# Issue #89 - validns year 2038 bug

Codeberg issue: https://codeberg.org/DNS-OARC/validns/issues/89

Two signed-zone variants from one unsigned source, exercising RRSIG
inception/expiration timestamps around the 2038-01-19 03:14:07 UTC
boundary:

- `example.sec.signed.across-2038` - inception 2026-01-01,
  expiration 2040-01-01. The expiration crosses the boundary while
  the inception does not.
- `example.sec.signed.after-2038`  - inception 2040-01-01,
  expiration 2040-12-31. Both timestamps are fully past the boundary.

The zone is signed with RSASHA256 so signatures validate on every
platform (including RHEL9 where SHA-1 is disabled by crypto policy).

Test-times used by `src/t/test.pl`:

- `-t1778407200` (2026-05-10 UTC) - inside the across-2038 window.
- `-t2220480000` (2040-MM-DD   UTC) - inside the after-2038 window.

To regenerate:

    cd src/t/issues/89-year-2038-timestamp
    ./regenerate.sh

`dnssec-signzone` is invoked with `-P` to disable its own post-sign
verification, since the after-2038 window does not include "now".
