Derive maximum zone TTL from zone contents
The dnssec-policy system should look into the Zone as the default method of finding the "maximum zone TTL".
max-zone-ttl defaults to 24 h. This silently breaks RRs with larger TTLs if rollover is happening. This is rare, but still a bug.
TTL caps for caches
- BIND v9_19_0 default for 7 days
- Knot Resolver 5.5.0: 6 days
Knot DNS 3.1 (authoritative) computes the value from zone data already.