From 14eda99127ccc3440edd96dd422287a9a24c7265 Mon Sep 17 00:00:00 2001
From: Hugo Landau <hlandau@devever.net>
Date: Mon, 20 Oct 2014 17:16:17 +0100
Subject: [PATCH] Move RRSIG inception time slightly into the past to account
 for clock skew.

---
 util.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.go b/util.go
index a9fa726..9c2d046 100644
--- a/util.go
+++ b/util.go
@@ -133,7 +133,7 @@ func (tx *Tx) signRRs(rra []dns.RR, useKSK bool) (dns.RR, error) {
     Hdr: dns.RR_Header { Ttl: maxttl, },
     Algorithm: dns.RSASHA256,
     Expiration: uint32(now.Add(exp).Unix()),
-    Inception: uint32(now.Unix()),
+    Inception: uint32(now.Add(time.Duration(-10)*time.Minute).Unix()),
     SignerName: absname(tx.soa.Hdr.Name),
   }
   pk := tx.s.zskPrivate