diff --git a/build.xml b/build.xml
index 0fece34..2214521 100644
--- a/build.xml
+++ b/build.xml
@@ -113,6 +113,7 @@
     <include name="${sectools-distname}/bin/jdnssec-signzone" />
     <include name="${sectools-distname}/bin/jdnssec-keygen" />
     <include name="${sectools-distname}/bin/jdnssec-verifyzone" />
+    <include name="${sectools-distname}/bin/jdnssec-zoneformat" />
   </patternset>
 
   <patternset id="src.files">
diff --git a/lib/dnsjava-2.0.0.jar b/lib/dnsjava-2.0.0.jar
index 794929b..6e4c233 100644
Binary files a/lib/dnsjava-2.0.0.jar and b/lib/dnsjava-2.0.0.jar differ
diff --git a/src/com/verisignlabs/dnssec/security/SignUtils.java b/src/com/verisignlabs/dnssec/security/SignUtils.java
index c8d52f2..256083c 100644
--- a/src/com/verisignlabs/dnssec/security/SignUtils.java
+++ b/src/com/verisignlabs/dnssec/security/SignUtils.java
@@ -49,7 +49,6 @@ public class SignUtils
   public static final int    RR_DELEGATION   = 1;
   public static final int    RR_GLUE         = 2;
   public static final int    RR_INVALID      = 3;
-  private static final int[] ENT_NSEC3_TYPES = {Type.RRSIG, Type.NSEC3};
 
   private static Logger      log;
 
@@ -531,7 +530,8 @@ public class SignUtils
       this.typemap.add(new Integer(type));
 
       // Opt-In support.
-      if (type != Type.NS && type != Type.NSEC && type != Type.RRSIG)
+      if (type != Type.NS && type != Type.NSEC && type != Type.RRSIG
+          && type != Type.NSEC3)
       {
         isSecureNode = true;
       }
@@ -827,7 +827,6 @@ public class SignUtils
 
     // Add our default types.
     node.addType(Type.RRSIG);
-    node.addType(Type.NSEC3);
 
     // Check for ENTs -- note this will generate duplicate ENTs because it
     // doesn't use any context.
@@ -865,10 +864,6 @@ public class SignUtils
         iterations,
         salt);
 
-    if (types == null)
-    {
-      types = ENT_NSEC3_TYPES;
-    }
     ProtoNSEC3 r = new ProtoNSEC3(hash, name, zonename, DClass.IN, ttl,
         optIn, NSEC3Record.SHA1_DIGEST_ID, iterations, salt, null, types);
 
diff --git a/src/com/verisignlabs/dnssec/security/TypeMap.java b/src/com/verisignlabs/dnssec/security/TypeMap.java
index 9989563..56c534c 100644
--- a/src/com/verisignlabs/dnssec/security/TypeMap.java
+++ b/src/com/verisignlabs/dnssec/security/TypeMap.java
@@ -49,6 +49,7 @@ public class TypeMap
   public static TypeMap fromTypes(int[] types)
   {
     TypeMap m = new TypeMap();
+    if (types == null) return m;
     for (int i = 0; i < types.length; i++)
     {
       m.set(types[i]);