diff --git a/bin/nsupdate/nsupdate.1 b/bin/nsupdate/nsupdate.1
index c7fef2ba87..3184ba4fb6 100644
--- a/bin/nsupdate/nsupdate.1
+++ b/bin/nsupdate/nsupdate.1
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nsupdate.1,v 1.4 2009/01/21 01:12:08 tbox Exp $
+.\" $Id: nsupdate.1,v 1.5 2009/03/10 01:12:31 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,7 +33,7 @@
 nsupdate \- Dynamic DNS update utility
 .SH "SYNOPSIS"
 .HP 9
-\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
+\fBnsupdate\fR [\fB\-d\fR] [\fB\-D\fR] [[\fB\-g\fR] | [\fB\-o\fR] | [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIkeyname:secret\fR\fR] | [\fB\-k\ \fR\fB\fIkeyfile\fR\fR]] [\fB\-t\ \fR\fB\fItimeout\fR\fR] [\fB\-u\ \fR\fB\fIudptimeout\fR\fR] [\fB\-r\ \fR\fB\fIudpretries\fR\fR] [\fB\-R\ \fR\fB\fIrandomdev\fR\fR] [\fB\-v\fR] [filename]
 .SH "DESCRIPTION"
 .PP
 \fBnsupdate\fR
@@ -60,7 +60,7 @@ option makes
 report additional debugging information to
 \fB\-d\fR.
 .PP
-Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931. TSIG relies on a shared secret that should only be known to
+Transaction signatures can be used to authenticate the Dynamic DNS updates. These use the TSIG resource record type described in RFC2845 or the SIG(0) record described in RFC3535 and RFC2931 or GSS\-TSIG as described in RFC3645. TSIG relies on a shared secret that should only be known to
 \fBnsupdate\fR
 and the name server. Currently, the only supported encryption algorithm for TSIG is HMAC\-MD5, which is defined in RFC 2104. Once other algorithms are defined for TSIG, applications will need to ensure they select the appropriate algorithm as well as the key when authenticating each other. For instance, suitable
 \fBkey\fR
@@ -71,7 +71,7 @@ statements would be added to
 so that the name server can associate the appropriate secret key and algorithm with the IP address of the client application that will be using TSIG authentication. SIG(0) uses public key cryptography. To use a SIG(0) key, the public key must be stored in a KEY record in a zone served by the name server.
 \fBnsupdate\fR
 does not read
-\fI/etc/named.conf\fR.
+\fI/etc/named.conf\fR. GSS\-TSIG uses Kerberos credentials.
 .PP
 \fBnsupdate\fR
 uses the
@@ -103,6 +103,14 @@ The
 \fB\-k\fR
 may also be used to specify a SIG(0) key used to authenticate Dynamic DNS update requests. In this case, the key specified is not an HMAC\-MD5 key.
 .PP
+The
+\fB\-g\fR
+and
+\fB\-o\fR
+specify that GSS\-TSIG is to be used. The
+\fB\-o\fR
+should only be used with old Microsoft Windows 2000 servers.
+.PP
 By default,
 \fBnsupdate\fR
 uses UDP to send update requests to the name server unless they are too large to fit in a UDP request in which case TCP will be used. The
diff --git a/bin/nsupdate/nsupdate.html b/bin/nsupdate/nsupdate.html
index 98138e0b0f..2f9c180b60 100644
--- a/bin/nsupdate/nsupdate.html
+++ b/bin/nsupdate/nsupdate.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: nsupdate.html,v 1.41 2009/01/21 01:12:08 tbox Exp $ -->
+<!-- $Id: nsupdate.html,v 1.42 2009/03/10 01:12:31 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
+<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543441"></a><h2>DESCRIPTION</h2>
+<a name="id2543449"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -70,31 +70,27 @@
       report additional debugging information to <code class="option">-d</code>.
     </p>
 <p>
-      Transaction signatures can be used to authenticate the Dynamic DNS
-      updates.
-      These use the TSIG resource record type described in RFC2845 or the
-      SIG(0) record described in RFC3535 and RFC2931.
-      TSIG relies on a shared secret that should only be known to
-      <span><strong class="command">nsupdate</strong></span> and the name server.
-      Currently, the only supported encryption algorithm for TSIG is
-      HMAC-MD5, which is defined in RFC 2104.
-      Once other algorithms are defined for TSIG, applications will need to
-      ensure they select the appropriate algorithm as well as the key when
-      authenticating each other.
-      For instance, suitable
-      <span class="type">key</span>
-      and
-      <span class="type">server</span>
-      statements would be added to
-      <code class="filename">/etc/named.conf</code>
-      so that the name server can associate the appropriate secret key
-      and algorithm with the IP address of the
-      client application that will be using TSIG authentication.
-      SIG(0) uses public key cryptography.  To use a SIG(0) key, the public
-      key must be stored in a KEY record in a zone served by the name server.
-      <span><strong class="command">nsupdate</strong></span>
-      does not read
+      Transaction signatures can be used to authenticate the Dynamic
+      DNS updates.  These use the TSIG resource record type described
+      in RFC2845 or the SIG(0) record described in RFC3535 and
+      RFC2931 or GSS-TSIG as described in RFC3645.  TSIG relies on
+      a shared secret that should only be known to
+      <span><strong class="command">nsupdate</strong></span> and the name server.  Currently,
+      the only supported encryption algorithm for TSIG is HMAC-MD5,
+      which is defined in RFC 2104.  Once other algorithms are
+      defined for TSIG, applications will need to ensure they select
+      the appropriate algorithm as well as the key when authenticating
+      each other.  For instance, suitable <span class="type">key</span> and
+      <span class="type">server</span> statements would be added to
+      <code class="filename">/etc/named.conf</code> so that the name server
+      can associate the appropriate secret key and algorithm with
+      the IP address of the client application that will be using
+      TSIG authentication.  SIG(0) uses public key cryptography.
+      To use a SIG(0) key, the public key must be stored in a KEY
+      record in a zone served by the name server.
+      <span><strong class="command">nsupdate</strong></span> does not read
       <code class="filename">/etc/named.conf</code>.
+      GSS-TSIG uses Kerberos credentials.
     </p>
 <p><span><strong class="command">nsupdate</strong></span>
       uses the <code class="option">-y</code> or <code class="option">-k</code> option
@@ -124,6 +120,11 @@
       to authenticate Dynamic DNS update requests.  In this case, the key
       specified is not an HMAC-MD5 key.
     </p>
+<p>
+      The <code class="option">-g</code> and <code class="option">-o</code> specify that
+      GSS-TSIG is to be used.  The <code class="option">-o</code> should only
+      be used with old Microsoft Windows 2000 servers.
+    </p>
 <p>
       By default,
       <span><strong class="command">nsupdate</strong></span>
@@ -168,7 +169,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543703"></a><h2>INPUT FORMAT</h2>
+<a name="id2543726"></a><h2>INPUT FORMAT</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       reads input from
       <em class="parameter"><code>filename</code></em>
@@ -432,7 +433,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544544"></a><h2>EXAMPLES</h2>
+<a name="id2544567"></a><h2>EXAMPLES</h2>
 <p>
       The examples below show how
       <span><strong class="command">nsupdate</strong></span>
@@ -486,7 +487,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544587"></a><h2>FILES</h2>
+<a name="id2544611"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
 <dd><p>
@@ -505,7 +506,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2542131"></a><h2>SEE ALSO</h2>
+<a name="id2544680"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
       <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
       <span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@@ -518,7 +519,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544932"></a><h2>BUGS</h2>
+<a name="id2542156"></a><h2>BUGS</h2>
 <p>
       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.nsupdate.html b/doc/arm/man.nsupdate.html
index 1940bb3074..9841b5a302 100644
--- a/doc/arm/man.nsupdate.html
+++ b/doc/arm/man.nsupdate.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.nsupdate.html,v 1.34 2009/03/06 01:12:33 tbox Exp $ -->
+<!-- $Id: man.nsupdate.html,v 1.35 2009/03/10 01:12:31 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -47,10 +47,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
+<div class="cmdsynopsis"><p><code class="command">nsupdate</code>  [<code class="option">-d</code>] [<code class="option">-D</code>] [[<code class="option">-g</code>] |  [<code class="option">-o</code>] |  [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></code>] |  [<code class="option">-k <em class="replaceable"><code>keyfile</code></em></code>]] [<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>] [<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>] [<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>] [<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-v</code>] [filename]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2611523"></a><h2>DESCRIPTION</h2>
+<a name="id2611504"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       is used to submit Dynamic DNS Update requests as defined in RFC2136
       to a name server.
@@ -88,31 +88,27 @@
       report additional debugging information to <code class="option">-d</code>.
     </p>
 <p>
-      Transaction signatures can be used to authenticate the Dynamic DNS
-      updates.
-      These use the TSIG resource record type described in RFC2845 or the
-      SIG(0) record described in RFC3535 and RFC2931.
-      TSIG relies on a shared secret that should only be known to
-      <span><strong class="command">nsupdate</strong></span> and the name server.
-      Currently, the only supported encryption algorithm for TSIG is
-      HMAC-MD5, which is defined in RFC 2104.
-      Once other algorithms are defined for TSIG, applications will need to
-      ensure they select the appropriate algorithm as well as the key when
-      authenticating each other.
-      For instance, suitable
-      <span class="type">key</span>
-      and
-      <span class="type">server</span>
-      statements would be added to
-      <code class="filename">/etc/named.conf</code>
-      so that the name server can associate the appropriate secret key
-      and algorithm with the IP address of the
-      client application that will be using TSIG authentication.
-      SIG(0) uses public key cryptography.  To use a SIG(0) key, the public
-      key must be stored in a KEY record in a zone served by the name server.
-      <span><strong class="command">nsupdate</strong></span>
-      does not read
+      Transaction signatures can be used to authenticate the Dynamic
+      DNS updates.  These use the TSIG resource record type described
+      in RFC2845 or the SIG(0) record described in RFC3535 and
+      RFC2931 or GSS-TSIG as described in RFC3645.  TSIG relies on
+      a shared secret that should only be known to
+      <span><strong class="command">nsupdate</strong></span> and the name server.  Currently,
+      the only supported encryption algorithm for TSIG is HMAC-MD5,
+      which is defined in RFC 2104.  Once other algorithms are
+      defined for TSIG, applications will need to ensure they select
+      the appropriate algorithm as well as the key when authenticating
+      each other.  For instance, suitable <span class="type">key</span> and
+      <span class="type">server</span> statements would be added to
+      <code class="filename">/etc/named.conf</code> so that the name server
+      can associate the appropriate secret key and algorithm with
+      the IP address of the client application that will be using
+      TSIG authentication.  SIG(0) uses public key cryptography.
+      To use a SIG(0) key, the public key must be stored in a KEY
+      record in a zone served by the name server.
+      <span><strong class="command">nsupdate</strong></span> does not read
       <code class="filename">/etc/named.conf</code>.
+      GSS-TSIG uses Kerberos credentials.
     </p>
 <p><span><strong class="command">nsupdate</strong></span>
       uses the <code class="option">-y</code> or <code class="option">-k</code> option
@@ -142,6 +138,11 @@
       to authenticate Dynamic DNS update requests.  In this case, the key
       specified is not an HMAC-MD5 key.
     </p>
+<p>
+      The <code class="option">-g</code> and <code class="option">-o</code> specify that
+      GSS-TSIG is to be used.  The <code class="option">-o</code> should only
+      be used with old Microsoft Windows 2000 servers.
+    </p>
 <p>
       By default,
       <span><strong class="command">nsupdate</strong></span>
@@ -186,7 +187,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2612107"></a><h2>INPUT FORMAT</h2>
+<a name="id2612103"></a><h2>INPUT FORMAT</h2>
 <p><span><strong class="command">nsupdate</strong></span>
       reads input from
       <em class="parameter"><code>filename</code></em>
@@ -450,7 +451,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2660449"></a><h2>EXAMPLES</h2>
+<a name="id2660444"></a><h2>EXAMPLES</h2>
 <p>
       The examples below show how
       <span><strong class="command">nsupdate</strong></span>
@@ -504,7 +505,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2660567"></a><h2>FILES</h2>
+<a name="id2660563"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="constant">/etc/resolv.conf</code></span></dt>
 <dd><p>
@@ -523,7 +524,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2660636"></a><h2>SEE ALSO</h2>
+<a name="id2660632"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">RFC2136</span></span>,
       <span class="citerefentry"><span class="refentrytitle">RFC3007</span></span>,
       <span class="citerefentry"><span class="refentrytitle">RFC2104</span></span>,
@@ -536,7 +537,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2660707"></a><h2>BUGS</h2>
+<a name="id2660702"></a><h2>BUGS</h2>
 <p>
       The TSIG key is redundantly stored in two separate files.
       This is a consequence of nsupdate using the DST library
diff --git a/doc/arm/man.rndc-confgen.html b/doc/arm/man.rndc-confgen.html
index c9eaa344fd..603c8a7b10 100644
--- a/doc/arm/man.rndc-confgen.html
+++ b/doc/arm/man.rndc-confgen.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.rndc-confgen.html,v 1.114 2009/03/06 01:12:32 tbox Exp $ -->
+<!-- $Id: man.rndc-confgen.html,v 1.115 2009/03/10 01:12:31 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -48,7 +48,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc-confgen</code>  [<code class="option">-a</code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>] [<code class="option">-s <em class="replaceable"><code>address</code></em></code>] [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2633235"></a><h2>DESCRIPTION</h2>
+<a name="id2628420"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">rndc-confgen</strong></span>
       generates configuration files
       for <span><strong class="command">rndc</strong></span>.  It can be used as a
@@ -64,7 +64,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2633984"></a><h2>OPTIONS</h2>
+<a name="id2628486"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd>
@@ -171,7 +171,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2635325"></a><h2>EXAMPLES</h2>
+<a name="id2634129"></a><h2>EXAMPLES</h2>
 <p>
       To allow <span><strong class="command">rndc</strong></span> to be used with
       no manual configuration, run
@@ -188,7 +188,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2635382"></a><h2>SEE ALSO</h2>
+<a name="id2634185"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -196,7 +196,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2635420"></a><h2>AUTHOR</h2>
+<a name="id2635179"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.rndc.conf.html b/doc/arm/man.rndc.conf.html
index 8475ad0709..7c761e9b02 100644
--- a/doc/arm/man.rndc.conf.html
+++ b/doc/arm/man.rndc.conf.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.rndc.conf.html,v 1.115 2009/03/06 01:12:32 tbox Exp $ -->
+<!-- $Id: man.rndc.conf.html,v 1.116 2009/03/10 01:12:31 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc.conf</code> </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2607972"></a><h2>DESCRIPTION</h2>
+<a name="id2627801"></a><h2>DESCRIPTION</h2>
 <p><code class="filename">rndc.conf</code> is the configuration file
       for <span><strong class="command">rndc</strong></span>, the BIND 9 name server control
       utility.  This file has a similar structure and syntax to
@@ -135,7 +135,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2628077"></a><h2>EXAMPLE</h2>
+<a name="id2627973"></a><h2>EXAMPLE</h2>
 <pre class="programlisting">
       options {
         default-server  localhost;
@@ -209,7 +209,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2628199"></a><h2>NAME SERVER CONFIGURATION</h2>
+<a name="id2628163"></a><h2>NAME SERVER CONFIGURATION</h2>
 <p>
       The name server must be configured to accept rndc connections and
       to recognize the key specified in the <code class="filename">rndc.conf</code>
@@ -219,7 +219,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2628225"></a><h2>SEE ALSO</h2>
+<a name="id2628188"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">mmencode</span>(1)</span>,
@@ -227,7 +227,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2628263"></a><h2>AUTHOR</h2>
+<a name="id2628227"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>
diff --git a/doc/arm/man.rndc.html b/doc/arm/man.rndc.html
index 5f4d424854..eb487955cb 100644
--- a/doc/arm/man.rndc.html
+++ b/doc/arm/man.rndc.html
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: man.rndc.html,v 1.113 2009/03/06 01:12:32 tbox Exp $ -->
+<!-- $Id: man.rndc.html,v 1.114 2009/03/10 01:12:31 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -50,7 +50,7 @@
 <div class="cmdsynopsis"><p><code class="command">rndc</code>  [<code class="option">-b <em class="replaceable"><code>source-address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key-file</code></em></code>] [<code class="option">-s <em class="replaceable"><code>server</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y <em class="replaceable"><code>key_id</code></em></code>] {command}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2612652"></a><h2>DESCRIPTION</h2>
+<a name="id2612616"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">rndc</strong></span>
       controls the operation of a name
       server.  It supersedes the <span><strong class="command">ndc</strong></span> utility
@@ -79,7 +79,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2612702"></a><h2>OPTIONS</h2>
+<a name="id2612666"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-b <em class="replaceable"><code>source-address</code></em></span></dt>
 <dd><p>
@@ -151,7 +151,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2613747"></a><h2>LIMITATIONS</h2>
+<a name="id2613710"></a><h2>LIMITATIONS</h2>
 <p><span><strong class="command">rndc</strong></span>
       does not yet support all the commands of
       the BIND 8 <span><strong class="command">ndc</strong></span> utility.
@@ -165,7 +165,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2613778"></a><h2>SEE ALSO</h2>
+<a name="id2613741"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">rndc.conf</span>(5)</span>,
       <span class="citerefentry"><span class="refentrytitle">rndc-confgen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
@@ -175,7 +175,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2616905"></a><h2>AUTHOR</h2>
+<a name="id2616869"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>