I'm running 12.1 on Docker with very tight firewall settings. Most DNS queries work but some fail, the server logs claim there are DNSSEC signature failures, but sites like dnssec-debugger.verisignlabs.co and dnsviz.net do not see any issues with DNSSEC.
Affected sites:

• tweakers.net (Dutch website about tweaking technology, not the bad tweakers meaning)
• app.socialschools.eu

Technical data:

• Running on Docker
• Hostmachine OS is Debian 12
• Technitium version 12.1
• Upstream servers: 1.1.1.1:853 1.0.0.1:853

Log:
[2024-05-28 10:29:09 UTC] DNS Server failed to resolve the request 'app.socialschools.eu. AAAA IN' using forwarders: 1.1.1.1:853, 1.0.0.1:853.
TechnitiumLibrary.Net.Dns.DnsClientResponseDnssecValidationException: DNSSEC validation failed due to invalid signature [SignatureExpired] for owner name: socialschools.eu/SOA
at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateSignatureAsync(DnsDatagram response, IReadOnlyList1 records, IReadOnlyList1 dnsKeyRecords, IReadOnlyList1 unsignedZones, DnssecValidateSignatureParameters parameters, Boolean isAuthoritySection, Boolean isAdditionalSection) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2897 at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateSignatureAsync(DnsDatagram response, IReadOnlyList1 dnsKeyRecords, IReadOnlyList1 unsignedZones) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2737 at TechnitiumLibrary.Net.Dns.DnsClient.DnssecValidateResponseAsync(DnsDatagram response, IReadOnlyList1 lastDSRecords, DnsClient dnsClient, IDnsCache cache, UInt16 udpPayloadSize, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 2566
at TechnitiumLibrary.Net.Dns.DnsClient.InternalDnssecResolveAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4692
at TechnitiumLibrary.Net.Dns.DnsClient.<>c__DisplayClass91_0.<b__0>d.MoveNext() in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4754
--- End of stack trace from previous location ---
at TechnitiumLibrary.Net.Dns.DnsClient.ResolveQueryAsync(DnsQuestionRecord question, Func2 resolveAsync) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4103 at TechnitiumLibrary.Net.Dns.DnsClient.InternalCachedResolveQueryAsync(DnsQuestionRecord question, CancellationToken cancellationToken) in Z:\Technitium\Projects\TechnitiumLibrary\TechnitiumLibrary.Net\Dns\DnsClient.cs:line 4736 at DnsServerCore.Dns.DnsServer.RecursiveResolveAsync(DnsQuestionRecord question, NetworkAddress eDnsClientSubnet, Boolean advancedForwardingClientSubnet, IReadOnlyList1 conditionalForwarders, Boolean dnssecValidation, Boolean cachePrefetchOperation, Boolean cacheRefreshOperation, Boolean skipDnsAppAuthoritativeRequestHandlers, TaskCompletionSource`1 taskCompletionSource) in Z:\Technitium\Projects\DnsServer\DnsServerCore\Dns\DnsServer.cs:line 3193

Nevermind, I thought my time was in sync as the time difference was exactly 2 hours and I thought that was a timezone error. After rechecking it and allowing the NTP ports, things work fine. My bad.

Good to know you got it working by fixing system time.