From 4259dd4946661ab406a97fcd7bf7fe86170c273a Mon Sep 17 00:00:00 2001
From: Shaft Inc <141560544+ShaftInc@users.noreply.github.com>
Date: Sun, 6 Aug 2023 19:33:32 +0200
Subject: [PATCH] DNSSEC rrsig_expiration calculation (#977)

The 'rrsig_expiration' calculation did not take into account inception date when using 'lifetime' in the '_sign()' function
---
 dns/dnssec.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/dns/dnssec.py b/dns/dnssec.py
index d63fc5a9..2949f619 100644
--- a/dns/dnssec.py
+++ b/dns/dnssec.py
@@ -549,7 +549,7 @@ def _sign(
     if expiration is not None:
         rrsig_expiration = to_timestamp(expiration)
     elif lifetime is not None:
-        rrsig_expiration = int(time.time()) + lifetime
+        rrsig_expiration = rrsig_inception + lifetime
     else:
         raise ValueError("expiration or lifetime must be specified")
 
-- 
2.47.3