| Subject: | asterisk not detected in label count. |
One of the differences in the output from our signers is that the
labelcount in the signature over a wildcard RRSET is one-off. It seems
that the RRSIG.pm code does not detect the asterix label and assume it is
just another label.
From rfc4035 section 2.2 (but you prolly know this)
The RRSIG Labels field is equal to the number of labels in the
RRset owner name, not counting the null root label and not
counting the leftmost label if it is a wildcard.