The dnssec-policy system should look into the Zone as the default method of finding the "maximum zone TTL".
