diff --git a/cacert.com b/cacert.com
index a06e82e..3fe3b43 100644
--- a/cacert.com
+++ b/cacert.com
@@ -1,13 +1,13 @@
 ; DNS master zone file for cacert.com, under RCS control
-; @(#)(CAcert) $Id: cacert.com,v 1.14 2011/07/14 15:30:42 root Exp $
+; @(#)(CAcert) $Id: cacert.com,v 1.15 2012/04/17 07:07:02 root Exp $
 
 $TTL	12h	;	default TTL for zone data
 
 @	IN	SOA	ns1.cacert.com. hostmaster.cacert.com. (
-					2011071401	; Serial
+					2012041701	; Serial
 					4h		; refresh time
 					1h		; retry interval
-					1w		; expire time
+					2d		; expire time
 					12h )		; negative caching TTL
 
 @		IN	NS	ns1.cacert.com.
diff --git a/cacert.com.log b/cacert.com.log
index 6f18700..e04cf36 100644
--- a/cacert.com.log
+++ b/cacert.com.log
@@ -1,16 +1,22 @@
 
 RCS file: /var/opendnssec/unsigned/RCS/cacert.com,v
 Working file: /var/opendnssec/unsigned/cacert.com
-head: 1.14
+head: 1.15
 branch:
 locks: strict
 access list:
 symbolic names:
 keyword substitution: kv
-total revisions: 14;	selected revisions: 14
+total revisions: 15;	selected revisions: 15
 description:
 cacert.com - zone file for cacert.com
 ----------------------------
+revision 1.15
+date: 2012/04/17 07:07:02;  author: root;  state: Exp;  lines: +3 -3
+Reduce SOA expiration timer from 1 week to 2 days, in order to comply with
+a recommendation made in RFC 4641bis: the SOA expiration timer should be
+between 1/4th and 1/3ed of the size of the signature validity period (1 week).
+----------------------------
 revision 1.14
 date: 2011/07/14 15:30:42;  author: root;  state: Exp;  lines: +3 -2
 Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011).
diff --git a/cacert.net b/cacert.net
index 4a3343a..cad5df3 100644
--- a/cacert.net
+++ b/cacert.net
@@ -1,13 +1,13 @@
 ; DNS master zone file for cacert.net, under RCS control
-; @(#)(CAcert) $Id: cacert.net,v 1.15 2011/07/14 15:30:42 root Exp $
+; @(#)(CAcert) $Id: cacert.net,v 1.16 2012/04/17 07:07:02 root Exp $
 
 $TTL	12h	;	default TTL for zone data
 
 @	IN	SOA	ns1.cacert.net. hostmaster.cacert.net. (
-					2011071401	; Serial
+					2012041701	; Serial
 					4h		; refresh time
 					1h		; retry interval
-					1w		; expire time
+					2d		; expire time
 					12h )		; negative caching TTL
 
 @		IN	NS	ns1.cacert.net.
diff --git a/cacert.net.log b/cacert.net.log
index 8ccc15d..a20cba3 100644
--- a/cacert.net.log
+++ b/cacert.net.log
@@ -1,16 +1,22 @@
 
 RCS file: /var/opendnssec/unsigned/RCS/cacert.net,v
 Working file: /var/opendnssec/unsigned/cacert.net
-head: 1.15
+head: 1.16
 branch:
 locks: strict
 access list:
 symbolic names:
 keyword substitution: kv
-total revisions: 15;	selected revisions: 15
+total revisions: 16;	selected revisions: 16
 description:
 cacert.net - DNS master zone file for cacert.net, under RCS control
 ----------------------------
+revision 1.16
+date: 2012/04/17 07:07:02;  author: root;  state: Exp;  lines: +3 -3
+Reduce SOA expiration timer from 1 week to 2 days, in order to comply with
+a recommendation made in RFC 4641bis: the SOA expiration timer should be
+between 1/4th and 1/3ed of the size of the signature validity period (1 week).
+----------------------------
 revision 1.15
 date: 2011/07/14 15:30:42;  author: root;  state: Exp;  lines: +3 -2
 Add IPv6 address for ns3 (per e-mail from Mark Overmeer on July 7, 2011).
diff --git a/cacert.org b/cacert.org
index 5c52601..f58e84c 100644
--- a/cacert.org
+++ b/cacert.org
@@ -1,13 +1,13 @@
 ; DNS master zone file for cacert.org, under RCS control
-; @(#)(CAcert) $Id: cacert.org,v 1.51 2012/04/04 15:45:59 root Exp $
+; @(#)(CAcert) $Id: cacert.org,v 1.52 2012/04/17 07:07:02 root Exp $
 
 $TTL	12h	;	default TTL for zone data
 
 @	IN	SOA	ns1.cacert.org. hostmaster.cacert.org. (
-					2012040401	; Serial
+					2012041701	; Serial
 					4h		; refresh time
 					1h		; retry interval
-					1w		; expire time
+					2d		; expire time
 					12h )		; negative caching TTL
 
 @		IN	NS	ns1.cacert.org.
diff --git a/cacert.org.log b/cacert.org.log
index ccad354..5f6f433 100644
--- a/cacert.org.log
+++ b/cacert.org.log
@@ -1,16 +1,22 @@
 
 RCS file: /var/opendnssec/unsigned/RCS/cacert.org,v
 Working file: /var/opendnssec/unsigned/cacert.org
-head: 1.51
+head: 1.52
 branch:
 locks: strict
 access list:
 symbolic names:
 keyword substitution: kv
-total revisions: 51;	selected revisions: 51
+total revisions: 52;	selected revisions: 52
 description:
 cacert.org - zone file for cacert.org
 ----------------------------
+revision 1.52
+date: 2012/04/17 07:07:02;  author: root;  state: Exp;  lines: +3 -3
+Reduce SOA expiration timer from 1 week to 2 days, in order to comply with
+a recommendation made in RFC 4641bis: the SOA expiration timer should be
+between 1/4th and 1/3ed of the size of the signature validity period (1 week).
+----------------------------
 revision 1.51
 date: 2012/04/04 15:45:59;  author: root;  state: Exp;  lines: +2 -4
 Drop CNAME records for stamp and timestamp, since this service hasn't been