diff --git a/bind-9.11-rt46047.patch b/bind-9.11-rt46047.patch
index fd23d78..915b0ab 100644
--- a/bind-9.11-rt46047.patch
+++ b/bind-9.11-rt46047.patch
@@ -1,7 +1,7 @@
-From 71dbb3a1a96a012683125a22e9bf263efb97df4d Mon Sep 17 00:00:00 2001
+From 1ab1aabcf9b2b8de144bab7a3ff5d9f7e6ec9ad4 Mon Sep 17 00:00:00 2001
 From: Evan Hunt <each@isc.org>
 Date: Thu, 28 Sep 2017 10:09:22 -0700
-Subject: [PATCH] [master] completed and corrected the crypto-random change
+Subject: [PATCH] completed and corrected the crypto-random change
 
 4724.	[func]		By default, BIND now uses the random number
 			functions provided by the crypto library (i.e.,
@@ -33,23 +33,23 @@ Subject: [PATCH] [master] completed and corrected the crypto-random change
  bin/named/include/named/server.h         |  2 ++
  bin/named/interfacemgr.c                 |  1 +
  bin/named/query.c                        |  1 +
- bin/named/server.c                       | 52 ++++++++++++++++++------------
+ bin/named/server.c                       | 53 ++++++++++++++++++------------
  bin/nsupdate/nsupdate.c                  |  4 +--
  bin/tests/system/pipelined/pipequeries.c |  4 +--
  bin/tests/system/tkey/keycreate.c        |  4 +--
  bin/tests/system/tkey/keydelete.c        |  4 +--
  doc/arm/Bv9ARM-book.xml                  | 55 ++++++++++++++++++++++----------
- doc/arm/notes.xml                        | 26 +++++++++++++++
+ doc/arm/notes.xml                        | 23 ++++++++++++-
  lib/dns/dst_api.c                        |  7 ++--
  lib/dns/include/dst/dst.h                | 14 ++++++--
  lib/dns/openssl_link.c                   |  3 +-
  lib/isc/include/isc/entropy.h            | 50 +++++++++++++++++++++--------
  lib/isc/include/isc/random.h             | 28 ++++++++++------
  lib/isccfg/namedconf.c                   |  2 +-
- 22 files changed, 222 insertions(+), 109 deletions(-)
+ 22 files changed, 219 insertions(+), 110 deletions(-)
 
 diff --git a/bin/confgen/keygen.c b/bin/confgen/keygen.c
-index fa439cc158..a7ad417a18 100644
+index fa439cc..a7ad417 100644
 --- a/bin/confgen/keygen.c
 +++ b/bin/confgen/keygen.c
 @@ -161,17 +161,15 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
@@ -76,7 +76,7 @@ index fa439cc158..a7ad417a18 100644
  							     &entropy_source,
  							     randomfile,
 diff --git a/bin/dnssec/dnssec-keygen.docbook b/bin/dnssec/dnssec-keygen.docbook
-index 96dfef64b4..1c84b06126 100644
+index 96dfef6..1c84b06 100644
 --- a/bin/dnssec/dnssec-keygen.docbook
 +++ b/bin/dnssec/dnssec-keygen.docbook
 @@ -349,15 +349,23 @@
@@ -112,7 +112,7 @@ index 96dfef64b4..1c84b06126 100644
  	</listitem>
        </varlistentry>
 diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
-index 4ea9eafa44..5dd9475dd3 100644
+index 4ea9eaf..5dd9475 100644
 --- a/bin/dnssec/dnssectool.c
 +++ b/bin/dnssec/dnssectool.c
 @@ -239,18 +239,16 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -140,7 +140,7 @@ index 4ea9eafa44..5dd9475dd3 100644
  					   usekeyboard);
  
 diff --git a/bin/named/client.c b/bin/named/client.c
-index b9ebc93094..20e5f395d4 100644
+index b9ebc93..20e5f39 100644
 --- a/bin/named/client.c
 +++ b/bin/named/client.c
 @@ -1605,7 +1605,8 @@ ns_client_addopt(ns_client_t *client, dns_message_t *message,
@@ -154,7 +154,7 @@ index b9ebc93094..20e5f395d4 100644
  		compute_cookie(client, now, nonce, ns_g_server->secret, &buf);
  
 diff --git a/bin/named/config.c b/bin/named/config.c
-index c50f759ddd..c1e72ef996 100644
+index c50f759..c1e72ef 100644
 --- a/bin/named/config.c
 +++ b/bin/named/config.c
 @@ -92,7 +92,9 @@ options {\n\
@@ -169,7 +169,7 @@ index c50f759ddd..c1e72ef996 100644
  #endif
  "	recursing-file \"named.recursing\";\n\
 diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c
-index 237e8dc31d..b905475890 100644
+index 237e8dc..b905475 100644
 --- a/bin/named/controlconf.c
 +++ b/bin/named/controlconf.c
 @@ -322,9 +322,10 @@ log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
@@ -221,7 +221,7 @@ index 237e8dc31d..b905475890 100644
  	} else
  		eresult = ns_control_docommand(request, listener->readonly, &text);
 diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
-index d8179a60a0..e03d24d85d 100644
+index d8179a6..e03d24d 100644
 --- a/bin/named/include/named/server.h
 +++ b/bin/named/include/named/server.h
 @@ -17,6 +17,7 @@
@@ -241,7 +241,7 @@ index d8179a60a0..e03d24d85d 100644
  
  struct ns_altsecret {
 diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c
-index d8c7188186..50f924eadb 100644
+index d8c7188..50f924e 100644
 --- a/bin/named/interfacemgr.c
 +++ b/bin/named/interfacemgr.c
 @@ -15,6 +15,7 @@
@@ -253,7 +253,7 @@ index d8c7188186..50f924eadb 100644
  #include <isc/task.h>
  #include <isc/util.h>
 diff --git a/bin/named/query.c b/bin/named/query.c
-index accbf3b24d..d89622d835 100644
+index accbf3b..d89622d 100644
 --- a/bin/named/query.c
 +++ b/bin/named/query.c
 @@ -18,6 +18,7 @@
@@ -265,7 +265,7 @@ index accbf3b24d..d89622d835 100644
  #include <isc/serial.h>
  #include <isc/stats.h>
 diff --git a/bin/named/server.c b/bin/named/server.c
-index ee5186c165..553e0f1ae6 100644
+index ca789e5..1413e85 100644
 --- a/bin/named/server.c
 +++ b/bin/named/server.c
 @@ -8076,21 +8076,30 @@ load_configuration(const char *filename, ns_server_t *server,
@@ -329,16 +329,17 @@ index ee5186c165..553e0f1ae6 100644
  #endif
  		}
  	}
-@@ -8911,6 +8919,8 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
+@@ -8911,6 +8919,9 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
  	CHECKFATAL(dns_tkeyctx_create(ns_g_mctx, ns_g_entropy,
  				      &server->tkeyctx),
  		   "creating TKEY context");
++	server->rngctx = NULL;
 +	CHECKFATAL(isc_rng_create(ns_g_mctx, ns_g_entropy, &server->rngctx),
 +	           "creating random numbers context");
  
  	/*
  	 * Setup the server task, which is responsible for coordinating
-@@ -9117,7 +9127,8 @@ ns_server_destroy(ns_server_t **serverp) {
+@@ -9117,7 +9128,8 @@ ns_server_destroy(ns_server_t **serverp) {
  
  	if (server->zonemgr != NULL)
  		dns_zonemgr_detach(&server->zonemgr);
@@ -348,7 +349,7 @@ index ee5186c165..553e0f1ae6 100644
  	if (server->tkeyctx != NULL)
  		dns_tkeyctx_destroy(&server->tkeyctx);
  
-@@ -13018,10 +13029,10 @@ newzone_cfgctx_destroy(void **cfgp) {
+@@ -13018,10 +13030,10 @@ newzone_cfgctx_destroy(void **cfgp) {
  
  static isc_result_t
  generate_salt(unsigned char *salt, size_t saltlen) {
@@ -361,7 +362,7 @@ index ee5186c165..553e0f1ae6 100644
  	} rnd;
  	unsigned char text[512 + 1];
  	isc_region_t r;
-@@ -13031,9 +13042,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
+@@ -13031,9 +13043,10 @@ generate_salt(unsigned char *salt, size_t saltlen) {
  	if (saltlen > 256U)
  		return (ISC_R_RANGE);
  
@@ -376,7 +377,7 @@ index ee5186c165..553e0f1ae6 100644
  	memmove(salt, rnd.rnd, saltlen);
  
 diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
-index 46c7acf4dc..a0d0278635 100644
+index 46c7acf..a0d0278 100644
 --- a/bin/nsupdate/nsupdate.c
 +++ b/bin/nsupdate/nsupdate.c
 @@ -281,9 +281,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
@@ -391,7 +392,7 @@ index 46c7acf4dc..a0d0278635 100644
  	}
  #endif
 diff --git a/bin/tests/system/pipelined/pipequeries.c b/bin/tests/system/pipelined/pipequeries.c
-index 810d99e267..d7d10e2e3c 100644
+index 810d99e..d7d10e2 100644
 --- a/bin/tests/system/pipelined/pipequeries.c
 +++ b/bin/tests/system/pipelined/pipequeries.c
 @@ -279,9 +279,7 @@ main(int argc, char *argv[]) {
@@ -406,7 +407,7 @@ index 810d99e267..d7d10e2e3c 100644
  	}
  #endif
 diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c
-index 4f2f5b4cc5..0894db7066 100644
+index 4f2f5b4..0894db7 100644
 --- a/bin/tests/system/tkey/keycreate.c
 +++ b/bin/tests/system/tkey/keycreate.c
 @@ -255,9 +255,7 @@ main(int argc, char *argv[]) {
@@ -421,7 +422,7 @@ index 4f2f5b4cc5..0894db7066 100644
  	}
  #endif
 diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c
-index 0975bbe4ea..5b8a4701a8 100644
+index 0975bbe..5b8a470 100644
 --- a/bin/tests/system/tkey/keydelete.c
 +++ b/bin/tests/system/tkey/keydelete.c
 @@ -182,9 +182,7 @@ main(int argc, char **argv) {
@@ -436,7 +437,7 @@ index 0975bbe4ea..5b8a4701a8 100644
  	}
  #endif
 diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml
-index 3ecdc046d0..34c9e85f52 100644
+index a5d9e2e..2a96f71 100644
 --- a/doc/arm/Bv9ARM-book.xml
 +++ b/doc/arm/Bv9ARM-book.xml
 @@ -5070,22 +5070,45 @@ badresp:1,adberr:0,findfail:0,valfail:0]
@@ -502,15 +503,14 @@ index 3ecdc046d0..34c9e85f52 100644
  	    </listitem>
  	  </varlistentry>
 diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml
-index 7b7475b58f..49fe0a413e 100644
+index d3fdb5e..a8ad92d 100644
 --- a/doc/arm/notes.xml
 +++ b/doc/arm/notes.xml
-@@ -128,6 +128,32 @@
- 	  necessary.
- 	</para>
-       </listitem>
-+      <listitem>
-+	<para>
+@@ -105,7 +105,28 @@
+     <itemizedlist>
+       <listitem>
+ 	<para>
+-	  None.
 +	  By default, BIND now uses the random number generation functions
 +	  in the cryptographic library (i.e., OpenSSL or a PKCS#11
 +	  provider) as a source of high-quality randomness rather than
@@ -533,13 +533,11 @@ index 7b7475b58f..49fe0a413e 100644
 +	  <command>configure --disable-crypto-rand</command>, in which
 +	  case <filename>/dev/random</filename> will be the default
 +	  entropy source.  [RT #31459] [RT #46047]
-+	</para>
-+      </listitem>
+ 	</para>
+       </listitem>
      </itemizedlist>
-   </section>
- 
 diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c
-index 803e7b3538..29a4fef44b 100644
+index 803e7b3..29a4fef 100644
 --- a/lib/dns/dst_api.c
 +++ b/lib/dns/dst_api.c
 @@ -276,8 +276,9 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
@@ -568,7 +566,7 @@ index 803e7b3538..29a4fef44b 100644
  }
  
 diff --git a/lib/dns/include/dst/dst.h b/lib/dns/include/dst/dst.h
-index d9b6ab6bfb..e8c1a3c287 100644
+index d9b6ab6..e8c1a3c 100644
 --- a/lib/dns/include/dst/dst.h
 +++ b/lib/dns/include/dst/dst.h
 @@ -161,8 +161,18 @@ isc_result_t
@@ -593,7 +591,7 @@ index d9b6ab6bfb..e8c1a3c287 100644
  
  isc_boolean_t
 diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
-index c1e1bde95a..91e87d00b4 100644
+index c1e1bde..91e87d0 100644
 --- a/lib/dns/openssl_link.c
 +++ b/lib/dns/openssl_link.c
 @@ -482,7 +482,8 @@ dst__openssl_getengine(const char *engine) {
@@ -607,7 +605,7 @@ index c1e1bde95a..91e87d00b4 100644
  #ifndef DONT_REQUIRE_DST_LIB_INIT
  	INSIST(dst__memory_pool != NULL);
 diff --git a/lib/isc/include/isc/entropy.h b/lib/isc/include/isc/entropy.h
-index d9deb8ad9b..2d373630ae 100644
+index d9deb8a..2d37363 100644
 --- a/lib/isc/include/isc/entropy.h
 +++ b/lib/isc/include/isc/entropy.h
 @@ -9,8 +9,6 @@
@@ -696,7 +694,7 @@ index d9deb8ad9b..2d373630ae 100644
  
  ISC_LANG_ENDDECLS
 diff --git a/lib/isc/include/isc/random.h b/lib/isc/include/isc/random.h
-index ba53ebf35c..b57572842c 100644
+index ba53ebf..b575728 100644
 --- a/lib/isc/include/isc/random.h
 +++ b/lib/isc/include/isc/random.h
 @@ -9,8 +9,6 @@
@@ -750,7 +748,7 @@ index ba53ebf35c..b57572842c 100644
  
  ISC_LANG_ENDDECLS
 diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
-index 8d496ff9ce..dd08187312 100644
+index 8d496ff..dd08187 100644
 --- a/lib/isccfg/namedconf.c
 +++ b/lib/isccfg/namedconf.c
 @@ -1106,7 +1106,7 @@ options_clauses[] = {