diff --git a/.editorconfig b/.editorconfig
index 593ae64e..fbe828c3 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -13,7 +13,7 @@ trim_trailing_whitespace = true
 insert_final_newline = true
 
 [Makefile]
-indent_style = tabs
+indent_style = tab
 indent_size = 4
 
 [Vagrantfile]
@@ -23,7 +23,7 @@ indent_size = 2
 indent_size = 2
 
 [*.py]
-indent_style = tabs
+indent_style = tab
 
 [*.js]
 indent_size = 2
diff --git a/CHANGELOG.md b/CHANGELOG.md
index a1bdab03..3e59bda9 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,25 @@ Under Development
 Software updates:
 
 * Upgraded Nextcloud from 15.0.8 to 16.0.5 (with Contacts from 3.1.1 to 3.1.4 and Calendar from 1.6.5 to 1.7.1)
+* Upgraded Z-Push to 2.5.1.
+
+Control panel:
+
+* The Custom DNS list of records is now sorted.
+* The emails that report TLS provisioning results now has a less scary subject line.
+
+Mail:
+
+* Fetching of updated whitelist for greylisting was fetching each day instead of every month.
+
+DNS:
+
+* Automatic autoconfig.* subdomains can now be suppressed with custom DNS records.
+* DNS zone transfer now works with IPv6 addresses.
+
+Setup:
+
+* An Ubuntu package source was missing on systems where it defaults off.
 
 v0.43 (September 1, 2019)
 -------------------------
diff --git a/management/daily_tasks.sh b/management/daily_tasks.sh
index 3054dd33..2f723352 100755
--- a/management/daily_tasks.sh
+++ b/management/daily_tasks.sh
@@ -19,7 +19,7 @@ fi
 management/backup.py | management/email_administrator.py "Backup Status"
 
 # Provision any new certificates for new domains or domains with expiring certificates.
-management/ssl_certificates.py -q | management/email_administrator.py "Error Provisioning TLS Certificate"
+management/ssl_certificates.py -q | management/email_administrator.py "TLS Certificate Provisioning Result"
 
 # Run status checks and email the administrator if anything changed.
 management/status_checks.py --show-changes | management/email_administrator.py "Status Checks Change Notice"
diff --git a/management/dns_update.py b/management/dns_update.py
index dba6dbc1..257deffa 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -523,9 +523,11 @@ zone:
 """ % (domain, zonefile)
 
 		# If custom secondary nameservers have been set, allow zone transfers
-		# and notifies to them.
+		# and, if not a subnet, notifies to them.
 		for ipaddr in get_secondary_dns(additional_records, mode="xfr"):
-			nsdconf += "\n\tnotify: %s NOKEY\n\tprovide-xfr: %s NOKEY\n" % (ipaddr, ipaddr)
+			if "/" not in ipaddr:
+				nsdconf += "\n\tnotify: %s NOKEY" % (ipaddr)
+			nsdconf += "\n\tprovide-xfr: %s NOKEY\n" % (ipaddr)
 
 	# Check if the file is changing. If it isn't changing,
 	# return False to flag that no change was made.
@@ -876,7 +878,10 @@ def get_secondary_dns(custom_dns, mode=None):
 			if not hostname.startswith("xfr:"):
 				if mode == "xfr":
 					response = dns.resolver.query(hostname+'.', "A")
-					hostname = str(response[0])
+					values.extend(map(str, response))
+					response = dns.resolver.query(hostname+'.', "AAAA")
+					values.extend(map(str, response))
+					continue
 				values.append(hostname)
 
 			# This is a zone-xfer-only IP address. Do not return if
diff --git a/management/templates/custom-dns.html b/management/templates/custom-dns.html
index 56facdc9..a2d5042d 100644
--- a/management/templates/custom-dns.html
+++ b/management/templates/custom-dns.html
@@ -192,6 +192,22 @@ function show_current_custom_dns() {
         $('#custom-dns-current').fadeIn();
       else
         $('#custom-dns-current').fadeOut();
+        
+      var reverse_fqdn = function(el) {
+        el.qname = el.qname.split('.').reverse().join('.');
+        return el;
+      }
+      var sort = function(a, b) {
+        if(a.qname === b.qname) {
+          if(a.rtype === b.rtype) {
+            return a.value > b.value ? 1 : -1;
+          }
+          return a.rtype > b.rtype ? 1 : -1;
+        }
+        return a.qname > b.qname ? 1 : -1;
+      }
+
+      data = data.map(reverse_fqdn).sort(sort).map(reverse_fqdn);
 
       $('#custom-dns-current').find("tbody").text('');
       for (var i = 0; i < data.length; i++) {
diff --git a/setup/nextcloud.sh b/setup/nextcloud.sh
index 99efebf8..b38e1f65 100755
--- a/setup/nextcloud.sh
+++ b/setup/nextcloud.sh
@@ -50,7 +50,7 @@ InstallNextcloud() {
 
 	# Starting with Nextcloud 15, the app user_external is no longer included in Nextcloud core,
 	# we will install from their github repository.
-	if [[ $version =~ ^15 ]]; then
+	if [[ $version =~ ^1[567] ]]; then
 		wget_verify https://github.com/nextcloud/user_external/releases/download/v0.7.0/user_external-0.7.0.tar.gz 555a94811daaf5bdd336c5e48a78aa8567b86437 /tmp/user_external.tgz
 		tar -xf /tmp/user_external.tgz -C /usr/local/lib/owncloud/apps/
 		rm /tmp/user_external.tgz
diff --git a/setup/system.sh b/setup/system.sh
index ccc60231..df5f2856 100755
--- a/setup/system.sh
+++ b/setup/system.sh
@@ -86,6 +86,10 @@ if [ ! -f /usr/bin/add-apt-repository ]; then
 	apt_install software-properties-common
 fi
 
+# Ensure the universe repository is enabled since some of our packages
+# come from there and minimal Ubuntu installs may have it turned off.
+hide_output add-apt-repository -y universe
+
 # Install the certbot PPA.
 hide_output add-apt-repository -y ppa:certbot/certbot
 
diff --git a/setup/zpush.sh b/setup/zpush.sh
index 0cbd30ad..a1253d2d 100755
--- a/setup/zpush.sh
+++ b/setup/zpush.sh
@@ -22,8 +22,8 @@ apt_install \
 phpenmod -v php imap
 
 # Copy Z-Push into place.
-VERSION=2.5.0
-TARGETHASH=30ce5c1af3f10939036361b6032d1187651b621e
+VERSION=2.5.1
+TARGETHASH=4fa55863a429b0033497ae477aca4c8699b8f332
 needs_update=0 #NODOC
 if [ ! -f /usr/local/lib/z-push/version ]; then
 	needs_update=1 #NODOC