diff --git a/VERSION b/VERSION
index 19d3efe..58b1003 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-version=0.8.3
+version=0.8.4
diff --git a/lib/dnsjava-2.0.1-vrsn-2.jar b/lib/dnsjava-2.0.1-vrsn-3.jar
similarity index 91%
rename from lib/dnsjava-2.0.1-vrsn-2.jar
rename to lib/dnsjava-2.0.1-vrsn-3.jar
index c7b6a67..3f5b926 100644
Binary files a/lib/dnsjava-2.0.1-vrsn-2.jar and b/lib/dnsjava-2.0.1-vrsn-3.jar differ
diff --git a/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java b/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
index e5c76c0..1b84c6e 100644
--- a/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
+++ b/src/com/verisignlabs/dnssec/security/ProtoNSEC3.java
@@ -36,8 +36,8 @@ import org.xbill.DNS.utils.base32;
 public class ProtoNSEC3
 {
   private Name    originalOwner;
-  private boolean optInFlag;
   private byte    hashAlg;
+  private byte    flags;
   private int     iterations;
   private byte[]  salt;
   private byte[]  next;
@@ -50,21 +50,17 @@ public class ProtoNSEC3
 
   /**
    * Creates an NSEC3 Record from the given data.
-   * 
-   * @param originalOwner TODO
-   * @param next The following name in an ordered list of the zone
-   * @param types An array containing the types present.
    */
   public ProtoNSEC3(byte[] owner, Name originalOwner, Name zone, int dclass,
-      long ttl, boolean optInFlag, byte hashAlg, int iterations, byte[] salt,
+      long ttl, byte hashAlg, byte flags, int iterations, byte[] salt,
       byte[] next, TypeMap typemap)
   {
     this.zone = zone;
     this.owner = owner;
     this.dclass = dclass;
     this.ttl = ttl;
-    this.optInFlag = optInFlag;
     this.hashAlg = hashAlg;
+    this.flags = flags;
     this.iterations = iterations;
     this.salt = salt;
     this.next = next;
@@ -73,10 +69,10 @@ public class ProtoNSEC3
   }
 
   public ProtoNSEC3(byte[] owner, Name originalOwner, Name zone, int dclass,
-      long ttl, boolean optInFlag, byte hashAlg, int iterations, byte[] salt,
+      long ttl, byte hashAlg, byte flags, int iterations, byte[] salt,
       byte[] next, int[] types)
   {
-    this(owner, originalOwner, zone, dclass, ttl, optInFlag, hashAlg,
+    this(owner, originalOwner, zone, dclass, ttl, hashAlg, flags,
         iterations, salt, next, TypeMap.fromTypes(types));
   }
 
@@ -113,14 +109,20 @@ public class ProtoNSEC3
     this.next = next;
   }
 
+  public byte getFlags() 
+  {
+    return flags;
+  }
+  
   public boolean getOptInFlag()
   {
-    return optInFlag;
+    return (flags & NSEC3Record.OPT_OUT_FLAG) != 0;
   }
 
   public void setOptInFlag(boolean optInFlag)
   {
-    this.optInFlag = optInFlag;
+    if (optInFlag) this.flags |= NSEC3Record.OPT_OUT_FLAG;
+    else this.flags &= ~NSEC3Record.OPT_OUT_FLAG;
   }
 
   public long getTTL()
@@ -183,7 +185,7 @@ public class ProtoNSEC3
     String comment = (originalOwner == null)
         ? "(unknown original ownername)"
         : originalOwner.toString();
-    return new NSEC3Record(getName(), dclass, ttl, optInFlag, hashAlg,
+    return new NSEC3Record(getName(), dclass, ttl, hashAlg, flags,
         iterations, salt, next, getTypes(), comment);
   }
 
@@ -218,7 +220,7 @@ public class ProtoNSEC3
     sb.append(' ');
     sb.append(DClass.string(dclass));
     sb.append(" NSEC3 ");
-    sb.append(optInFlag ? '1' : '0');
+    sb.append(flags);
     sb.append(' ');
     sb.append(hashAlg);
     sb.append(' ');
diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java
index efc822e..d90b58a 100644
--- a/src/com/verisignlabs/dnssec/security/SignUtils.java
+++ b/src/com/verisignlabs/dnssec/security/SignUtils.java
@@ -731,7 +731,7 @@ public class SignUtils
     records.addAll(nsec3s);
 
     NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(zonename, DClass.IN,
-        nsec3param_ttl, NSEC3Record.SHA1_DIGEST_ID, iterations, salt);
+        nsec3param_ttl, NSEC3Record.SHA1_DIGEST_ID, (byte) 0, iterations, salt);
     records.add(nsec3param);
 
   }
@@ -836,7 +836,7 @@ public class SignUtils
     records.addAll(nsec3s);
 
     NSEC3PARAMRecord nsec3param = new NSEC3PARAMRecord(zonename, DClass.IN,
-        nsec3param_ttl, NSEC3Record.SHA1_DIGEST_ID, iterations, salt);
+        nsec3param_ttl, NSEC3Record.SHA1_DIGEST_ID, (byte) 0, iterations, salt);
     records.add(nsec3param);
   }
 
@@ -886,9 +886,10 @@ public class SignUtils
         NSEC3Record.SHA1_DIGEST_ID,
         iterations,
         salt);
-
+    byte flags = (byte) (optIn ? 0x01 : 0x00);
+    
     ProtoNSEC3 r = new ProtoNSEC3(hash, name, zonename, DClass.IN, ttl,
-        optIn, NSEC3Record.SHA1_DIGEST_ID, iterations, salt, null, types);
+        flags, NSEC3Record.SHA1_DIGEST_ID, iterations, salt, null, types);
 
     log.finer("Generated: " + r);
     return r;