diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index dacc5e0f47..eda5506b01 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -94,7 +94,7 @@ HREF="Bv9ARM.ch06.html#Configuration_File_Grammar"
 ></DT
 ><DT
 >6.3. <A
-HREF="Bv9ARM.ch06.html#AEN4021"
+HREF="Bv9ARM.ch06.html#AEN4032"
 >Zone File</A
 ></DT
 ></DL
@@ -3711,6 +3711,15 @@ CLASS="replaceable"
 >]
     [<SPAN
 CLASS="optional"
+> dnssec-must-be-secure <TT
+CLASS="replaceable"
+><I
+>domain yes_or_no</I
+></TT
+>; </SPAN
+>]
+    [<SPAN
+CLASS="optional"
 > forward ( <TT
 CLASS="replaceable"
 ><I
@@ -5033,6 +5042,38 @@ name and a DLV record is looked up.  If the DLV record validates
 a DNSKEY (similarly to the way a DS record does) the DNSKEY RRset is deemed to be trusted.
 </P
 ></DD
+><DT
+><B
+CLASS="command"
+>dnssec-must-be-secure</B
+></DT
+><DD
+><P
+>&#13;Specify heirachies which must / may not be secure (signed and validated).
+If <TT
+CLASS="userinput"
+><B
+>yes</B
+></TT
+> then named will only accept answers if they
+are secure.
+If <TT
+CLASS="userinput"
+><B
+>no</B
+></TT
+> then normal dnssec validation applies
+allowing for insecure answers to be accepted.
+The specified domain must be under a <B
+CLASS="command"
+>trusted-key</B
+> or
+<B
+CLASS="command"
+>dnssec-lookaside</B
+> must be active.
+</P
+></DD
 ></DL
 ></DIV
 ><DIV
@@ -5202,7 +5243,7 @@ processing.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN2403"
+NAME="AEN2414"
 ></A
 ><P
 ></P
@@ -6136,7 +6177,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN2683"
+NAME="AEN2694"
 >6.2.16.2. Forwarding</A
 ></H3
 ><P
@@ -6204,7 +6245,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN2702"
+NAME="AEN2713"
 >6.2.16.3. 6 to 4 Servers</A
 ></H3
 ><P
@@ -6426,7 +6467,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN2769"
+NAME="AEN2780"
 >6.2.16.5. Interfaces</A
 ></H3
 ><P
@@ -6505,7 +6546,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN2790"
+NAME="AEN2801"
 >6.2.16.6. Query Address</A
 ></H3
 ><P
@@ -6996,7 +7037,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN2952"
+NAME="AEN2963"
 >6.2.16.8. Bad UDP Port Lists</A
 ></H3
 ><P
@@ -7020,7 +7061,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN2957"
+NAME="AEN2968"
 >6.2.16.9. Operating System Resource Limits</A
 ></H3
 ><P
@@ -7140,7 +7181,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN2994"
+NAME="AEN3005"
 >6.2.16.10. Server  Resource Limits</A
 ></H3
 ><P
@@ -7263,7 +7304,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3035"
+NAME="AEN3046"
 >6.2.16.11. Periodic Task Intervals</A
 ></H3
 ><P
@@ -7634,7 +7675,7 @@ CLASS="command"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3123"
+NAME="AEN3134"
 ></A
 ><P
 ></P
@@ -8116,7 +8157,7 @@ number is identical to the number in the beginning line.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3267"
+NAME="AEN3278"
 ></A
 ><P
 ></P
@@ -8650,7 +8691,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3406"
+NAME="AEN3417"
 >6.2.19. <B
 CLASS="command"
 >trusted-keys</B
@@ -8725,7 +8766,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3422"
+NAME="AEN3433"
 >6.2.20. <B
 CLASS="command"
 >trusted-keys</B
@@ -8827,7 +8868,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3444"
+NAME="AEN3455"
 >6.2.22. <B
 CLASS="command"
 >view</B
@@ -9586,7 +9627,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN3619"
+NAME="AEN3630"
 >6.2.24. <B
 CLASS="command"
 >zone</B
@@ -9597,13 +9638,13 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3622"
+NAME="AEN3633"
 >6.2.24.1. Zone Types</A
 ></H3
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3624"
+NAME="AEN3635"
 ></A
 ><P
 ></P
@@ -9873,7 +9914,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3687"
+NAME="AEN3698"
 >6.2.24.2. Class</A
 ></H3
 ><P
@@ -9911,7 +9952,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN3697"
+NAME="AEN3708"
 >6.2.24.3. Zone Options</A
 ></H3
 ><P
@@ -10669,7 +10710,7 @@ CLASS="varname"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN3980"
+NAME="AEN3991"
 ></A
 ><P
 ></P
@@ -10836,7 +10877,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4021"
+NAME="AEN4032"
 >6.3. Zone File</A
 ></H1
 ><DIV
@@ -10857,7 +10898,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN4026"
+NAME="AEN4037"
 >6.3.1.1. Resource Records</A
 ></H3
 ><P
@@ -10880,7 +10921,7 @@ HREF="Bv9ARM.ch06.html#rrset_ordering"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4032"
+NAME="AEN4043"
 ></A
 ><P
 ></P
@@ -10991,7 +11032,7 @@ CLASS="emphasis"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4064"
+NAME="AEN4075"
 ></A
 ><P
 ></P
@@ -11516,7 +11557,7 @@ are currently valid in the DNS:</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4216"
+NAME="AEN4227"
 ></A
 ><P
 ></P
@@ -11618,7 +11659,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN4240"
+NAME="AEN4251"
 >6.3.1.2. Textual expression of RRs</A
 ></H3
 ><P
@@ -11648,7 +11689,7 @@ knowledge of the typical representation for the data.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4247"
+NAME="AEN4258"
 ></A
 ><P
 ></P
@@ -11857,7 +11898,7 @@ domain names.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4313"
+NAME="AEN4324"
 ></A
 ><P
 ></P
@@ -11948,7 +11989,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4341"
+NAME="AEN4352"
 >6.3.2. Discussion of MX Records</A
 ></H2
 ><P
@@ -11984,7 +12025,7 @@ pointed to by the CNAME.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4347"
+NAME="AEN4358"
 ></A
 ><P
 ></P
@@ -12280,7 +12321,7 @@ used in a zone file.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4439"
+NAME="AEN4450"
 ></A
 ><P
 ></P
@@ -12363,7 +12404,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4462"
+NAME="AEN4473"
 >6.3.4. Inverse Mapping in IPv4</A
 ></H2
 ><P
@@ -12390,7 +12431,7 @@ CLASS="optional"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4467"
+NAME="AEN4478"
 ></A
 ><P
 ></P
@@ -12470,7 +12511,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4489"
+NAME="AEN4500"
 >6.3.5. Other Zone File Directives</A
 ></H2
 ><P
@@ -12495,7 +12536,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN4496"
+NAME="AEN4507"
 >6.3.5.1. The <B
 CLASS="command"
 >$ORIGIN</B
@@ -12565,7 +12606,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN4516"
+NAME="AEN4527"
 >6.3.5.2. The <B
 CLASS="command"
 >$INCLUDE</B
@@ -12647,7 +12688,7 @@ CLASS="sect3"
 ><H3
 CLASS="sect3"
 ><A
-NAME="AEN4536"
+NAME="AEN4547"
 >6.3.5.3. The <B
 CLASS="command"
 >$TTL</B
@@ -12687,7 +12728,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4547"
+NAME="AEN4558"
 >6.3.6. <SPAN
 CLASS="acronym"
 >BIND</SPAN
@@ -12782,7 +12823,7 @@ CLASS="literal"
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4571"
+NAME="AEN4582"
 ></A
 ><P
 ></P
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 36a3108aaf..174320e31a 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -89,7 +89,7 @@ HREF="Bv9ARM.ch07.html#Access_Control_Lists"
 ></DT
 ><DT
 >7.2. <A
-HREF="Bv9ARM.ch07.html#AEN4664"
+HREF="Bv9ARM.ch07.html#AEN4675"
 ><B
 CLASS="command"
 >chroot</B
@@ -197,7 +197,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4664"
+NAME="AEN4675"
 >7.2. <B
 CLASS="command"
 >chroot</B
@@ -279,7 +279,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4687"
+NAME="AEN4698"
 >7.2.1. The <B
 CLASS="command"
 >chroot</B
@@ -355,7 +355,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4705"
+NAME="AEN4716"
 >7.2.2. Using the <B
 CLASS="command"
 >setuid</B
diff --git a/doc/arm/Bv9ARM.ch08.html b/doc/arm/Bv9ARM.ch08.html
index 71573a90d3..ebbf5f78d1 100644
--- a/doc/arm/Bv9ARM.ch08.html
+++ b/doc/arm/Bv9ARM.ch08.html
@@ -81,17 +81,17 @@ CLASS="TOC"
 ></DT
 ><DT
 >8.1. <A
-HREF="Bv9ARM.ch08.html#AEN4726"
+HREF="Bv9ARM.ch08.html#AEN4737"
 >Common Problems</A
 ></DT
 ><DT
 >8.2. <A
-HREF="Bv9ARM.ch08.html#AEN4731"
+HREF="Bv9ARM.ch08.html#AEN4742"
 >Incrementing and Changing the Serial Number</A
 ></DT
 ><DT
 >8.3. <A
-HREF="Bv9ARM.ch08.html#AEN4736"
+HREF="Bv9ARM.ch08.html#AEN4747"
 >Where Can I Get Help?</A
 ></DT
 ></DL
@@ -101,7 +101,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4726"
+NAME="AEN4737"
 >8.1. Common Problems</A
 ></H1
 ><DIV
@@ -109,7 +109,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4728"
+NAME="AEN4739"
 >8.1.1. It's not working; how can I figure out what's wrong?</A
 ></H2
 ><P
@@ -125,7 +125,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4731"
+NAME="AEN4742"
 >8.2. Incrementing and Changing the Serial Number</A
 ></H1
 ><P
@@ -154,7 +154,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4736"
+NAME="AEN4747"
 >8.3. Where Can I Get Help?</A
 ></H1
 ><P
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index b1a40e8456..efe9e0b45a 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -74,7 +74,7 @@ CLASS="TOC"
 ></DT
 ><DT
 >A.1. <A
-HREF="Bv9ARM.ch09.html#AEN4752"
+HREF="Bv9ARM.ch09.html#AEN4763"
 >Acknowledgments</A
 ></DT
 ><DT
@@ -97,7 +97,7 @@ CLASS="sect1"
 ><H1
 CLASS="sect1"
 ><A
-NAME="AEN4752"
+NAME="AEN4763"
 >A.1. Acknowledgments</A
 ></H1
 ><DIV
@@ -105,7 +105,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN4754"
+NAME="AEN4765"
 >A.1.1. A Brief History of the <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -269,7 +269,7 @@ Unicast address scheme. For more information, see RFC 2374.</P
 ><DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4790"
+NAME="AEN4801"
 ></A
 ><P
 ></P
@@ -488,7 +488,7 @@ VALIGN="MIDDLE"
 <DIV
 CLASS="informaltable"
 ><A
-NAME="AEN4859"
+NAME="AEN4870"
 ></A
 ><P
 ></P
@@ -746,19 +746,19 @@ TARGET="_top"
 </P
 ><H3
 ><A
-NAME="AEN4927"
+NAME="AEN4938"
 >Bibliography</A
 ></H3
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN4928"
+NAME="AEN4939"
 >Standards</A
 ></H2
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4930"
+NAME="AEN4941"
 ></A
 ><P
 >[RFC974]&nbsp;<SPAN
@@ -775,7 +775,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4937"
+NAME="AEN4948"
 ></A
 ><P
 >[RFC1034]&nbsp;<SPAN
@@ -792,7 +792,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4944"
+NAME="AEN4955"
 ></A
 ><P
 >[RFC1035]&nbsp;<SPAN
@@ -816,7 +816,7 @@ NAME="proposed_standards"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4953"
+NAME="AEN4964"
 ></A
 ><P
 >[RFC2181]&nbsp;<SPAN
@@ -836,7 +836,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4961"
+NAME="AEN4972"
 ></A
 ><P
 >[RFC2308]&nbsp;<SPAN
@@ -856,7 +856,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4969"
+NAME="AEN4980"
 ></A
 ><P
 >[RFC1995]&nbsp;<SPAN
@@ -876,7 +876,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4977"
+NAME="AEN4988"
 ></A
 ><P
 >[RFC1996]&nbsp;<SPAN
@@ -893,7 +893,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN4984"
+NAME="AEN4995"
 ></A
 ><P
 >[RFC2136]&nbsp;<SPAN
@@ -919,7 +919,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5001"
+NAME="AEN5012"
 ></A
 ><P
 >[RFC2845]&nbsp;<SPAN
@@ -948,13 +948,13 @@ STYLE="margin-left=0.5in"
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN5020"
+NAME="AEN5031"
 >Proposed Standards Still Under Development</A
 ></H2
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5025"
+NAME="AEN5036"
 ></A
 ><P
 >[RFC1886]&nbsp;<SPAN
@@ -977,7 +977,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5037"
+NAME="AEN5048"
 ></A
 ><P
 >[RFC2065]&nbsp;<SPAN
@@ -997,7 +997,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5049"
+NAME="AEN5060"
 ></A
 ><P
 >[RFC2137]&nbsp;<SPAN
@@ -1014,7 +1014,7 @@ STYLE="margin-left=0.5in"
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN5057"
+NAME="AEN5068"
 >Other Important RFCs About <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1023,7 +1023,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5060"
+NAME="AEN5071"
 ></A
 ><P
 >[RFC1535]&nbsp;<SPAN
@@ -1043,7 +1043,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5068"
+NAME="AEN5079"
 ></A
 ><P
 >[RFC1536]&nbsp;<SPAN
@@ -1075,7 +1075,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5089"
+NAME="AEN5100"
 ></A
 ><P
 >[RFC1982]&nbsp;<SPAN
@@ -1095,13 +1095,13 @@ STYLE="margin-left=0.5in"
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN5100"
+NAME="AEN5111"
 >Resource Record Types</A
 ></H2
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5102"
+NAME="AEN5113"
 ></A
 ><P
 >[RFC1183]&nbsp;<SPAN
@@ -1130,7 +1130,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5120"
+NAME="AEN5131"
 ></A
 ><P
 >[RFC1706]&nbsp;<SPAN
@@ -1153,7 +1153,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5132"
+NAME="AEN5143"
 ></A
 ><P
 >[RFC2168]&nbsp;<SPAN
@@ -1174,7 +1174,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5143"
+NAME="AEN5154"
 ></A
 ><P
 >[RFC1876]&nbsp;<SPAN
@@ -1201,7 +1201,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5160"
+NAME="AEN5171"
 ></A
 ><P
 >[RFC2052]&nbsp;<SPAN
@@ -1225,7 +1225,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5172"
+NAME="AEN5183"
 ></A
 ><P
 >[RFC2163]&nbsp;<SPAN
@@ -1246,7 +1246,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5180"
+NAME="AEN5191"
 ></A
 ><P
 >[RFC2230]&nbsp;<SPAN
@@ -1266,7 +1266,7 @@ STYLE="margin-left=0.5in"
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN5188"
+NAME="AEN5199"
 ><SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1275,7 +1275,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5191"
+NAME="AEN5202"
 ></A
 ><P
 >[RFC1101]&nbsp;<SPAN
@@ -1295,7 +1295,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5199"
+NAME="AEN5210"
 ></A
 ><P
 >[RFC1123]&nbsp;<SPAN
@@ -1312,7 +1312,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5206"
+NAME="AEN5217"
 ></A
 ><P
 >[RFC1591]&nbsp;<SPAN
@@ -1329,7 +1329,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5213"
+NAME="AEN5224"
 ></A
 ><P
 >[RFC2317]&nbsp;<SPAN
@@ -1352,7 +1352,7 @@ STYLE="margin-left=0.5in"
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN5227"
+NAME="AEN5238"
 ><SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1361,7 +1361,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5230"
+NAME="AEN5241"
 ></A
 ><P
 >[RFC1537]&nbsp;<SPAN
@@ -1381,7 +1381,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5238"
+NAME="AEN5249"
 ></A
 ><P
 >[RFC1912]&nbsp;<SPAN
@@ -1401,7 +1401,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5246"
+NAME="AEN5257"
 ></A
 ><P
 >[RFC2010]&nbsp;<SPAN
@@ -1421,7 +1421,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5257"
+NAME="AEN5268"
 ></A
 ><P
 >[RFC2219]&nbsp;<SPAN
@@ -1444,7 +1444,7 @@ STYLE="margin-left=0.5in"
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN5269"
+NAME="AEN5280"
 >Other <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -1453,7 +1453,7 @@ CLASS="acronym"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5275"
+NAME="AEN5286"
 ></A
 ><P
 >[RFC1464]&nbsp;<SPAN
@@ -1470,7 +1470,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5282"
+NAME="AEN5293"
 ></A
 ><P
 >[RFC1713]&nbsp;<SPAN
@@ -1490,7 +1490,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5290"
+NAME="AEN5301"
 ></A
 ><P
 >[RFC1794]&nbsp;<SPAN
@@ -1510,7 +1510,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5298"
+NAME="AEN5309"
 ></A
 ><P
 >[RFC2240]&nbsp;<SPAN
@@ -1527,7 +1527,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5305"
+NAME="AEN5316"
 ></A
 ><P
 >[RFC2345]&nbsp;<SPAN
@@ -1550,7 +1550,7 @@ STYLE="margin-left=0.5in"
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5319"
+NAME="AEN5330"
 ></A
 ><P
 >[RFC2352]&nbsp;<SPAN
@@ -1567,13 +1567,13 @@ STYLE="margin-left=0.5in"
 ><H2
 CLASS="bibliodiv"
 ><A
-NAME="AEN5326"
+NAME="AEN5337"
 >Obsolete and Unimplemented Experimental RRs</A
 ></H2
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5328"
+NAME="AEN5339"
 ></A
 ><P
 >[RFC1712]&nbsp;<SPAN
@@ -1624,7 +1624,7 @@ CLASS="sect2"
 ><H2
 CLASS="sect2"
 ><A
-NAME="AEN5349"
+NAME="AEN5360"
 >A.3.3. Other Documents About <SPAN
 CLASS="acronym"
 >BIND</SPAN
@@ -1634,13 +1634,13 @@ CLASS="acronym"
 ></P
 ><H3
 ><A
-NAME="AEN5353"
+NAME="AEN5364"
 >Bibliography</A
 ></H3
 ><DIV
 CLASS="biblioentry"
 ><A
-NAME="AEN5354"
+NAME="AEN5365"
 ></A
 ><P
 ><SPAN
diff --git a/doc/arm/Bv9ARM.html b/doc/arm/Bv9ARM.html
index f75c737bd3..20480a76cd 100644
--- a/doc/arm/Bv9ARM.html
+++ b/doc/arm/Bv9ARM.html
@@ -546,7 +546,7 @@ CLASS="command"
 ></DT
 ><DT
 >6.2.19. <A
-HREF="Bv9ARM.ch06.html#AEN3406"
+HREF="Bv9ARM.ch06.html#AEN3417"
 ><B
 CLASS="command"
 >trusted-keys</B
@@ -554,7 +554,7 @@ CLASS="command"
 ></DT
 ><DT
 >6.2.20. <A
-HREF="Bv9ARM.ch06.html#AEN3422"
+HREF="Bv9ARM.ch06.html#AEN3433"
 ><B
 CLASS="command"
 >trusted-keys</B
@@ -571,7 +571,7 @@ CLASS="command"
 ></DT
 ><DT
 >6.2.22. <A
-HREF="Bv9ARM.ch06.html#AEN3444"
+HREF="Bv9ARM.ch06.html#AEN3455"
 ><B
 CLASS="command"
 >view</B
@@ -588,7 +588,7 @@ Statement Grammar</A
 ></DT
 ><DT
 >6.2.24. <A
-HREF="Bv9ARM.ch06.html#AEN3619"
+HREF="Bv9ARM.ch06.html#AEN3630"
 ><B
 CLASS="command"
 >zone</B
@@ -598,7 +598,7 @@ CLASS="command"
 ></DD
 ><DT
 >6.3. <A
-HREF="Bv9ARM.ch06.html#AEN4021"
+HREF="Bv9ARM.ch06.html#AEN4032"
 >Zone File</A
 ></DT
 ><DD
@@ -610,7 +610,7 @@ HREF="Bv9ARM.ch06.html#types_of_resource_records_and_when_to_use_them"
 ></DT
 ><DT
 >6.3.2. <A
-HREF="Bv9ARM.ch06.html#AEN4341"
+HREF="Bv9ARM.ch06.html#AEN4352"
 >Discussion of MX Records</A
 ></DT
 ><DT
@@ -620,17 +620,17 @@ HREF="Bv9ARM.ch06.html#Setting_TTLs"
 ></DT
 ><DT
 >6.3.4. <A
-HREF="Bv9ARM.ch06.html#AEN4462"
+HREF="Bv9ARM.ch06.html#AEN4473"
 >Inverse Mapping in IPv4</A
 ></DT
 ><DT
 >6.3.5. <A
-HREF="Bv9ARM.ch06.html#AEN4489"
+HREF="Bv9ARM.ch06.html#AEN4500"
 >Other Zone File Directives</A
 ></DT
 ><DT
 >6.3.6. <A
-HREF="Bv9ARM.ch06.html#AEN4547"
+HREF="Bv9ARM.ch06.html#AEN4558"
 ><SPAN
 CLASS="acronym"
 >BIND</SPAN
@@ -660,7 +660,7 @@ HREF="Bv9ARM.ch07.html#Access_Control_Lists"
 ></DT
 ><DT
 >7.2. <A
-HREF="Bv9ARM.ch07.html#AEN4664"
+HREF="Bv9ARM.ch07.html#AEN4675"
 ><B
 CLASS="command"
 >chroot</B
@@ -674,7 +674,7 @@ UNIX servers)</A
 ><DL
 ><DT
 >7.2.1. <A
-HREF="Bv9ARM.ch07.html#AEN4687"
+HREF="Bv9ARM.ch07.html#AEN4698"
 >The <B
 CLASS="command"
 >chroot</B
@@ -682,7 +682,7 @@ CLASS="command"
 ></DT
 ><DT
 >7.2.2. <A
-HREF="Bv9ARM.ch07.html#AEN4705"
+HREF="Bv9ARM.ch07.html#AEN4716"
 >Using the <B
 CLASS="command"
 >setuid</B
@@ -706,26 +706,26 @@ HREF="Bv9ARM.ch08.html"
 ><DL
 ><DT
 >8.1. <A
-HREF="Bv9ARM.ch08.html#AEN4726"
+HREF="Bv9ARM.ch08.html#AEN4737"
 >Common Problems</A
 ></DT
 ><DD
 ><DL
 ><DT
 >8.1.1. <A
-HREF="Bv9ARM.ch08.html#AEN4728"
+HREF="Bv9ARM.ch08.html#AEN4739"
 >It's not working; how can I figure out what's wrong?</A
 ></DT
 ></DL
 ></DD
 ><DT
 >8.2. <A
-HREF="Bv9ARM.ch08.html#AEN4731"
+HREF="Bv9ARM.ch08.html#AEN4742"
 >Incrementing and Changing the Serial Number</A
 ></DT
 ><DT
 >8.3. <A
-HREF="Bv9ARM.ch08.html#AEN4736"
+HREF="Bv9ARM.ch08.html#AEN4747"
 >Where Can I Get Help?</A
 ></DT
 ></DL
@@ -739,14 +739,14 @@ HREF="Bv9ARM.ch09.html"
 ><DL
 ><DT
 >A.1. <A
-HREF="Bv9ARM.ch09.html#AEN4752"
+HREF="Bv9ARM.ch09.html#AEN4763"
 >Acknowledgments</A
 ></DT
 ><DD
 ><DL
 ><DT
 >A.1.1. <A
-HREF="Bv9ARM.ch09.html#AEN4754"
+HREF="Bv9ARM.ch09.html#AEN4765"
 >A Brief History of the <SPAN
 CLASS="acronym"
 >DNS</SPAN
@@ -793,7 +793,7 @@ HREF="Bv9ARM.ch09.html#internet_drafts"
 ></DT
 ><DT
 >A.3.3. <A
-HREF="Bv9ARM.ch09.html#AEN5349"
+HREF="Bv9ARM.ch09.html#AEN5360"
 >Other Documents About <SPAN
 CLASS="acronym"
 >BIND</SPAN
diff --git a/doc/misc/options b/doc/misc/options
index 581dadaca6..8eec93f4ca 100644
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -83,6 +83,7 @@ options {
         disable-algorithms <string> { <string>; ... };
         dnssec-enable <boolean>;
         dnssec-lookaside <string>;
+        dnssec-must-be-secure <string> <boolean>;
         allow-query { <address_match_element>; ... };
         allow-transfer { <address_match_element>; ... };
         allow-update-forwarding { <address_match_element>; ... };
@@ -262,6 +263,7 @@ view <string> <optional_class> {
         disable-algorithms <string> { <string>; ... };
         dnssec-enable <boolean>;
         dnssec-lookaside <string>;
+        dnssec-must-be-secure <string> <boolean>;
         allow-query { <address_match_element>; ... };
         allow-transfer { <address_match_element>; ... };
         allow-update-forwarding { <address_match_element>; ... };
