diff --git a/CHANGES b/CHANGES
index 1ecbf765e3..af063f122d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,12 @@
 
+2.4-471 | 2016-04-25 15:37:15 -0700
+
+  * Add DNS tests for huge TLLs and CAA. (Johanna Amann)
+
+  * Add DNS "CAA" RR type and event. (Mark Taylor)
+
+  * Fix DNS response parsing: TTLs are unsigned. (Mark Taylor)
+
 2.4-466 | 2016-04-22 16:25:33 -0700
 
   * Rename BrokerStore and BrokerComm to Broker. Also split broker main.bro
diff --git a/NEWS b/NEWS
index 2858023439..4f1a84b7b6 100644
--- a/NEWS
+++ b/NEWS
@@ -36,6 +36,9 @@ New Functionality
 - Bro now tracks VLAN IDs. To record them inside the connection log,
   load protocols/conn/vlan-logging.bro.
 
+- A new dns_CAA_reply event gives access to DNS Certification Authority
+  Authorization replies.
+
 - A new per-packet event raw_packet() provides access to layer 2
   information. Use with care, generating events per packet is
   expensive.
@@ -45,8 +48,8 @@ New Functionality
   argument that will be used for decoding errors into weird.log
   (instead of reporter.log).
 
-- A new get_current_packet_header bif returning the headers of the current
-  packet
+- A new get_current_packet_header bif returns the headers of the current
+  packet.
 
 - Two new built-in functions for handling set[subnet] and table[subnet]:
 
@@ -87,7 +90,7 @@ New Functionality
 Changed Functionality
 ---------------------
 
-- The BrokerComm and BrokerStore namespaces were renamed to Broker
+- The BrokerComm and BrokerStore namespaces were renamed to Broker.
 
 - ``SSH::skip_processing_after_detection`` was removed. The functionality was
   replaced by ``SSH::disable_analyzer_after_detection``.
diff --git a/VERSION b/VERSION
index 4d856a68a0..33a6cae723 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-2.4-466
+2.4-471
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.caa/.stdout b/testing/btest/Baseline/scripts.base.protocols.dns.caa/.stdout
new file mode 100644
index 0000000000..4ba72f24b4
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.caa/.stdout
@@ -0,0 +1 @@
+0, issue, symantec.com
diff --git a/testing/btest/Baseline/scripts.base.protocols.dns.huge-ttl/.stdout b/testing/btest/Baseline/scripts.base.protocols.dns.huge-ttl/.stdout
new file mode 100644
index 0000000000..99f7325c23
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.huge-ttl/.stdout
@@ -0,0 +1,8 @@
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=49710.0 days 6.0 hrs 28.0 mins 15.0 secs]
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins]
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins]
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins]
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins]
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins]
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins]
+[answer_type=1, query=us.v27.distributed.net, qtype=1, qclass=1, TTL=15.0 mins]
diff --git a/testing/btest/Traces/dns-caa.pcap b/testing/btest/Traces/dns-caa.pcap
new file mode 100644
index 0000000000..7409c0347b
Binary files /dev/null and b/testing/btest/Traces/dns-caa.pcap differ
diff --git a/testing/btest/Traces/dns-huge-ttl.pcap b/testing/btest/Traces/dns-huge-ttl.pcap
new file mode 100644
index 0000000000..27849b904b
Binary files /dev/null and b/testing/btest/Traces/dns-huge-ttl.pcap differ
diff --git a/testing/btest/scripts/base/protocols/dns/caa.bro b/testing/btest/scripts/base/protocols/dns/caa.bro
new file mode 100644
index 0000000000..9a0f4701de
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/caa.bro
@@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -r $TRACES/dns-caa.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event dns_CAA_reply(c: connection, msg: dns_msg, ans: dns_answer, flags: count, tag: string, value: string)
+	{
+	print flags,tag,value;
+	}
diff --git a/testing/btest/scripts/base/protocols/dns/huge-ttl.bro b/testing/btest/scripts/base/protocols/dns/huge-ttl.bro
new file mode 100644
index 0000000000..ee6a76e978
--- /dev/null
+++ b/testing/btest/scripts/base/protocols/dns/huge-ttl.bro
@@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -r $TRACES/dns-huge-ttl.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
+	{
+	print ans;
+	}