Y2038 bug when checking DNSSEC signature expiration

[bortzmeyer]

Apparently, in lib/Zonemaster/Engine/Test/DNSSEC.pm, Zonemaster checks the possible expiration of DNSSEC signatures by just a regular "lower than" operator. If this is indeed the case, it is a Y2038 bug. RFC 4034, section 3.1.5, says "all comparisons involving these fields [inception and expiration] MUST use "Serial number arithmetic", as defined in RFC1982". It seems there is fifteen years to address that.