>
 <td>
                      <p>
-                        This rule takes a Kerberos machine principal 
+                        This rule takes a Kerberos machine principal
                        (host/machine@REALM) for machine in REALM and
                        converts it to machine.realm allowing the machine
                        to update subdomains of machine.realm.  The REALM
@@ -9403,7 +9403,7 @@ example.com. NS ns2.example.net.
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2599354"></a>Multiple views</h4></div></div></div>
+<a name="id2599422"></a>Multiple views</h4></div></div></div>
 <p>
              When multiple views are in use, a zone may be
              referenced by more than one of them. Often, the views
@@ -9465,7 +9465,7 @@ view external {
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2599553"></a>Zone File</h2></div></div></div>
+<a name="id2599621"></a>Zone File</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
 <a name="types_of_resource_records_and_when_to_use_them"></a>Types of Resource Records and When to Use Them</h3></div></div></div>
@@ -9478,7 +9478,7 @@ view external {
          </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2599571"></a>Resource Records</h4></div></div></div>
+<a name="id2599639"></a>Resource Records</h4></div></div></div>
 <p>
              A domain name identifies a node.  Each node has a set of
              resource information, which may be empty.  The set of resource
@@ -10673,7 +10673,7 @@ view external {
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2602467"></a>Inverse Mapping in IPv4</h3></div></div></div>
+<a name="id2602535"></a>Inverse Mapping in IPv4</h3></div></div></div>
 <p>
            Reverse name resolution (that is, translation from IP address
            to name) is achieved by means of the <span class="emphasis"><em>in-addr.arpa</em></span> domain
@@ -10734,7 +10734,7 @@ view external {
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2602594"></a>Other Zone File Directives</h3></div></div></div>
+<a name="id2602662"></a>Other Zone File Directives</h3></div></div></div>
 <p>
            The Master File Format was initially defined in RFC 1035 and
            has subsequently been extended. While the Master File Format
@@ -10749,18 +10749,18 @@ view external {
          </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2602616"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
+<a name="id2602684"></a>The <span><strong class="command">@</strong></span> (at-sign)</h4></div></div></div>
 <p>
              When used in the label (or name) field, the asperand or
              at-sign (@) symbol represents the current origin.
-              At the start of the zone file, it is the 
+              At the start of the zone file, it is the
              &lt;<code class="varname">zone_name</code>&gt; (followed by
              trailing dot).
            </p>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2602632"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
+<a name="id2602700"></a>The <span><strong class="command">$ORIGIN</strong></span> Directive</h4></div></div></div>
 <p>
              Syntax: <span><strong class="command">$ORIGIN</strong></span>
              <em class="replaceable"><code>domain-name</code></em>
@@ -10789,7 +10789,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2602761"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
+<a name="id2602829"></a>The <span><strong class="command">$INCLUDE</strong></span> Directive</h4></div></div></div>
 <p>
              Syntax: <span><strong class="command">$INCLUDE</strong></span>
              <em class="replaceable"><code>filename</code></em>
@@ -10825,7 +10825,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2602830"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
+<a name="id2602899"></a>The <span><strong class="command">$TTL</strong></span> Directive</h4></div></div></div>
 <p>
              Syntax: <span><strong class="command">$TTL</strong></span>
              <em class="replaceable"><code>default-ttl</code></em>
@@ -10844,7 +10844,7 @@ WWW.EXAMPLE.COM. CNAME MAIN-SERVER.EXAMPLE.COM.
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2602867"></a><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
+<a name="id2602935"></a><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</h3></div></div></div>
 <p>
            Syntax: <span><strong class="command">$GENERATE</strong></span>
            <em class="replaceable"><code>range</code></em>
@@ -11041,7 +11041,7 @@ HOST-127.EXAMPLE. MX 0 .
 <p>
            In addition to the standard textual format, BIND 9
            supports the ability to read or dump to zone files in
-            other formats. 
+            other formats.
          </p>
 <p>
            The <code class="constant">raw</code> format is
@@ -11061,7 +11061,7 @@ HOST-127.EXAMPLE. MX 0 .
            For a primary server, a zone file in
            <code class="constant">raw</code> or <code class="constant">map</code>
            format is expected to be generated from a textual zone
-            file by the <span><strong class="command">named-compilezone</strong></span> command. 
+            file by the <span><strong class="command">named-compilezone</strong></span> command.
            For a secondary server or for a dynamic zone, it is automatically
            generated (if this format is specified by the
            <span><strong class="command">masterfile-format</strong></span> option) when
@@ -11083,7 +11083,7 @@ HOST-127.EXAMPLE. MX 0 .
            with different pointer size, endianness or data alignment
            than the system on which it was generated, and should in
            general be used only inside a single system.
-            While <code class="constant">raw</code> format uses 
+            While <code class="constant">raw</code> format uses
            network byte order and avoids architecture-dependent
            data alignment so that it is as portable as
            possible, it is also primarily expected to be used
@@ -11910,7 +11910,7 @@ HOST-127.EXAMPLE. MX 0 .
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2605630"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
+<a name="id2605699"></a>Zone Maintenance Statistics Counters</h4></div></div></div>
 <div class="informaltable"><table border="1">
 <colgroup>
 <col>
@@ -12064,7 +12064,7 @@ HOST-127.EXAMPLE. MX 0 .
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2606013"></a>Resolver Statistics Counters</h4></div></div></div>
+<a name="id2606082"></a>Resolver Statistics Counters</h4></div></div></div>
 <div class="informaltable"><table border="1">
 <colgroup>
 <col>
@@ -12602,7 +12602,7 @@ HOST-127.EXAMPLE. MX 0 .
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2607545"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
+<a name="id2607613"></a>Compatibility with <span class="emphasis"><em>BIND</em></span> 8 Counters</h4></div></div></div>
 <p>
              Most statistics counters that were available
              in <span><strong class="command">BIND</strong></span> 8 are also supported in
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -48,8 +48,8 @@
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2607956"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608105">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608165">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608173">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608233">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
 </dl>
@@ -271,7 +271,7 @@ allow-query { !{ !10/8; any; }; key example; };
        </p>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2608105"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
+<a name="id2608173"></a>The <span><strong class="command">chroot</strong></span> Environment</h3></div></div></div>
 <p>
            In order for a <span><strong class="command">chroot</strong></span> environment
            to
@@ -299,7 +299,7 @@ allow-query { !{ !10/8; any; }; key example; };
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2608165"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
+<a name="id2608233"></a>Using the <span><strong class="command">setuid</strong></span> Function</h3></div></div></div>
 <p>
            Prior to running the <span><strong class="command">named</strong></span> daemon,
            use
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -45,18 +45,18 @@
 <div class="toc">
 <p><b>Table of Contents</b></p>
 <dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608245">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2608250">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608262">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608347">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608313">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2608318">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608330">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608416">Where Can I Get Help?</a></span></dt>
 </dl>
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2608245"></a>Common Problems</h2></div></div></div>
+<a name="id2608313"></a>Common Problems</h2></div></div></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2608250"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
+<a name="id2608318"></a>It's not working; how can I figure out what's wrong?</h3></div></div></div>
 <p>
            The best solution to solving installation and
            configuration issues is to take preventative measures by setting
@@ -68,7 +68,7 @@
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2608262"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
+<a name="id2608330"></a>Incrementing and Changing the Serial Number</h2></div></div></div>
 <p>
          Zone serial numbers are just numbers &#8212; they aren't
          date related.  A lot of people set them to a number that
@@ -95,7 +95,7 @@
 </div>
 <div class="sect1" lang="en">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
-<a name="id2608347"></a>Where Can I Get Help?</h2></div></div></div>
+<a name="id2608416"></a>Where Can I Get Help?</h2></div></div></div>
 <p>
          The Internet Systems Consortium
          (<acronym class="acronym">ISC</acronym>) offers a wide range
--- a/doc/arm/Bv9ARM.ch11.html
+++ b/doc/arm/Bv9ARM.ch11.html
@@ -140,14 +140,14 @@
          </p>
 <div class="bibliography">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2608842"></a>Bibliography</h4></div></div></div>
+<a name="id2608910"></a>Bibliography</h4></div></div></div>
 <div class="bibliodiv">
 <h3 class="title">Standards</h3>
 <div class="biblioentry">
-<a name="id2608853"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
+<a name="id2608921"></a><p>[<abbr class="abbrev">RFC974</abbr>] <span class="author"><span class="firstname">C.</span> <span class="surname">Partridge</span>. </span><span class="title"><i>Mail Routing and the Domain System</i>. </span><span class="pubdate">January 1986. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2608876"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
+<a name="id2608945"></a><p>[<abbr class="abbrev">RFC1034</abbr>] <span class="author"><span class="firstname">P.V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Concepts and Facilities</i>. </span><span class="pubdate">November 1987. </span></p>
 </div>
 <div class="biblioentry">
 <a name="id2608968"></a><p>[<abbr class="abbrev">RFC1035</abbr>] <span class="author"><span class="firstname">P. V.</span> <span class="surname">Mockapetris</span>. </span><span class="title"><i>Domain Names &#8212; Implementation and
@@ -222,11 +222,11 @@
 <h3 class="title">Other Important RFCs About <acronym class="acronym">DNS</acronym>
                Implementation</h3>
 <div class="biblioentry">
-<a name="id2609779"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
+<a name="id2609710"></a><p>[<abbr class="abbrev">RFC1535</abbr>] <span class="author"><span class="firstname">E.</span> <span class="surname">Gavron</span>. </span><span class="title"><i>A Security Problem and Proposed Correction With Widely
                  Deployed <acronym class="acronym">DNS</acronym> Software</i>. </span><span class="pubdate">October 1993. </span></p>
 </div>
 <div class="biblioentry">
-<a name="id2609804"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
+<a name="id2609736"></a><p>[<abbr class="abbrev">RFC1536</abbr>] <span class="authorgroup"><span class="firstname">A.</span> <span class="surname">Kumar</span>, <span class="firstname">J.</span> <span class="surname">Postel</span>, <span class="firstname">C.</span> <span class="surname">Neuman</span>, <span class="firstname">P.</span> <span class="surname">Danzig</span>, and <span class="firstname">S.</span> <span class="surname">Miller</span>. </span><span class="title"><i>Common <acronym class="acronym">DNS</acronym> Implementation
                  Errors and Suggested Fixes</i>. </span><span class="pubdate">October 1993. </span></p>
 </div>
 <div class="biblioentry">
--- a/doc/arm/Bv9ARM.ch12.html
+++ b/doc/arm/Bv9ARM.ch12.html
@@ -47,13 +47,13 @@
 <dl>
 <dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615211">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615221">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614426">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614457">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614602">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614629">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616353">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616167">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616177">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613266">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613297">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614670">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614697">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616284">Library References</a></span></dt>
 </dl></dd>
 </dl>
 </div>
@@ -89,7 +89,7 @@
 </ul></div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615211"></a>Prerequisite</h3></div></div></div>
+<a name="id2616167"></a>Prerequisite</h3></div></div></div>
 <p>GNU make is required to build the export libraries (other
  part of BIND 9 can still be built with other types of make). In
  the reminder of this document, "make" means GNU make. Note that
@@ -98,7 +98,7 @@
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2615221"></a>Compilation</h3></div></div></div>
+<a name="id2616177"></a>Compilation</h3></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>./configure --enable-exportlib <em class="replaceable"><code>[other flags]</code></em></code></strong>
 $ <strong class="userinput"><code>make</code></strong>
@@ -113,7 +113,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2614426"></a>Installation</h3></div></div></div>
+<a name="id2613266"></a>Installation</h3></div></div></div>
 <pre class="screen">
 $ <strong class="userinput"><code>cd lib/export</code></strong>
 $ <strong class="userinput"><code>make install</code></strong>
@@ -135,7 +135,7 @@ $ <strong class="userinput"><code>make install</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2614457"></a>Known Defects/Restrictions</h3></div></div></div>
+<a name="id2613297"></a>Known Defects/Restrictions</h3></div></div></div>
 <div class="itemizedlist"><ul type="disc">
 <li><p>Currently, win32 is not supported for the export
      library. (Normal BIND 9 application can be built as
@@ -175,7 +175,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2614602"></a>The dns.conf File</h3></div></div></div>
+<a name="id2614670"></a>The dns.conf File</h3></div></div></div>
 <p>The IRS library supports an "advanced" configuration file
  related to the DNS library for configuration parameters that
  would be beyond the capability of the
@@ -193,14 +193,14 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2614629"></a>Sample Applications</h3></div></div></div>
+<a name="id2614697"></a>Sample Applications</h3></div></div></div>
 <p>Some sample application programs using this API are
  provided for reference. The following is a brief description of
  these applications.
  </p>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614637"></a>sample: a simple stub resolver utility</h4></div></div></div>
+<a name="id2614706"></a>sample: a simple stub resolver utility</h4></div></div></div>
 <p>
  It sends a query of a given name (of a given optional RR type) to a
  specified recursive server, and prints the result as a list of
@@ -264,7 +264,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614728"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
+<a name="id2614796"></a>sample-async: a simple stub resolver, working asynchronously</h4></div></div></div>
 <p>
  Similar to "sample", but accepts a list
  of (query) domain names as a separate file and resolves the names
@@ -305,7 +305,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614781"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
+<a name="id2614850"></a>sample-request: a simple DNS transaction client</h4></div></div></div>
 <p>
  It sends a query to a specified server, and
  prints the response with minimal processing. It doesn't act as a
@@ -346,7 +346,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614845"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
+<a name="id2614982"></a>sample-gai: getaddrinfo() and getnameinfo() test code</h4></div></div></div>
 <p>
  This is a test program
  to check getaddrinfo() and getnameinfo() behavior. It takes a
@@ -363,7 +363,7 @@ $ <strong class="userinput"><code>make</code></strong>
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2614860"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
+<a name="id2614997"></a>sample-update: a simple dynamic update client program</h4></div></div></div>
 <p>
  It accepts a single update command as a
  command-line argument, sends an update request message to the
@@ -458,7 +458,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </div>
 <div class="sect3" lang="en">
 <div class="titlepage"><div><div><h4 class="title">
-<a name="id2616289"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
+<a name="id2616220"></a>nsprobe: domain/name server checker in terms of RFC 4074</h4></div></div></div>
 <p>
  It checks a set
  of domains to see the name servers of the domains behave
@@ -515,7 +515,7 @@ $ <strong class="userinput"><code>sample-update -a sample-update -k Kxxx.+nnn+mm
 </div>
 <div class="sect2" lang="en">
 <div class="titlepage"><div><div><h3 class="title">
-<a name="id2616353"></a>Library References</h3></div></div></div>
+<a name="id2616284"></a>Library References</h3></div></div></div>
 <p>As of this writing, there is no formal "manual" of the
  libraries, except this document, header files (some of them
  provide pretty detailed explanations), and sample application
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -93,8 +93,8 @@
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dynamic_update">Dynamic Update</a></span></dt>
 <dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#journal">The journal file</a></span></dt></dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#incremental_zone_transfers">Incremental Zone Transfers (IXFR)</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569920">Split DNS</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2569938">Example split DNS setup</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2569988">Split DNS</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570006">Example split DNS setup</a></span></dt></dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#tsig">TSIG</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570439">Generate Shared Keys for Each Pair of Hosts</a></span></dt>
@@ -105,10 +105,10 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570734">Errors</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570748">TKEY</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570797">SIG(0)</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch04.html#id2570866">SIG(0)</a></span></dt>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#DNSSEC">DNSSEC</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2570934">Generating Keys</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571002">Generating Keys</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571218">Signing the Zone</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2571299">Configuring Servers</a></span></dt>
 </dl></dd>
@@ -116,32 +116,32 @@
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612846">Converting from insecure to secure</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612884">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563632">Fully automatic zone signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563742">Private-type records</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563780">DNSKEY rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563793">Dynamic DNS update method</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563962">Automatic key rollovers</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563989">NSEC3PARAM rollovers via UPDATE</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563998">Converting from NSEC to NSEC3</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564008">Converting from NSEC3 to NSEC</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564021">Converting from secure to insecure</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573752">Periodic re-signing</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573766">NSEC3 and OPTOUT</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563700">Fully automatic zone signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563811">Private-type records</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563848">DNSKEY rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2563861">Dynamic DNS update method</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564030">Automatic key rollovers</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564057">NSEC3PARAM rollovers via UPDATE</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564067">Converting from NSEC to NSEC3</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564076">Converting from NSEC3 to NSEC</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2564089">Converting from secure to insecure</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573684">Periodic re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573698">NSEC3 and OPTOUT</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#rfc5011.support">Dynamic Trust Anchor Management</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573789">Validating Resolver</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2573812">Authoritative Server</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612292">Validating Resolver</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612314">Authoritative Server</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#pkcs11">PKCS#11 (Cryptoki) support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667716">Prerequisites</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2667784">Prerequisites</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2612429">Native PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613258">OpenSSL-based PKCS#11</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640165">PKCS#11 Tools</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640201">Using the HSM</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640487">Specifying the engine on the command line</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640535">Running named with automatic zone re-signing</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2613122">OpenSSL-based PKCS#11</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640233">PKCS#11 Tools</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640269">Using the HSM</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640555">Specifying the engine on the command line</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch04.html#id2640603">Running named with automatic zone re-signing</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch04.html#dlz-info">DLZ (Dynamically Loadable Zones)</a></span></dt>
 <dd><dl>
@@ -185,9 +185,9 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577350"><span><strong class="command">lwres</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577447"><span><strong class="command">lwres</strong></span> Statement Definition and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577611"><span><strong class="command">masters</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577729"><span><strong class="command">masters</strong></span> Statement Definition and
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577660"><span><strong class="command">masters</strong></span> Statement Definition and
          Usage</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577750"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2577682"><span><strong class="command">options</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#options"><span><strong class="command">options</strong></span> Statement Definition and
          Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#server_statement_grammar"><span><strong class="command">server</strong></span> Statement Grammar</a></span></dt>
@@ -197,7 +197,7 @@
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2592974"><span><strong class="command">statistics-channels</strong></span> Statement Definition and
            Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#trusted-keys"><span><strong class="command">trusted-keys</strong></span> Statement Grammar</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593477"><span><strong class="command">trusted-keys</strong></span> Statement Definition
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593409"><span><strong class="command">trusted-keys</strong></span> Statement Definition
            and Usage</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2593530"><span><strong class="command">managed-keys</strong></span> Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#managed-keys"><span><strong class="command">managed-keys</strong></span> Statement Definition
@@ -208,14 +208,14 @@
            Statement Grammar</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2595777"><span><strong class="command">zone</strong></span> Statement Definition and Usage</a></span></dt>
 </dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599553">Zone File</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch06.html#id2599621">Zone File</a></span></dt>
 <dd><dl>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them">Types of Resource Records and When to Use Them</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2601783">Discussion of MX Records</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#Setting_TTLs">Setting TTLs</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602467">Inverse Mapping in IPv4</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602594">Other Zone File Directives</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602867"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602535">Inverse Mapping in IPv4</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602662">Other Zone File Directives</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch06.html#id2602935"><acronym class="acronym">BIND</acronym> Master File Extension: the  <span><strong class="command">$GENERATE</strong></span> Directive</a></span></dt>
 <dt><span class="sect2"><a href="Bv9ARM.ch06.html#zonefile_format">Additional File Formats</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch06.html#statistics">BIND9 Statistics</a></span></dt>
@@ -226,17 +226,17 @@
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#Access_Control_Lists">Access Control Lists</a></span></dt>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#id2607956"><span><strong class="command">Chroot</strong></span> and <span><strong class="command">Setuid</strong></span></a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608105">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608165">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608173">The <span><strong class="command">chroot</strong></span> Environment</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch07.html#id2608233">Using the <span><strong class="command">setuid</strong></span> Function</a></span></dt>
 </dl></dd>
 <dt><span class="sect1"><a href="Bv9ARM.ch07.html#dynamic_update_security">Dynamic Update Security</a></span></dt>
 </dl></dd>
 <dt><span class="chapter"><a href="Bv9ARM.ch08.html">8. Troubleshooting</a></span></dt>
 <dd><dl>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608245">Common Problems</a></span></dt>
-<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2608250">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608262">Incrementing and Changing the Serial Number</a></span></dt>
-<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608347">Where Can I Get Help?</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608313">Common Problems</a></span></dt>
+<dd><dl><dt><span class="sect2"><a href="Bv9ARM.ch08.html#id2608318">It's not working; how can I figure out what's wrong?</a></span></dt></dl></dd>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608330">Incrementing and Changing the Serial Number</a></span></dt>
+<dt><span class="sect1"><a href="Bv9ARM.ch08.html#id2608416">Where Can I Get Help?</a></span></dt>
 </dl></dd>
 <dt><span class="appendix"><a href="Bv9ARM.ch09.html">A. Release Notes</a></span></dt>
 <dd><dl>
@@ -268,13 +268,13 @@
 <dd><dl>
 <dt><span class="sect1"><a href="Bv9ARM.ch12.html#bind9.library">BIND 9 DNS Library Support</a></span></dt>
 <dd><dl>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615211">Prerequisite</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2615221">Compilation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614426">Installation</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614457">Known Defects/Restrictions</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614602">The dns.conf File</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614629">Sample Applications</a></span></dt>
-<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616353">Library References</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616167">Prerequisite</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616177">Compilation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613266">Installation</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2613297">Known Defects/Restrictions</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614670">The dns.conf File</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2614697">Sample Applications</a></span></dt>
+<dt><span class="sect2"><a href="Bv9ARM.ch12.html#id2616284">Library References</a></span></dt>
 </dl></dd>
 </dl></dd>
 <dt><span class="reference"><a href="Bv9ARM.ch13.html">I. Manual pages</a></span></dt>
--- a/doc/arm/man.arpaname.html
+++ b/doc/arm/man.arpaname.html
@@ -50,20 +50,20 @@
 <div class="cmdsynopsis"><p><code class="command">arpaname</code>  {<em class="replaceable"><code>ipaddress </code></em>...}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625448"></a><h2>DESCRIPTION</h2>
+<a name="id2625858"></a><h2>DESCRIPTION</h2>
 <p>
      <span><strong class="command">arpaname</strong></span> translates IP addresses (IPv4 and
      IPv6) to the corresponding IN-ADDR.ARPA or IP6.ARPA names.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625463"></a><h2>SEE ALSO</h2>
+<a name="id2625873"></a><h2>SEE ALSO</h2>
 <p>
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2667256"></a><h2>AUTHOR</h2>
+<a name="id2670055"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.ddns-confgen.html
+++ b/doc/arm/man.ddns-confgen.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">ddns-confgen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [ -s <em class="replaceable"><code>name</code></em>  |   -z <em class="replaceable"><code>zone</code></em> ]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2665860"></a><h2>DESCRIPTION</h2>
+<a name="id2665587"></a><h2>DESCRIPTION</h2>
 <p>
      <span><strong class="command">tsig-keygen</strong></span> and <span><strong class="command">ddns-confgen</strong></span>
      are invocation methods for a utility that generates keys for use
@@ -87,7 +87,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2665963"></a><h2>OPTIONS</h2>
+<a name="id2665690"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd><p>
@@ -159,7 +159,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2667136"></a><h2>SEE ALSO</h2>
+<a name="id2669934"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">nsupdate</span>(1)</span>,
      <span class="citerefentry"><span class="refentrytitle">named.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -167,7 +167,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2667174"></a><h2>AUTHOR</h2>
+<a name="id2669973"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.delv.html
+++ b/doc/arm/man.delv.html
@@ -53,7 +53,7 @@
 <div class="cmdsynopsis"><p><code class="command">delv</code>  [queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2618754"></a><h2>DESCRIPTION</h2>
+<a name="id2618481"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">delv</strong></span>
      (Domain Entity Lookup &amp; Validation) is a tool for sending
      DNS queries and validating the results, using the same internal
@@ -96,7 +96,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2619031"></a><h2>SIMPLE USAGE</h2>
+<a name="id2618826"></a><h2>SIMPLE USAGE</h2>
 <p>
      A typical invocation of <span><strong class="command">delv</strong></span> looks like:
      </p>
@@ -151,7 +151,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2619162"></a><h2>OPTIONS</h2>
+<a name="id2618957"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
 <dd>
@@ -285,7 +285,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670161"></a><h2>QUERY OPTIONS</h2>
+<a name="id2674803"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">delv</strong></span>
      provides a number of query options which affect the way results are
      displayed, and in some cases the way lookups are performed.
@@ -471,12 +471,12 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670759"></a><h2>FILES</h2>
+<a name="id2675401"></a><h2>FILES</h2>
 <p><code class="filename">/etc/bind.keys</code></p>
 <p><code class="filename">/etc/resolv.conf</code></p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670778"></a><h2>SEE ALSO</h2>
+<a name="id2675420"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <em class="citetitle">RFC4034</em>,
--- a/doc/arm/man.dig.html
+++ b/doc/arm/man.dig.html
@@ -52,7 +52,7 @@
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2616757"></a><h2>DESCRIPTION</h2>
+<a name="id2616689"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dig</strong></span>
      (domain information groper) is a flexible tool
      for interrogating DNS name servers.  It performs DNS lookups and
@@ -99,7 +99,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2616859"></a><h2>SIMPLE USAGE</h2>
+<a name="id2616791"></a><h2>SIMPLE USAGE</h2>
 <p>
      A typical invocation of <span><strong class="command">dig</strong></span> looks like:
      </p>
@@ -152,7 +152,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2617395"></a><h2>OPTIONS</h2>
+<a name="id2616917"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-4</span></dt>
 <dd><p>
@@ -280,7 +280,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2668154"></a><h2>QUERY OPTIONS</h2>
+<a name="id2668291"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">dig</strong></span>
      provides a number of query options which affect
      the way in which lookups are made and the results displayed.  Some of
@@ -735,7 +735,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2669648"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2669716"></a><h2>MULTIPLE QUERIES</h2>
 <p>
      The BIND 9 implementation of <span><strong class="command">dig </strong></span>
      supports
@@ -781,7 +781,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2669733"></a><h2>IDN SUPPORT</h2>
+<a name="id2669869"></a><h2>IDN SUPPORT</h2>
 <p>
      If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
      domain name) support, it can accept and display non-ASCII domain names.
@@ -795,14 +795,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2669762"></a><h2>FILES</h2>
+<a name="id2669898"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
    </p>
 <p><code class="filename">${HOME}/.digrc</code>
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2669783"></a><h2>SEE ALSO</h2>
+<a name="id2673674"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -810,7 +810,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2669820"></a><h2>BUGS</h2>
+<a name="id2673712"></a><h2>BUGS</h2>
 <p>
      There are probably too many query options.
    </p>
--- a/doc/arm/man.dnssec-checkds.html
+++ b/doc/arm/man.dnssec-checkds.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dig path</code></em></code>] [<code class="option">-D <em class="replaceable"><code>dsfromkey path</code></em></code>] {zone}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620185"></a><h2>DESCRIPTION</h2>
+<a name="id2619980"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-checkds</strong></span>
      verifies the correctness of Delegation Signer (DS) or DNSSEC
      Lookaside Validation (DLV) resource records for keys in a specified
@@ -59,7 +59,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620199"></a><h2>OPTIONS</h2>
+<a name="id2619994"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
 <dd><p>
@@ -88,14 +88,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620301"></a><h2>SEE ALSO</h2>
+<a name="id2620097"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620336"></a><h2>AUTHOR</h2>
+<a name="id2620131"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-coverage.html
+++ b/doc/arm/man.dnssec-coverage.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-coverage</code>  [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>length</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>DNSKEY TTL</code></em></code>] [<code class="option">-m <em class="replaceable"><code>max TTL</code></em></code>] [<code class="option">-r <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-c <em class="replaceable"><code>compilezone path</code></em></code>] [<code class="option">-k</code>] [<code class="option">-z</code>] [zone]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620547"></a><h2>DESCRIPTION</h2>
+<a name="id2620274"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-coverage</strong></span>
      verifies that the DNSSEC keys for a given zone or a set of zones
      have timing metadata set properly to ensure no future lapses in DNSSEC
@@ -78,7 +78,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2620573"></a><h2>OPTIONS</h2>
+<a name="id2620300"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
@@ -192,7 +192,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621361"></a><h2>SEE ALSO</h2>
+<a name="id2620678"></a><h2>SEE ALSO</h2>
 <p>
      <span class="citerefentry"><span class="refentrytitle">dnssec-checkds</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-dsfromkey</span>(8)</span>,
@@ -201,7 +201,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621404"></a><h2>AUTHOR</h2>
+<a name="id2621131"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-dsfromkey.html
+++ b/doc/arm/man.dnssec-dsfromkey.html
@@ -52,14 +52,14 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-h</code>] [<code class="option">-V</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621900"></a><h2>DESCRIPTION</h2>
+<a name="id2621627"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-dsfromkey</strong></span>
      outputs the Delegation Signer (DS) resource record (RR), as defined in
      RFC 3658 and RFC 4509, for the given key(s).
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621914"></a><h2>OPTIONS</h2>
+<a name="id2621641"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-1</span></dt>
 <dd><p>
@@ -150,7 +150,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622394"></a><h2>EXAMPLE</h2>
+<a name="id2622189"></a><h2>EXAMPLE</h2>
 <p>
      To build the SHA-256 DS RR from the
      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -165,7 +165,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622430"></a><h2>FILES</h2>
+<a name="id2622226"></a><h2>FILES</h2>
 <p>
      The keyfile can be designed by the key identification
      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -179,13 +179,13 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623564"></a><h2>CAVEAT</h2>
+<a name="id2623291"></a><h2>CAVEAT</h2>
 <p>
      A keyfile error can give a "file not found" even if the file exists.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623574"></a><h2>SEE ALSO</h2>
+<a name="id2623301"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -195,7 +195,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623613"></a><h2>AUTHOR</h2>
+<a name="id2623340"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-importkey.html
+++ b/doc/arm/man.dnssec-importkey.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code>  {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622661"></a><h2>DESCRIPTION</h2>
+<a name="id2622524"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-importkey</strong></span>
      reads a public DNSKEY record and generates a pair of
      .key/.private files.  The DNSKEY record may be read from an
@@ -71,7 +71,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622689"></a><h2>OPTIONS</h2>
+<a name="id2622552"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
 <dd>
@@ -114,7 +114,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622894"></a><h2>TIMING OPTIONS</h2>
+<a name="id2622826"></a><h2>TIMING OPTIONS</h2>
 <p>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
      If the argument begins with a '+' or '-', it is interpreted as
@@ -142,7 +142,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622941"></a><h2>FILES</h2>
+<a name="id2622873"></a><h2>FILES</h2>
 <p>
      A keyfile can be designed by the key identification
      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -151,7 +151,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2622967"></a><h2>SEE ALSO</h2>
+<a name="id2622899"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -159,7 +159,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623000"></a><h2>AUTHOR</h2>
+<a name="id2622932"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-keyfromlabel.html
+++ b/doc/arm/man.dnssec-keyfromlabel.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623332"></a><h2>DESCRIPTION</h2>
+<a name="id2623537"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keyfromlabel</strong></span>
      generates a key pair of files that referencing a key object stored
      in a cryptographic hardware service module (HSM).  The private key
@@ -66,7 +66,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2623767"></a><h2>OPTIONS</h2>
+<a name="id2623562"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
@@ -243,7 +243,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676528"></a><h2>TIMING OPTIONS</h2>
+<a name="id2675640"></a><h2>TIMING OPTIONS</h2>
 <p>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
      If the argument begins with a '+' or '-', it is interpreted as
@@ -315,7 +315,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676649"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2675762"></a><h2>GENERATED KEY FILES</h2>
 <p>
      When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
      successfully,
@@ -354,7 +354,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676948"></a><h2>SEE ALSO</h2>
+<a name="id2675992"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -363,7 +363,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2676985"></a><h2>AUTHOR</h2>
+<a name="id2676029"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-keygen.html
+++ b/doc/arm/man.dnssec-keygen.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-z</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2624997"></a><h2>DESCRIPTION</h2>
+<a name="id2624792"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
      and RFC 4034.  It can also generate keys for use with
@@ -64,7 +64,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625017"></a><h2>OPTIONS</h2>
+<a name="id2624812"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
@@ -287,7 +287,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677516"></a><h2>TIMING OPTIONS</h2>
+<a name="id2676492"></a><h2>TIMING OPTIONS</h2>
 <p>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
      If the argument begins with a '+' or '-', it is interpreted as
@@ -361,7 +361,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677638"></a><h2>GENERATED KEYS</h2>
+<a name="id2676682"></a><h2>GENERATED KEYS</h2>
 <p>
      When <span><strong class="command">dnssec-keygen</strong></span> completes
      successfully,
@@ -407,7 +407,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677814"></a><h2>EXAMPLE</h2>
+<a name="id2676790"></a><h2>EXAMPLE</h2>
 <p>
      To generate a 768-bit DSA key for the domain
      <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -428,7 +428,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677870"></a><h2>SEE ALSO</h2>
+<a name="id2676846"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 2539</em>,
@@ -437,7 +437,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2677901"></a><h2>AUTHOR</h2>
+<a name="id2676877"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-revoke.html
+++ b/doc/arm/man.dnssec-revoke.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2633301"></a><h2>DESCRIPTION</h2>
+<a name="id2625382"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-revoke</strong></span>
      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
      in RFC 5011, and creates a new pair of key files containing the
@@ -58,7 +58,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2633315"></a><h2>OPTIONS</h2>
+<a name="id2625396"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -109,14 +109,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2633452"></a><h2>SEE ALSO</h2>
+<a name="id2625533"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 5011</em>.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2638051"></a><h2>AUTHOR</h2>
+<a name="id2626992"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-settime.html
+++ b/doc/arm/man.dnssec-settime.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-settime</code>  [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-V</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2639330"></a><h2>DESCRIPTION</h2>
+<a name="id2627588"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-settime</strong></span>
      reads a DNSSEC private key file and sets the key timing metadata
      as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -76,7 +76,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2639388"></a><h2>OPTIONS</h2>
+<a name="id2627646"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-f</span></dt>
 <dd><p>
@@ -133,7 +133,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2639528"></a><h2>TIMING OPTIONS</h2>
+<a name="id2638094"></a><h2>TIMING OPTIONS</h2>
 <p>
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
      If the argument begins with a '+' or '-', it is interpreted as
@@ -212,7 +212,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2643763"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2643421"></a><h2>PRINTING OPTIONS</h2>
 <p>
      <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
      timing metadata associated with a key.
@@ -238,7 +238,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2645072"></a><h2>SEE ALSO</h2>
+<a name="id2645754"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -246,7 +246,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2645105"></a><h2>AUTHOR</h2>
+<a name="id2645787"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-signzone.html
+++ b/doc/arm/man.dnssec-signzone.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-M <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-Q</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2645171"></a><h2>DESCRIPTION</h2>
+<a name="id2646126"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-signzone</strong></span>
      signs a zone.  It generates
      NSEC and RRSIG records and produces a signed version of the
@@ -61,7 +61,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2645190"></a><h2>OPTIONS</h2>
+<a name="id2646146"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -512,7 +512,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2679298"></a><h2>EXAMPLE</h2>
+<a name="id2678342"></a><h2>EXAMPLE</h2>
 <p>
      The following command signs the <strong class="userinput"><code>example.com</code></strong>
      zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -542,14 +542,14 @@ db.example.com.signed
 %</pre>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2679377"></a><h2>SEE ALSO</h2>
+<a name="id2678421"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 4033</em>, <em class="citetitle">RFC 4641</em>.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2679404"></a><h2>AUTHOR</h2>
+<a name="id2678449"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.dnssec-verify.html
+++ b/doc/arm/man.dnssec-verify.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-verify</code>  [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-x</code>] [<code class="option">-z</code>] {zonefile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2645467"></a><h2>DESCRIPTION</h2>
+<a name="id2646628"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-verify</strong></span>
      verifies that a zone is fully signed for each algorithm found
      in the DNSKEY RRset for the zone, and that the NSEC / NSEC3
@@ -58,7 +58,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2645481"></a><h2>OPTIONS</h2>
+<a name="id2646642"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
 <dd><p>
@@ -138,7 +138,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646006"></a><h2>SEE ALSO</h2>
+<a name="id2646825"></a><h2>SEE ALSO</h2>
 <p>
      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -146,7 +146,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646032"></a><h2>AUTHOR</h2>
+<a name="id2646987"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.genrandom.html
+++ b/doc/arm/man.genrandom.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">genrandom</code>  [<code class="option">-n <em class="replaceable"><code>number</code></em></code>] {<em class="replaceable"><code>size</code></em>} {<em class="replaceable"><code>filename</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625506"></a><h2>DESCRIPTION</h2>
+<a name="id2626120"></a><h2>DESCRIPTION</h2>
 <p>
      <span><strong class="command">genrandom</strong></span>
      generates a file or a set of files containing a specified quantity
@@ -59,7 +59,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625521"></a><h2>ARGUMENTS</h2>
+<a name="id2626135"></a><h2>ARGUMENTS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-n <em class="replaceable"><code>number</code></em></span></dt>
 <dd><p>
@@ -77,14 +77,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670910"></a><h2>SEE ALSO</h2>
+<a name="id2670501"></a><h2>SEE ALSO</h2>
 <p>
      <span class="citerefentry"><span class="refentrytitle">rand</span>(3)</span>,
      <span class="citerefentry"><span class="refentrytitle">arc4random</span>(3)</span>
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2670937"></a><h2>AUTHOR</h2>
+<a name="id2670528"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.host.html
+++ b/doc/arm/man.host.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-v</code>] [<code class="option">-V</code>] {name} [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2617845"></a><h2>DESCRIPTION</h2>
+<a name="id2617572"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">host</strong></span>
      is a simple utility for performing DNS lookups.
      It is normally used to convert names to IP addresses and vice versa.
@@ -214,7 +214,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2618408"></a><h2>IDN SUPPORT</h2>
+<a name="id2618203"></a><h2>IDN SUPPORT</h2>
 <p>
      If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
      domain name) support, it can accept and display non-ASCII domain names. 
--- a/doc/arm/man.isc-hmac-fixup.html
+++ b/doc/arm/man.isc-hmac-fixup.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">isc-hmac-fixup</code>  {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>secret</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2625801"></a><h2>DESCRIPTION</h2>
+<a name="id2626347"></a><h2>DESCRIPTION</h2>
 <p>
      Versions of BIND 9 up to and including BIND 9.6 had a bug causing
      HMAC-SHA* TSIG keys which were longer than the digest length of the
@@ -76,7 +76,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671090"></a><h2>SECURITY CONSIDERATIONS</h2>
+<a name="id2670680"></a><h2>SECURITY CONSIDERATIONS</h2>
 <p>
      Secrets that have been converted by <span><strong class="command">isc-hmac-fixup</strong></span>
      are shortened, but as this is how the HMAC protocol works in
@@ -87,14 +87,14 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671106"></a><h2>SEE ALSO</h2>
+<a name="id2670696"></a><h2>SEE ALSO</h2>
 <p>
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 2104</em>.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671123"></a><h2>AUTHOR</h2>
+<a name="id2670713"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.named-checkconf.html
+++ b/doc/arm/man.named-checkconf.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-p</code>] [<code class="option">-x</code>] [<code class="option">-z</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646142"></a><h2>DESCRIPTION</h2>
+<a name="id2647098"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
      checks the syntax, but not the semantics, of a
      <span><strong class="command">named</strong></span> configuration file.  The file is parsed
@@ -70,7 +70,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646213"></a><h2>OPTIONS</h2>
+<a name="id2647169"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -119,21 +119,21 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646510"></a><h2>RETURN VALUES</h2>
+<a name="id2647739"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
      returns an exit status of 1 if
      errors were detected and 0 otherwise.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646524"></a><h2>SEE ALSO</h2>
+<a name="id2647753"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2646554"></a><h2>AUTHOR</h2>
+<a name="id2647783"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.named-checkzone.html
+++ b/doc/arm/man.named-checkzone.html
@@ -51,7 +51,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2682791"></a><h2>DESCRIPTION</h2>
+<a name="id2687774"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
      checks the syntax and integrity of a zone file.  It performs the
      same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -71,7 +71,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2682841"></a><h2>OPTIONS</h2>
+<a name="id2687825"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -305,14 +305,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2683816"></a><h2>RETURN VALUES</h2>
+<a name="id2688800"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
      returns an exit status of 1 if
      errors were detected and 0 otherwise.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2683830"></a><h2>SEE ALSO</h2>
+<a name="id2688813"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
      <em class="citetitle">RFC 1035</em>,
@@ -320,7 +320,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2683931"></a><h2>AUTHOR</h2>
+<a name="id2688846"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.named-journalprint.html
+++ b/doc/arm/man.named-journalprint.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-journalprint</code>  {<em class="replaceable"><code>journal</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621452"></a><h2>DESCRIPTION</h2>
+<a name="id2621930"></a><h2>DESCRIPTION</h2>
 <p>
      <span><strong class="command">named-journalprint</strong></span>
      prints the contents of a zone journal file in a human-readable
@@ -76,7 +76,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2621498"></a><h2>SEE ALSO</h2>
+<a name="id2621976"></a><h2>SEE ALSO</h2>
 <p>
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">nsupdate</span>(8)</span>,
@@ -84,7 +84,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2656345"></a><h2>AUTHOR</h2>
+<a name="id2657233"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.named-rrchecker.html
+++ b/doc/arm/man.named-rrchecker.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-rrchecker</code>  [<code class="option">-h</code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-p</code>] [<code class="option">-u</code>] [<code class="option">-C</code>] [<code class="option">-T</code>] [<code class="option">-P</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2656408"></a><h2>DESCRIPTION</h2>
+<a name="id2657296"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-rrchecker</strong></span>
     read a individual DNS resource record from standard input and checks if it
     is syntactically correct.
@@ -78,7 +78,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2656465"></a><h2>SEE ALSO</h2>
+<a name="id2657352"></a><h2>SEE ALSO</h2>
 <p>
      <em class="citetitle">RFC 1034</em>,
      <em class="citetitle">RFC 1035</em>,
--- a/doc/arm/man.named.html
+++ b/doc/arm/man.named.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">named</code>  [<code class="option">-4</code>] [<code class="option">-6</code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-D <em class="replaceable"><code>string</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine-name</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-L <em class="replaceable"><code>logfile</code></em></code>] [<code class="option">-M <em class="replaceable"><code>option</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-S <em class="replaceable"><code>#max-socks</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-U <em class="replaceable"><code>#listeners</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-V</code>] [<code class="option">-X <em class="replaceable"><code>lock-file</code></em></code>] [<code class="option">-x <em class="replaceable"><code>cache-file</code></em></code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2655689"></a><h2>DESCRIPTION</h2>
+<a name="id2656645"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named</strong></span>
      is a Domain Name System (DNS) server,
      part of the BIND 9 distribution from ISC.  For more
@@ -65,7 +65,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2655720"></a><h2>OPTIONS</h2>
+<a name="id2656676"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-4</span></dt>
 <dd><p>
@@ -299,7 +299,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2686797"></a><h2>SIGNALS</h2>
+<a name="id2689392"></a><h2>SIGNALS</h2>
 <p>
      In routine operation, signals should not be used to control
      the nameserver; <span><strong class="command">rndc</strong></span> should be used
@@ -320,7 +320,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2686848"></a><h2>CONFIGURATION</h2>
+<a name="id2689442"></a><h2>CONFIGURATION</h2>
 <p>
      The <span><strong class="command">named</strong></span> configuration file is too complex
      to describe in detail here.  A complete description is provided
@@ -337,7 +337,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2686897"></a><h2>FILES</h2>
+<a name="id2689491"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="filename">/etc/named.conf</code></span></dt>
 <dd><p>
@@ -350,7 +350,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2686940"></a><h2>SEE ALSO</h2>
+<a name="id2689534"></a><h2>SEE ALSO</h2>
 <p><em class="citetitle">RFC 1033</em>,
      <em class="citetitle">RFC 1034</em>,
      <em class="citetitle">RFC 1035</em>,
@@ -363,7 +363,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2687011"></a><h2>AUTHOR</h2>
+<a name="id2689605"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.nsec3hash.html
+++ b/doc/arm/man.nsec3hash.html
@@ -48,7 +48,7 @@
 <div class="cmdsynopsis"><p><code class="command">nsec3hash</code>  {<em class="replaceable"><code>salt</code></em>} {<em class="replaceable"><code>algorithm</code></em>} {<em class="replaceable"><code>iterations</code></em>} {<em class="replaceable"><code>domain</code></em>}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671372"></a><h2>DESCRIPTION</h2>
+<a name="id2671031"></a><h2>DESCRIPTION</h2>
 <p>
      <span><strong class="command">nsec3hash</strong></span> generates an NSEC3 hash based on
      a set of NSEC3 parameters.  This can be used to check the validity
@@ -56,7 +56,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671387"></a><h2>ARGUMENTS</h2>
+<a name="id2671046"></a><h2>ARGUMENTS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">salt</span></dt>
 <dd><p>
@@ -80,14 +80,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671449"></a><h2>SEE ALSO</h2>
+<a name="id2671108"></a><h2>SEE ALSO</h2>
 <p>
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
      <em class="citetitle">RFC 5155</em>.
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2671466"></a><h2>AUTHOR</h2>
+<a name="id2671125"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [<code class="option">-L <em class="replaceable"><code>level</code></em></code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-l</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [<code class="option">-T</code>] [<code class="option">-P</code>] [<code class="option">-V</code>] [filename]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2656711"></a><h2>DESCRIPTION</h2>
+<a name="id2657872"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">nsupdate</strong></span>
      is used to submit Dynamic DNS Update requests as defined in RFC 2136
      to a name server.
@@ -108,7 +108,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2656800"></a><h2>OPTIONS</h2>
+<a name="id2657960"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -242,7 +242,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2689942"></a><h2>INPUT FORMAT</h2>
+<a name="id2689805"></a><h2>INPUT FORMAT</h2>
 <p><span><strong class="command">nsupdate</strong></span>
      reads input from
      <em class="parameter"><code>filename</code></em>
@@ -555,7 +555,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2691083"></a><h2>EXAMPLES</h2>
+<a name="id2690947"></a><h2>EXAMPLES</h2>
 <p>
      The examples below show how
      <span><strong class="command">nsupdate</strong></span>
@@ -609,7 +609,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2691133"></a><h2>FILES</h2>
+<a name="id2690997"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
 <dd><p>
@@ -632,7 +632,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2691356"></a><h2>SEE ALSO</h2>
+<a name="id2691083"></a><h2>SEE ALSO</h2>
 <p>
      <em class="citetitle">RFC 2136</em>,
      <em class="citetitle">RFC 3007</em>,
@@ -647,7 +647,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2691414"></a><h2>BUGS</h2>
+<a name="id2691209"></a><h2>BUGS</h2>
 <p>
      The TSIG key is redundantly stored in two separate files.
      This is a consequence of nsupdate using the DST library
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2664133"></a><h2>DESCRIPTION</h2>
+<a name="id2664611"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">rndc-confgen</strong></span>
      generates configuration files
      for <span><strong class="command">rndc</strong></span>.  It can be used as a
@@ -66,7 +66,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2664199"></a><h2>OPTIONS</h2>
+<a name="id2664677"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd>
@@ -180,7 +180,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2665217"></a><h2>EXAMPLES</h2>
+<a name="id2670337"></a><h2>EXAMPLES</h2>
 <p>
      To allow <span><strong class="command">rndc</strong></span> to be used with
      no manual configuration, run
@@ -197,7 +197,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2667526"></a><h2>SEE ALSO</h2>
+<a name="id2670393"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -205,7 +205,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2667564"></a><h2>AUTHOR</h2>
+<a name="id2670432"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2662572"></a><h2>DESCRIPTION</h2>
+<a name="id2624957"></a><h2>DESCRIPTION</h2>
 <p><code class="filename">rndc.conf</code> is the configuration file
      for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
      utility.  This file has a similar structure and syntax to
@@ -136,7 +136,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2662744"></a><h2>EXAMPLE</h2>
+<a name="id2663836"></a><h2>EXAMPLE</h2>
 <pre class="programlisting">
      options {
        default-server  localhost;
@@ -210,7 +210,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2663002"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2664026"></a><h2>NAME SERVER CONFIGURATION</h2>
 <p>
      The name server must be configured to accept rndc connections and
      to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -220,7 +220,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2663028"></a><h2>SEE ALSO</h2>
+<a name="id2664052"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@@ -228,7 +228,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2663066"></a><h2>AUTHOR</h2>
+<a name="id2664090"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-q</code>] [<code class="option">-r</code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2660714"></a><h2>DESCRIPTION</h2>
+<a name="id2662830"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">rndc</strong></span>
      controls the operation of a name
      server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -81,7 +81,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2660969"></a><h2>OPTIONS</h2>
+<a name="id2662949"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
 <dd><p>
@@ -158,7 +158,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2662314"></a><h2>COMMANDS</h2>
+<a name="id2663202"></a><h2>COMMANDS</h2>
 <p>
      A list of commands supported by <span><strong class="command">rndc</strong></span> can
      be seen by running <span><strong class="command">rndc</strong></span> without arguments.
@@ -744,7 +744,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2696330"></a><h2>LIMITATIONS</h2>
+<a name="id2693122"></a><h2>LIMITATIONS</h2>
 <p>
      There is currently no way to provide the shared secret for a
      <code class="option">key_id</code> without using the configuration file.
@@ -754,7 +754,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2696348"></a><h2>SEE ALSO</h2>
+<a name="id2693140"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
      <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -764,7 +764,7 @@
    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2696404"></a><h2>AUTHOR</h2>
+<a name="id2693195"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
    </p>
 </div>