diff --git a/nselib/mssql.lua b/nselib/mssql.lua
index 26b082e9c..1bcce0167 100644
--- a/nselib/mssql.lua
+++ b/nselib/mssql.lua
@@ -94,8 +94,10 @@
 --
 --
 -- 
--- @args mssql.timeout Specifies the amount of seconds to wait for SQL
---       responses (default 30)
+-- @args mssql.timeout How long to wait for SQL responses. This is a number
+-- followed by <code>ms</code> for milliseconds, <code>s</code> for seconds,
+-- <code>m</code> for minutes, or <code>h</code> for hours. Default:
+-- <code>30s</code>.
 
 --
 -- Version 0.2
@@ -108,8 +110,18 @@ module(... or "mssql", package.seeall)
 
 require("bit")
 require("bin")
+require("stdnse")
 
-MSSQL_TIMEOUT = ( nmap.registry.args and nmap.registry.args['mssql.timeout'] and tonumber(nmap.registry.args['mssql.timeout']) ) and tonumber(nmap.registry.args['mssql.timeout']) or 30
+do
+  local arg = nmap.registry.args and nmap.registry.args["mssql.timeout"] or "30s"
+  local timeout, err
+
+  timeout, err = stdnse.parse_timespec(arg)
+  if not timeout then
+    error(err)
+  end
+  MSSQL_TIMEOUT = timeout
+end
 
 -- TDS packet types
 PacketType =
@@ -1027,4 +1039,4 @@ Util =
 	end,
 	
 	
-}
\ No newline at end of file
+}
diff --git a/scripts/dns-fuzz.nse b/scripts/dns-fuzz.nse
index 9d7e546ac..aa91f77f8 100644
--- a/scripts/dns-fuzz.nse
+++ b/scripts/dns-fuzz.nse
@@ -1,10 +1,10 @@
 description = [[
 This script launches a DNS fuzzing attack against any DNS server. 
-\n
+
 Originally designed to test bind10, this script induces several errors
 into otherwise valid - randomly generated - DNS packets. The packet
 template that we use includes one standard name and one compressed name.
-\n
+
 This script should be run for a long time(TM). It will send a very
 large quantity of packets and thus it's pretty invasive, so it
 should only be used against private DNS servers as part of a
@@ -13,8 +13,11 @@ software development lifecycle.
 
 ---
 -- @usage 
--- nmap --script dns-fuzz [--script-args timelimit=t] target
--- @args timelimit The number of seconds to run the fuzz attack for, -1 for an unlimited amount of time. Defaults to 10 minutes if no argument is specified
+-- nmap --script dns-fuzz [--script-args timelimit=2h] target
+-- @args timelimit How long to run the fuzz attack. This is a number followed
+-- by a suffix: <code>s</code> for seconds, <code>m</code> for minutes, and
+-- <code>h</code> for hours. Use <code>0</code> for an unlimited amount of time.
+-- Default: <code>10m</code>.
 -- @output
 -- Host script results:
 -- |_dns-fuzz: Server stopped responding... He's dead, Jim.
@@ -274,21 +277,26 @@ end
 
 action = function(host, port)
      math.randomseed(os.time())
-     local endT = 0
+     local endT
+     local timelimit, err
      local retStr
      local query
      
      for _, k in ipairs({"dns-fuzz.timelimit", "timelimit"}) do
           if nmap.registry.args[k] then
-               endT = tonumber(nmap.registry.args[k])
+               timelimit, err = stdnse.parse_timespec(nmap.registry.args[k])
+               if not timelimit then
+                    error(err)
+               end
+               break
           end
      end
-     if endT>0 then
+     if timelimit and timelimit > 0 then
           -- seconds to milliseconds plus the current time
-          endT=endT*1000 + nmap.clock_ms()
-     elseif endT==0 then
+          endT = timelimit*1000 + nmap.clock_ms()
+     elseif not timelimit then
           -- 10 minutes
-          endT=10*60*1000 + nmap.clock_ms()
+          endT = 10*60*1000 + nmap.clock_ms()
      end
      
      
@@ -304,7 +312,7 @@ action = function(host, port)
 
      -- If the user specified that we should run for n seconds, then don't run for too much longer
      -- If 0 seconds, then run forever
-     while (endT==-1 or nmap.clock_ms()<endT) do
+     while not endT or nmap.clock_ms()<endT do
           -- Forge an initial packet
           -- We start off with an only slightly corrupted packet, then add more and more corruption
           -- if we corrupt the packet too much then the server will just drop it, so we only recorrupt several times
diff --git a/scripts/qscan.nse b/scripts/qscan.nse
index c3bf6e9b1..7bbb861a8 100644
--- a/scripts/qscan.nse
+++ b/scripts/qscan.nse
@@ -21,10 +21,10 @@ description = [[
 
 ---
 -- @usage
--- nmap --script qscan --script-args qscan.confidence=<c>,qscan.delay=<d>,qscan.numtrips=<n> target
+-- nmap --script qscan --script-args qscan.confidence=0.95,qscan.delay=200ms,qscan.numtrips=10 target
 --
 -- @args confidence Confidence level: 0.75, 0.9, 0.95, 0.975, 0.99, 0.995, 0.9995
--- @args delay Average delay between packet sends (milliseconds): between 0.5d and 1.5d
+-- @args delay Average delay between packet sends. This is a number followed by <code>ms</code> for milliseconds or <code>s</code> for seconds. (<code>m</code> and <code>h</code> are also supported but are too long for timeouts.) The actual delay will randomly vary between 50% and 150% of the time specified. Default: 200ms.
 -- @args numtrips Number of round-trip times to try to get
 --
 -- @output
@@ -51,7 +51,7 @@ require 'packet'
 require 'tab'
 
 -- defaults
-local DELAY = 200
+local DELAY = 0.200
 local NUMTRIPS = 10
 local CONF = 0.95
 
@@ -267,7 +267,7 @@ local getopts = function()
 
 	for _, k in ipairs({"qscan.delay", "delay"}) do
 		if nmap.registry.args[k] then
-			delay = tonumber(nmap.registry.args[k])
+			delay = stdnse.parse_timespec(nmap.registry.args[k])
 			break
 		end
 	end
@@ -288,9 +288,9 @@ local getopts = function()
 		err = "Invalid confidence level"
 	end
 
-	if delay < 0 then
+	if not delay then
 		bool = false
-		err = "Invalid (negative) delay"
+		err = "Invalid delay"
 	end
 
 	if numtrips < 3 then
@@ -434,7 +434,7 @@ action = function(host)
 					k = math.random((3 * delay) / 2 - rtt)
 				end
 
-				stdnse.sleep(k / 1000)
+				stdnse.sleep(k)
 			end
 		end