diff --git a/VERSION b/VERSION
index 47a478a..325db2c 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-version=1.0.1
+version=1.0.2
diff --git a/build.xml b/build.xml
index c011f48..a486904 100644
--- a/build.xml
+++ b/build.xml
@@ -43,7 +43,7 @@
     <jar destfile="${build.lib.dest}/dnssecvaltool.jar">
       <zipfileset dir="${build.dest}" includes="**/*.class" />
 
-      <zipfileset src="${lib.dir}/dnsjava-2.0.8-vrsn-2.jar" />
+      <zipfileset src="${lib.dir}/dnsjava-2.1.3-vrsn-3.jar" />
       <zipfileset src="${lib.dir}/log4j-1.2.15.jar" />
       <manifest>
         <attribute name="Main-Class"
diff --git a/lib/dnsjava-2.0.8-vrsn-2.jar b/lib/dnsjava-2.0.8-vrsn-2.jar
deleted file mode 100644
index 276b156..0000000
Binary files a/lib/dnsjava-2.0.8-vrsn-2.jar and /dev/null differ
diff --git a/lib/dnsjava-2.1.3-vrsn-3.jar b/lib/dnsjava-2.1.3-vrsn-3.jar
new file mode 100644
index 0000000..a0e7147
Binary files /dev/null and b/lib/dnsjava-2.1.3-vrsn-3.jar differ
diff --git a/src/com/verisign/tat/dnssec/DnsSecVerifier.java b/src/com/verisign/tat/dnssec/DnsSecVerifier.java
index cff769f..6e4a58e 100644
--- a/src/com/verisign/tat/dnssec/DnsSecVerifier.java
+++ b/src/com/verisign/tat/dnssec/DnsSecVerifier.java
@@ -62,33 +62,33 @@ public class DnsSecVerifier {
         mPrivateAlgorithmMap = new HashMap<Name, AlgEntry>();
 
         // set the default algorithm map.
-        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSAMD5), new AlgEntry(
-                "MD5withRSA", DNSSEC.RSAMD5, false));
-        mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA), new AlgEntry("SHA1withDSA",
-                DNSSEC.DSA, true));
-        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA1), new AlgEntry(
-                "SHA1withRSA", DNSSEC.RSASHA1, false));
-        mAlgorithmMap.put(Integer.valueOf(DNSSEC.DSA_NSEC3_SHA1), new AlgEntry(
-                "SHA1withDSA", DNSSEC.DSA, true));
-        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSA_NSEC3_SHA1), new AlgEntry(
-                "SHA1withRSA", DNSSEC.RSASHA1, false));
-        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA256), new AlgEntry(
-                "SHA256withRSA", DNSSEC.RSASHA256, false));
-        mAlgorithmMap.put(Integer.valueOf(DNSSEC.RSASHA512), new AlgEntry(
-                "SHA512withRSA", DNSSEC.RSASHA512, false));
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.Algorithm.RSAMD5), new AlgEntry(
+                "MD5withRSA", DNSSEC.Algorithm.RSAMD5, false));
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.Algorithm.DSA), new AlgEntry("SHA1withDSA",
+                DNSSEC.Algorithm.DSA, true));
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.Algorithm.RSASHA1), new AlgEntry(
+                "SHA1withRSA", DNSSEC.Algorithm.RSASHA1, false));
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.Algorithm.DSA_NSEC3_SHA1), new AlgEntry(
+                "SHA1withDSA", DNSSEC.Algorithm.DSA, true));
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.Algorithm.RSA_NSEC3_SHA1), new AlgEntry(
+                "SHA1withRSA", DNSSEC.Algorithm.RSASHA1, false));
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.Algorithm.RSASHA256), new AlgEntry(
+                "SHA256withRSA", DNSSEC.Algorithm.RSASHA256, false));
+        mAlgorithmMap.put(Integer.valueOf(DNSSEC.Algorithm.RSASHA512), new AlgEntry(
+                "SHA512withRSA", DNSSEC.Algorithm.RSASHA512, false));
     }
 
     private boolean isDSA(int algorithm) {
         // shortcut the standard algorithms
-        if (algorithm == DNSSEC.DSA) {
+        if (algorithm == DNSSEC.Algorithm.DSA) {
             return true;
         }
 
-        if (algorithm == DNSSEC.RSASHA1) {
+        if (algorithm == DNSSEC.Algorithm.RSASHA1) {
             return false;
         }
 
-        if (algorithm == DNSSEC.RSAMD5) {
+        if (algorithm == DNSSEC.Algorithm.RSAMD5) {
             return false;
         }
 
@@ -202,12 +202,12 @@ public class DnsSecVerifier {
      *            The rrset that the signature belongs to.
      * @param sigrec
      *            The signature record to check.
-     * @return A value of DNSSEC.Secure if it looks OK, DNSSEC.Faile if it looks
+     * @return A value of SecurityStatus.SECURE if it looks OK, SecurityStatus.BOGUS if it looks
      *         bad.
      */
     private byte checkSignature(RRset rrset, RRSIGRecord sigrec) {
         if ((rrset == null) || (sigrec == null)) {
-            return DNSSEC.Failed;
+            return SecurityStatus.BOGUS;
         }
 
         if (!rrset.getName().equals(sigrec.getName())) {
@@ -445,11 +445,11 @@ public class DnsSecVerifier {
 
     public int baseAlgorithm(int algorithm) {
         switch (algorithm) {
-        case DNSSEC.RSAMD5:
-        case DNSSEC.RSASHA1:
+        case DNSSEC.Algorithm.RSAMD5:
+        case DNSSEC.Algorithm.RSASHA1:
             return RSA;
 
-        case DNSSEC.DSA:
+        case DNSSEC.Algorithm.DSA:
             return DSA;
         }