diff --git a/orchestra/apps/domains/models.py b/orchestra/apps/domains/models.py
index 71b1c540..6e0e3f8c 100644
--- a/orchestra/apps/domains/models.py
+++ b/orchestra/apps/domains/models.py
@@ -54,7 +54,7 @@ class Domain(models.Model):
     
     def get_subdomains(self):
         """ proxy method, needed for input validation, see helpers.domain_for_validation """
-        return self.origin.subdomain_set.all()
+        return self.origin.subdomain_set.all().prefetch_related('records')
     
     def get_top(self):
         return type(self).get_top_domain(self.name)
@@ -62,7 +62,7 @@ class Domain(models.Model):
     def render_zone(self):
         origin = self.origin
         zone = origin.render_records()
-        for subdomain in origin.get_subdomains().prefetch_related('records'):
+        for subdomain in origin.get_subdomains():
             zone += subdomain.render_records()
         return zone
     
diff --git a/orchestra/apps/resources/forms.py b/orchestra/apps/resources/forms.py
index 74e7a916..080aff95 100644
--- a/orchestra/apps/resources/forms.py
+++ b/orchestra/apps/resources/forms.py
@@ -17,7 +17,7 @@ class ResourceForm(forms.ModelForm):
         self.resource = kwargs.pop('resource', None)
         super(ResourceForm, self).__init__(*args, **kwargs)
         if self.resource:
-            self.fields['verbose_name'].initial = self.resource.verbose_name
+            self.fields['verbose_name'].initial = self.resource.get_verbose_name()
             self.fields['unit'].initial = self.resource.unit
             if self.resource.on_demand:
                 self.fields['allocated'].required = False
diff --git a/orchestra/apps/resources/models.py b/orchestra/apps/resources/models.py
index 639675a4..e6458b46 100644
--- a/orchestra/apps/resources/models.py
+++ b/orchestra/apps/resources/models.py
@@ -121,6 +121,9 @@ class Resource(models.Model):
     
     def get_scale(self):
         return eval(self.scale)
+    
+    def get_verbose_name(self):
+        return self.verbose_name or self.name
 
 
 class ResourceData(models.Model):
diff --git a/orchestra/apps/services/admin.py b/orchestra/apps/services/admin.py
index f9be671c..15d878bc 100644
--- a/orchestra/apps/services/admin.py
+++ b/orchestra/apps/services/admin.py
@@ -22,7 +22,9 @@ class PlanAdmin(ExtendedModelAdmin):
     list_display = ('name', 'is_default', 'is_combinable', 'allow_multiple')
     list_filter = ('is_default', 'is_combinable', 'allow_multiple')
     fields = ('verbose_name', 'name', 'is_default', 'is_combinable', 'allow_multiple')
-    prepopulated_fields = {'name': ('verbose_name',)}
+    prepopulated_fields = {
+        'name': ('verbose_name',)
+    }
     change_readonly_fields = ('name',)
     inlines = [RateInline]
 
diff --git a/orchestra/apps/websites/admin.py b/orchestra/apps/websites/admin.py
index 93fd52df..d15dde2e 100644
--- a/orchestra/apps/websites/admin.py
+++ b/orchestra/apps/websites/admin.py
@@ -84,6 +84,7 @@ class WebsiteAdmin(SelectAccountAdminMixin, ExtendedModelAdmin):
         return '<br>'.join(domains)
     display_domains.short_description = _("domains")
     display_domains.allow_tags = True
+    display_domains.admin_order_field = 'domains'
     
     def display_webapps(self, website):
         webapps = []
diff --git a/orchestra/apps/websites/settings.py b/orchestra/apps/websites/settings.py
index fc7d0e7f..53a7d19e 100644
--- a/orchestra/apps/websites/settings.py
+++ b/orchestra/apps/websites/settings.py
@@ -26,11 +26,11 @@ WEBSITES_OPTIONS = getattr(settings, 'WEBSITES_OPTIONS', {
     ),
     'redirect': (
         _("HTTPD - Redirection"),
-        _("[permanent] &lt;website path&gt; &lt;destination URL&gt;"),
+        _("<tt>[permanent] &lt;website path&gt; &lt;destination URL&gt;</tt>"),
         r'^(permanent\s[^ ]+|[^ ]+)\s[^ ]+$',
     ),
     'ssl_ca': (
-        _("HTTPD - SSL CA"),
+        "HTTPD - SSL CA",
         _("Filesystem path of the CA certificate file."),
         r'^[^ ]+$'
     ),
@@ -45,21 +45,31 @@ WEBSITES_OPTIONS = getattr(settings, 'WEBSITES_OPTIONS', {
         r'^[^ ]+$',
     ),
     'sec_rule_remove': (
-        _("HTTPD - SecRuleRemoveById"),
+        "HTTPD - SecRuleRemoveById",
         _("Space separated ModSecurity rule IDs."),
         r'^[0-9\s]+$',
     ),
     'sec_engine': (
-        _("HTTPD - Modsecurity engine"),
-        _("On or Off, defaults to On"),
+        "HTTPD - Modsecurity engine",
+        _("<tt>On</tt> or <tt>Off</tt>, defaults to On"),
         r'^(On|Off)$',
     ),
     'user_group': (
-        _("HTTPD - SuexecUserGroup"),
-        _("Username and optional groupname (user [group])"),
+        "HTTPD - SuexecUserGroup",
+        _("<tt>user [group]</tt>, username and optional groupname."),
         # TODO validate existing user/group
         r'^[\w/_]+(\s[\w/_]+)*$',
     ),
+    # TODO backend support
+    'error_document': (
+        "HTTPD - ErrorDocumentRoot",
+        _("&lt;error code&gt; &lt;URL/path/message&gt;<br>"
+          "<tt>&nbsp;500 http://foo.example.com/cgi-bin/tester</tt><br>"
+          "<tt>&nbsp;404 /cgi-bin/bad_urls.pl</tt><br>"
+          "<tt>&nbsp;401 /subscription_info.html</tt><br>"
+          "<tt>&nbsp;403 \"Sorry can't allow you access today\"</tt>"),
+        r'[45]0[0-9]\s.*',
+    )
 })