validator: add TTL checks
Probably to be within kr_rrset_validate_with_key()
or inside a sub-call.
-
check TTL going over RRSIG expiration; -
check TTL going over the signed TTL.
Possible actions:
- clamp the TTL
- refuse such signature -> BOGUS
Probably to be within kr_rrset_validate_with_key()
or inside a sub-call.
Possible actions: