diff --git a/FAQ b/FAQ
index ed6ec56b8f..29475d47a1 100644
--- a/FAQ
+++ b/FAQ
@@ -92,7 +92,7 @@ Q: I'm trying to use TSIG to authenticate dynamic updates or zone
    rejecting the TSIG. Why?
 
 A: This may be a clock skew problem. Check that the the clocks on the
-   client and server are properly synchronised (e.g., using ntp).
+   client and server are properly synchronized (e.g., using ntp).
 
 Q: I see a log message like the following. Why?
 
diff --git a/FAQ.xml b/FAQ.xml
index cd216e6ec5..8bcd677eb1 100644
--- a/FAQ.xml
+++ b/FAQ.xml
@@ -220,7 +220,7 @@ view "chaos" chaos {
       <answer>
 	<para>
 	  This may be a clock skew problem.  Check that the the clocks
-	  on the client and server are properly synchronised (e.g.,
+	  on the client and server are properly synchronized (e.g.,
 	  using ntp).
 	</para>
       </answer>
diff --git a/doc/arm/Bv9ARM.ch04.html b/doc/arm/Bv9ARM.ch04.html
index b8e462dd25..0df98fb9e2 100644
--- a/doc/arm/Bv9ARM.ch04.html
+++ b/doc/arm/Bv9ARM.ch04.html
@@ -123,12 +123,14 @@
       </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
         As a slave zone can also be a master to other slaves, <span class="command"><strong>named</strong></span>,
         by default, sends <span class="command"><strong>NOTIFY</strong></span> messages for every zone
         it loads.  Specifying <span class="command"><strong>notify master-only;</strong></span> will
         cause <span class="command"><strong>named</strong></span> to only send <span class="command"><strong>NOTIFY</strong></span> for master
         zones that it loads.
-      </div>
+      </p>
+</div>
 </div>
 <div class="section">
 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
@@ -1050,9 +1052,11 @@ options {
 </pre>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
           None of the keys listed in this example are valid.  In particular,
           the root key is not valid.
-        </div>
+        </p>
+</div>
 <p>
           When DNSSEC validation is enabled and properly configured,
           the resolver will reject any answers from signed, secure zones
diff --git a/doc/arm/Bv9ARM.ch06.html b/doc/arm/Bv9ARM.ch06.html
index ed96615cbc..efd8ca7d55 100644
--- a/doc/arm/Bv9ARM.ch06.html
+++ b/doc/arm/Bv9ARM.ch06.html
@@ -3410,7 +3410,6 @@ options {
                   queries.
                   Caching may still occur as an effect the server's internal
                   operation, such as NOTIFY address lookups.
-                  See also <span class="command"><strong>fetch-glue</strong></span> above.
                 </p></dd>
 <dt><span class="term"><span class="command"><strong>request-nsid</strong></span></span></dt>
 <dd><p>
@@ -4691,13 +4690,15 @@ avoid-v6-udp-ports {};
                 </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
                   If you do not wish the alternate transfer source
                   to be used, you should set
                   <span class="command"><strong>use-alt-transfer-source</strong></span>
                   appropriately and you should not depend upon
                   getting an answer back to the first refresh
                   query.
-                </div>
+                </p>
+</div>
 </dd>
 <dt><span class="term"><span class="command"><strong>alt-transfer-source-v6</strong></span></span></dt>
 <dd><p>
@@ -5955,11 +5956,13 @@ avoid-v6-udp-ports { 40000; range 50000 60000; };
           </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
+<p>
             The real parent servers for these zones should disable all
             empty zone under the parent zone they serve.  For the real
             root servers, this is all built-in empty zones.  This will
             enable them to return referrals to deeper in the tree.
-          </div>
+          </p>
+</div>
 <div class="variablelist"><dl class="variablelist">
 <dt><span class="term"><span class="command"><strong>empty-server</strong></span></span></dt>
 <dd><p>
@@ -8475,7 +8478,7 @@ example.com. NS ns2.example.net.
                         The <em class="replaceable"><code>name</code></em> field
                         is subject to DNS wildcard expansion, and
                         this rule matches when the name being updated
-                        name is a valid expansion of the wildcard.
+                        is a valid expansion of the wildcard.
                       </p>
                     </td>
 </tr>
diff --git a/doc/arm/Bv9ARM.ch07.html b/doc/arm/Bv9ARM.ch07.html
index 9da5f94c64..eded6c98fa 100644
--- a/doc/arm/Bv9ARM.ch07.html
+++ b/doc/arm/Bv9ARM.ch07.html
@@ -181,10 +181,12 @@ zone "example.com" {
           </p>
 <div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
 <h3 class="title">Note</h3>
-            Note that if the <span class="command"><strong>named</strong></span> daemon is running as an
+<p>
+            If the <span class="command"><strong>named</strong></span> daemon is running as an
             unprivileged user, it will not be able to bind to new restricted
             ports if the server is reloaded.
-          </div>
+          </p>
+</div>
 </div>
 </div>
 <div class="section">
diff --git a/doc/arm/Bv9ARM.ch09.html b/doc/arm/Bv9ARM.ch09.html
index c5fef3907b..d41334c829 100644
--- a/doc/arm/Bv9ARM.ch09.html
+++ b/doc/arm/Bv9ARM.ch09.html
@@ -88,7 +88,7 @@
 	  records with an incorrect class to be be accepted,
 	  triggering a REQUIRE failure when those records
 	  were subsequently cached.  This flaw is disclosed
-	  in CVE-2015-8000. [RT #4098]
+	  in CVE-2015-8000. [RT #40987]
 	</p></li>
 <li class="listitem"><p>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -190,6 +190,9 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Updated the complied in addresses for H.ROOT-SERVERS.NET.
+	</p></li>
 <li class="listitem"><p>
 	  Large inline-signing changes should be less disruptive.
 	  Signature generation is now done incrementally; the number
diff --git a/doc/arm/notes.html b/doc/arm/notes.html
index 2b2f7bcaa6..1db8f0a241 100644
--- a/doc/arm/notes.html
+++ b/doc/arm/notes.html
@@ -49,7 +49,7 @@
 	  records with an incorrect class to be be accepted,
 	  triggering a REQUIRE failure when those records
 	  were subsequently cached.  This flaw is disclosed
-	  in CVE-2015-8000. [RT #4098]
+	  in CVE-2015-8000. [RT #40987]
 	</p></li>
 <li class="listitem"><p>
 	  An incorrect boundary check in the OPENPGPKEY rdatatype
@@ -151,6 +151,9 @@
 <div class="titlepage"><div><div><h3 class="title">
 <a name="relnotes_changes"></a>Feature Changes</h3></div></div></div>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
+<li class="listitem"><p>
+	  Updated the complied in addresses for H.ROOT-SERVERS.NET.
+	</p></li>
 <li class="listitem"><p>
 	  Large inline-signing changes should be less disruptive.
 	  Signature generation is now done incrementally; the number