Hi. Long chains of XFR servers can lead to a situation where a zone's expiry is extended well beyond what's in the SOA record. We have recently had this situation with some of our zones, where the secondary kept serving a zone with expired RRSIGs.

Would you consider implementing RFC 7314 in Knot DNS, both when providing XFR as well as requesting XFR, and honouring the expiry from the EDNS EXPIRE option instead of the SOA record?

I copy+pasted from the same request to the Knot DNS folk... oops, haha.

s/Knot DNS/NSD/ :)

It turns out that Knot DNS has implemented this since version 3.2. It has been in BIND for even longer. I would love to see this in NSD, so that we can make use of it uniformly. Other than in XFR, it also helps when you issue a SOA query, because you can quickly know how far a zone is from expiry, and could use it as a monitoring aid.