diff --git a/CHANGES b/CHANGES
index fdcbd21efd..76f88d351d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,9 @@
 
+2.6-311 | 2019-05-20 09:07:58 -0700
+
+  * Add missing &optional attr to KRB record fields; also add existence
+    checks to scripts (Jon Siwek, Corelight).
+
 2.6-308 | 2019-05-17 14:13:46 -0700
 
   * Always emit scripting errors to stderr during zeek_init (Jon Siwek, Corelight)
diff --git a/VERSION b/VERSION
index 522799029d..1b856a34fa 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.6-308
+2.6-311
diff --git a/doc b/doc
index 1bcdfdc408..b572056729 160000
--- a/doc
+++ b/doc
@@ -1 +1 @@
-Subproject commit 1bcdfdc408810bdb6e980925bb9baf9083ae4cd9
+Subproject commit b5720567293c652233287a17cf781f6195073159
diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek
index 50c120bb6b..a4ac715d78 100644
--- a/scripts/base/init-bare.zeek
+++ b/scripts/base/init-bare.zeek
@@ -4483,13 +4483,13 @@ export {
 	## The data from the ERROR_MSG message. See :rfc:`4120`.
 	type KRB::Error_Msg: record {
 		## Protocol version number (5 for KRB5)
-		pvno		: count;
+		pvno		: count &optional;
 		## The message type (30 for ERROR_MSG)
-		msg_type	: count;
+		msg_type	: count &optional;
 		## Current time on the client
 		client_time	: time &optional;
 		## Current time on the server
-		server_time	: time;
+		server_time	: time &optional;
 		## The specific error code
 		error_code	: count;
 		## Realm of the ticket
@@ -4497,9 +4497,9 @@ export {
 		## Name on the ticket
 		client_name	: string &optional;
 		## Realm of the service
-		service_realm	: string;
+		service_realm	: string &optional;
 		## Name of the service
-		service_name	: string;
+		service_name	: string &optional;
 		## Additional text to explain the error
 		error_text	: string &optional;
 		## Optional pre-authentication data
@@ -4533,25 +4533,25 @@ export {
 		## Optional pre-authentication data
 		pa_data			: vector of KRB::Type_Value &optional;
 		## Options specified in the request
-		kdc_options		: KRB::KDC_Options;
+		kdc_options		: KRB::KDC_Options &optional;
 		## Name on the ticket
 		client_name		: string &optional;
 
 		## Realm of the service
-		service_realm		: string;
+		service_realm		: string &optional;
 		## Name of the service
 		service_name		: string &optional;
 		## Time the ticket is good from
 		from			: time &optional;
 		## Time the ticket is good till
-		till			: time;
+		till			: time &optional;
 		## The requested renew-till time
 		rtime			: time &optional;
 
 		## A random nonce generated by the client
-		nonce			: count;
+		nonce			: count &optional;
 		## The desired encryption algorithms, in order of preference
-		encryption_types	: vector of count;
+		encryption_types	: vector of count &optional;
 		## Any additional addresses the ticket should be valid for
 		host_addrs		: vector of KRB::Host_Address &optional;
 		## Additional tickets may be included for certain transactions
diff --git a/scripts/base/protocols/krb/main.zeek b/scripts/base/protocols/krb/main.zeek
index 72103104d5..cdcdf48f58 100644
--- a/scripts/base/protocols/krb/main.zeek
+++ b/scripts/base/protocols/krb/main.zeek
@@ -118,7 +118,9 @@ event krb_error(c: connection, msg: Error_Msg) &priority=5
 		c$krb$client = fmt("%s%s", msg?$client_name ? msg$client_name + "/" : "",
 		                           msg?$client_realm ? msg$client_realm : "");
 
-	c$krb$service    = msg$service_name;
+	if ( msg?$service_name )
+		c$krb$service    = msg$service_name;
+
 	c$krb$success    = F;
 	c$krb$error_code = msg$error_code;
 
@@ -139,16 +141,23 @@ event krb_as_request(c: connection, msg: KDC_Request) &priority=5
 		return;
 
 	c$krb$request_type = "AS";
-	c$krb$client       = fmt("%s/%s", msg?$client_name ? msg$client_name : "", msg$service_realm);
+
+	c$krb$client       = fmt("%s/%s", msg?$client_name ? msg$client_name : "",
+	                                  msg?$service_realm ? msg$service_realm : "");
+
 	if ( msg?$service_name )
 		c$krb$service      = msg$service_name;
 
 	if ( msg?$from )
 		c$krb$from = msg$from;
-	c$krb$till        = msg$till;
+	if ( msg?$till )
+		c$krb$till = msg$till;
 
-	c$krb$forwardable = msg$kdc_options$forwardable;
-	c$krb$renewable   = msg$kdc_options$renewable;
+	if ( msg?$kdc_options )
+		{
+		c$krb$forwardable = msg$kdc_options$forwardable;
+		c$krb$renewable   = msg$kdc_options$renewable;
+		}
 	}
 
 event krb_as_response(c: connection, msg: KDC_Response) &priority=5
@@ -188,10 +197,14 @@ event krb_tgs_request(c: connection, msg: KDC_Request) &priority=5
 		c$krb$service = msg$service_name;
 	if ( msg?$from ) 
 		c$krb$from = msg$from;
-	c$krb$till = msg$till;
+	if ( msg?$till )
+		c$krb$till = msg$till;
 
-	c$krb$forwardable = msg$kdc_options$forwardable;
-	c$krb$renewable   = msg$kdc_options$renewable;
+	if ( msg?$kdc_options )
+		{
+		c$krb$forwardable = msg$kdc_options$forwardable;
+		c$krb$renewable   = msg$kdc_options$renewable;
+		}
 	}
 
 event krb_tgs_response(c: connection, msg: KDC_Response) &priority=5