diff --git a/.gitignore b/.gitignore
index ed168dc..2175f92 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,4 @@
 examples/lookup/lookup
 /examples/lookup/lookup
 /examples/mxlookup/mxlookup
+mxlookup
diff --git a/coverage.txt b/coverage.txt
index 5bb9519..f5453a7 100644
--- a/coverage.txt
+++ b/coverage.txt
@@ -1,25 +1,151 @@
-github.com/peterzen/goresolver/authchain.go:23:		Populate		85.7%
-github.com/peterzen/goresolver/authchain.go:54:		Verify			92.9%
-github.com/peterzen/goresolver/authchain.go:105:	NewAuthenticationChain	100.0%
-github.com/peterzen/goresolver/goresolver.go:41:	NewDNSMessage		100.0%
-github.com/peterzen/goresolver/goresolver.go:55:	localQuery		0.0%
-github.com/peterzen/goresolver/goresolver.go:77:	queryDelegation		88.9%
-github.com/peterzen/goresolver/goresolver.go:100:	NewResolver		100.0%
-github.com/peterzen/goresolver/lookup.go:11:		LookupIP		75.8%
-github.com/peterzen/goresolver/lookup.go:66:		LookupIPv4		100.0%
-github.com/peterzen/goresolver/lookup.go:70:		LookupIPv6		100.0%
-github.com/peterzen/goresolver/lookup.go:75:		LookupIPType		70.0%
-github.com/peterzen/goresolver/lookup.go:111:		StrictNSQuery		68.4%
-github.com/peterzen/goresolver/lookup.go:148:		formatResultRRs		100.0%
-github.com/peterzen/goresolver/rrset.go:13:		queryRRset		76.5%
-github.com/peterzen/goresolver/rrset.go:48:		IsSigned		100.0%
-github.com/peterzen/goresolver/rrset.go:52:		IsEmpty			100.0%
-github.com/peterzen/goresolver/rrset.go:56:		SignerName		100.0%
-github.com/peterzen/goresolver/rrset.go:60:		NewSignedRRSet		100.0%
-github.com/peterzen/goresolver/signedzone.go:20:	lookupPubKey		100.0%
-github.com/peterzen/goresolver/signedzone.go:25:	addPubKey		100.0%
-github.com/peterzen/goresolver/signedzone.go:34:	verifyRRSIG		64.3%
-github.com/peterzen/goresolver/signedzone.go:64:	verifyDS		81.2%
-github.com/peterzen/goresolver/signedzone.go:94:	checkHasDnskeys		100.0%
-github.com/peterzen/goresolver/signedzone.go:99:	NewSignedZone		100.0%
-total:							(statements)		76.9%
+
+mode: atomic
+github.com/peterzen/goresolver/authchain.go:23.73,28.23 3 14
+github.com/peterzen/goresolver/authchain.go:28.23,30.3 1 0
+github.com/peterzen/goresolver/authchain.go:32.2,33.37 2 14
+github.com/peterzen/goresolver/authchain.go:33.37,36.17 3 44
+github.com/peterzen/goresolver/authchain.go:36.17,38.4 1 0
+github.com/peterzen/goresolver/authchain.go:39.3,39.12 1 44
+github.com/peterzen/goresolver/authchain.go:39.12,41.4 1 30
+github.com/peterzen/goresolver/authchain.go:42.3,42.77 1 44
+github.com/peterzen/goresolver/authchain.go:44.2,44.12 1 14
+github.com/peterzen/goresolver/authchain.go:54.72,57.35 2 19
+github.com/peterzen/goresolver/authchain.go:57.35,59.3 1 1
+github.com/peterzen/goresolver/authchain.go:61.2,62.16 2 18
+github.com/peterzen/goresolver/authchain.go:62.16,65.3 2 2
+github.com/peterzen/goresolver/authchain.go:67.2,67.55 1 16
+github.com/peterzen/goresolver/authchain.go:67.55,69.34 1 43
+github.com/peterzen/goresolver/authchain.go:69.34,72.4 2 0
+github.com/peterzen/goresolver/authchain.go:75.3,76.17 2 43
+github.com/peterzen/goresolver/authchain.go:76.17,79.4 2 1
+github.com/peterzen/goresolver/authchain.go:81.3,81.35 1 42
+github.com/peterzen/goresolver/authchain.go:81.35,83.31 1 30
+github.com/peterzen/goresolver/authchain.go:83.31,86.5 2 1
+github.com/peterzen/goresolver/authchain.go:88.4,89.18 2 29
+github.com/peterzen/goresolver/authchain.go:89.18,92.5 2 1
+github.com/peterzen/goresolver/authchain.go:93.4,94.18 2 28
+github.com/peterzen/goresolver/authchain.go:94.18,97.5 2 1
+github.com/peterzen/goresolver/authchain.go:100.2,100.12 1 12
+github.com/peterzen/goresolver/authchain.go:105.52,107.2 1 14
+github.com/peterzen/goresolver/goresolver.go:45.31,53.2 3 1
+github.com/peterzen/goresolver/goresolver.go:59.63,63.37 3 0
+github.com/peterzen/goresolver/goresolver.go:63.37,65.3 1 0
+github.com/peterzen/goresolver/goresolver.go:67.2,67.58 1 0
+github.com/peterzen/goresolver/goresolver.go:67.58,69.17 2 0
+github.com/peterzen/goresolver/goresolver.go:69.17,71.4 1 0
+github.com/peterzen/goresolver/goresolver.go:72.3,72.79 1 0
+github.com/peterzen/goresolver/goresolver.go:72.79,74.4 1 0
+github.com/peterzen/goresolver/goresolver.go:76.2,76.31 1 0
+github.com/peterzen/goresolver/goresolver.go:81.77,86.16 3 44
+github.com/peterzen/goresolver/goresolver.go:86.16,88.3 1 0
+github.com/peterzen/goresolver/goresolver.go:89.2,90.45 2 44
+github.com/peterzen/goresolver/goresolver.go:90.45,92.3 1 127
+github.com/peterzen/goresolver/goresolver.go:94.2,96.24 2 44
+github.com/peterzen/goresolver/goresolver.go:101.64,107.16 4 22
+github.com/peterzen/goresolver/goresolver.go:107.16,109.3 1 1
+github.com/peterzen/goresolver/goresolver.go:110.2,112.22 3 21
+github.com/peterzen/goresolver/lookup.go:12.76,14.20 1 6
+github.com/peterzen/goresolver/lookup.go:14.20,16.3 1 0
+github.com/peterzen/goresolver/lookup.go:18.2,22.31 3 6
+github.com/peterzen/goresolver/lookup.go:22.31,25.20 2 12
+github.com/peterzen/goresolver/lookup.go:25.20,26.12 1 0
+github.com/peterzen/goresolver/lookup.go:28.3,28.17 1 12
+github.com/peterzen/goresolver/lookup.go:28.17,29.12 1 0
+github.com/peterzen/goresolver/lookup.go:31.3,31.23 1 12
+github.com/peterzen/goresolver/lookup.go:31.23,32.12 1 2
+github.com/peterzen/goresolver/lookup.go:34.3,34.25 1 10
+github.com/peterzen/goresolver/lookup.go:34.25,35.12 1 0
+github.com/peterzen/goresolver/lookup.go:38.3,38.36 1 10
+github.com/peterzen/goresolver/lookup.go:41.2,41.22 1 6
+github.com/peterzen/goresolver/lookup.go:41.22,44.3 2 1
+github.com/peterzen/goresolver/lookup.go:46.2,49.16 4 5
+github.com/peterzen/goresolver/lookup.go:49.16,52.3 2 0
+github.com/peterzen/goresolver/lookup.go:53.2,54.33 2 5
+github.com/peterzen/goresolver/lookup.go:54.33,56.17 2 10
+github.com/peterzen/goresolver/lookup.go:56.17,58.12 2 0
+github.com/peterzen/goresolver/lookup.go:60.3,61.40 2 10
+github.com/peterzen/goresolver/lookup.go:64.2,64.23 1 5
+github.com/peterzen/goresolver/lookup.go:67.78,69.2 1 7
+github.com/peterzen/goresolver/lookup.go:71.78,73.2 1 1
+github.com/peterzen/goresolver/lookup.go:76.94,78.20 1 8
+github.com/peterzen/goresolver/lookup.go:78.20,80.3 1 0
+github.com/peterzen/goresolver/lookup.go:82.2,83.19 2 8
+github.com/peterzen/goresolver/lookup.go:83.19,85.3 1 0
+github.com/peterzen/goresolver/lookup.go:87.2,87.16 1 8
+github.com/peterzen/goresolver/lookup.go:87.16,89.3 1 0
+github.com/peterzen/goresolver/lookup.go:91.2,91.24 1 8
+github.com/peterzen/goresolver/lookup.go:91.24,93.3 1 1
+github.com/peterzen/goresolver/lookup.go:95.2,98.16 4 7
+github.com/peterzen/goresolver/lookup.go:98.16,101.3 2 0
+github.com/peterzen/goresolver/lookup.go:103.2,104.16 2 7
+github.com/peterzen/goresolver/lookup.go:104.16,107.3 2 7
+github.com/peterzen/goresolver/lookup.go:109.2,109.37 1 0
+github.com/peterzen/goresolver/lookup.go:112.97,114.20 1 4
+github.com/peterzen/goresolver/lookup.go:114.20,116.3 1 1
+github.com/peterzen/goresolver/lookup.go:118.2,119.16 2 3
+github.com/peterzen/goresolver/lookup.go:119.16,121.3 1 0
+github.com/peterzen/goresolver/lookup.go:123.2,123.22 1 3
+github.com/peterzen/goresolver/lookup.go:123.22,125.3 1 1
+github.com/peterzen/goresolver/lookup.go:127.2,127.24 1 2
+github.com/peterzen/goresolver/lookup.go:127.24,129.3 1 0
+github.com/peterzen/goresolver/lookup.go:131.2,132.16 2 2
+github.com/peterzen/goresolver/lookup.go:132.16,134.3 1 0
+github.com/peterzen/goresolver/lookup.go:136.2,141.24 4 2
+github.com/peterzen/goresolver/lookup.go:141.24,143.3 1 0
+github.com/peterzen/goresolver/lookup.go:145.2,146.16 2 2
+github.com/peterzen/goresolver/lookup.go:146.16,149.3 2 0
+github.com/peterzen/goresolver/lookup.go:151.2,151.26 1 2
+github.com/peterzen/goresolver/lookup.go:154.51,156.39 2 11
+github.com/peterzen/goresolver/lookup.go:156.39,157.25 1 33
+github.com/peterzen/goresolver/lookup.go:158.15,159.26 1 21
+github.com/peterzen/goresolver/lookup.go:160.18,161.29 1 12
+github.com/peterzen/goresolver/lookup.go:164.2,164.12 1 11
+github.com/peterzen/goresolver/rrset.go:14.82,18.16 2 112
+github.com/peterzen/goresolver/rrset.go:18.16,21.3 2 0
+github.com/peterzen/goresolver/rrset.go:23.2,23.35 1 112
+github.com/peterzen/goresolver/rrset.go:23.35,26.3 2 0
+github.com/peterzen/goresolver/rrset.go:28.2,30.21 2 112
+github.com/peterzen/goresolver/rrset.go:30.21,32.3 1 18
+github.com/peterzen/goresolver/rrset.go:34.2,36.30 2 94
+github.com/peterzen/goresolver/rrset.go:36.30,37.25 1 369
+github.com/peterzen/goresolver/rrset.go:38.19,39.20 1 135
+github.com/peterzen/goresolver/rrset.go:40.11,41.17 1 234
+github.com/peterzen/goresolver/rrset.go:41.17,43.5 1 234
+github.com/peterzen/goresolver/rrset.go:46.2,46.20 1 94
+github.com/peterzen/goresolver/rrset.go:49.38,51.2 1 110
+github.com/peterzen/goresolver/rrset.go:53.37,55.2 1 88
+github.com/peterzen/goresolver/rrset.go:57.42,59.2 1 14
+github.com/peterzen/goresolver/rrset.go:61.63,62.64 1 3
+github.com/peterzen/goresolver/rrset.go:62.64,64.3 1 1
+github.com/peterzen/goresolver/rrset.go:65.2,65.12 1 2
+github.com/peterzen/goresolver/rrset.go:68.30,72.2 1 112
+github.com/peterzen/goresolver/signedzone.go:20.61,22.2 1 118
+github.com/peterzen/goresolver/signedzone.go:25.46,27.2 1 127
+github.com/peterzen/goresolver/signedzone.go:34.65,36.29 1 90
+github.com/peterzen/goresolver/signedzone.go:36.29,38.3 1 0
+github.com/peterzen/goresolver/signedzone.go:41.2,42.16 2 90
+github.com/peterzen/goresolver/signedzone.go:42.16,45.3 2 0
+github.com/peterzen/goresolver/signedzone.go:47.2,48.16 2 90
+github.com/peterzen/goresolver/signedzone.go:48.16,51.3 2 4
+github.com/peterzen/goresolver/signedzone.go:53.2,53.61 1 86
+github.com/peterzen/goresolver/signedzone.go:53.61,56.3 2 0
+github.com/peterzen/goresolver/signedzone.go:57.2,57.12 1 86
+github.com/peterzen/goresolver/signedzone.go:64.60,66.29 1 28
+github.com/peterzen/goresolver/signedzone.go:66.29,70.34 2 34
+github.com/peterzen/goresolver/signedzone.go:70.34,72.12 2 6
+github.com/peterzen/goresolver/signedzone.go:75.3,77.17 3 28
+github.com/peterzen/goresolver/signedzone.go:77.17,80.4 2 1
+github.com/peterzen/goresolver/signedzone.go:81.3,82.33 2 27
+github.com/peterzen/goresolver/signedzone.go:82.33,84.4 1 27
+github.com/peterzen/goresolver/signedzone.go:86.3,87.22 2 0
+github.com/peterzen/goresolver/signedzone.go:89.2,89.31 1 0
+github.com/peterzen/goresolver/signedzone.go:94.45,96.2 1 19
+github.com/peterzen/goresolver/signedzone.go:100.71,107.2 1 44
+mode: atomic
+github.com/peterzen/goresolver/examples/mxlookup/mxlookup.go:10.13,12.22 1 0
+github.com/peterzen/goresolver/examples/mxlookup/mxlookup.go:12.22,15.3 2 0
+github.com/peterzen/goresolver/examples/mxlookup/mxlookup.go:16.2,20.16 3 0
+github.com/peterzen/goresolver/examples/mxlookup/mxlookup.go:20.16,23.3 2 0
+github.com/peterzen/goresolver/examples/mxlookup/mxlookup.go:25.2,27.16 2 0
+github.com/peterzen/goresolver/examples/mxlookup/mxlookup.go:27.16,30.3 2 0
+github.com/peterzen/goresolver/examples/mxlookup/mxlookup.go:32.2,32.55 1 0
diff --git a/go.mod b/go.mod
index 2f52aa0..f8ee420 100644
--- a/go.mod
+++ b/go.mod
@@ -1,7 +1,10 @@
 module github.com/peterzen/goresolver
 
+go 1.24.13
+
+require github.com/miekg/dns v1.1.4
+
 require (
-	github.com/miekg/dns v1.1.4
 	golang.org/x/crypto v0.0.0-20190222235706-ffb98f73852f // indirect
 	golang.org/x/net v0.0.0-20190213061140-3a22650c66bd // indirect
 	golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect
diff --git a/goresolver.go b/goresolver.go
index 8406722..baa8041 100644
--- a/goresolver.go
+++ b/goresolver.go
@@ -16,6 +16,7 @@ const (
 // queryFn can be used for mocking the actual DNS lookups in the test suite.
 type Resolver struct {
 	queryFn         func(string, uint16) (*dns.Msg, error)
+	timeNow         func() time.Time
 	dnsClient       *dns.Client
 	dnsClientConfig *dns.ClientConfig
 }
@@ -79,7 +80,7 @@ func localQuery(qname string, qtype uint16) (*dns.Msg, error) {
 // in that zone.  Returns a SignedZone or nil in case of error.
 func queryDelegation(domainName string) (signedZone *SignedZone, err error) {
 
-	signedZone = NewSignedZone(domainName)
+	signedZone = newSignedZone(domainName, resolver)
 
 	signedZone.dnskey, err = resolver.queryRRset(domainName, dns.TypeDNSKEY)
 	if err != nil {
@@ -107,5 +108,6 @@ func NewResolver(resolvConf string) (res *Resolver, err error) {
 		return nil, err
 	}
 	resolver.queryFn = localQuery
+	resolver.timeNow = time.Now
 	return resolver, nil
 }
diff --git a/lookup_test.go b/lookup_test.go
index 9296934..37e3ce7 100644
--- a/lookup_test.go
+++ b/lookup_test.go
@@ -6,6 +6,7 @@ import (
 	"path"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/miekg/dns"
 )
@@ -45,6 +46,11 @@ func mockQueryUpdate(t *testing.T, qname string, qtype uint16) (*dns.Msg, error)
 
 func newResolver(t *testing.T) (res *Resolver) {
 	resolver, _ := NewResolver("./testdata/resolv.conf")
+	// Mock time to March 7, 2019 at noon (UTC) to work with test data validity periods
+	// This date falls within all RRSIG validity periods in the test data
+	resolver.timeNow = func() time.Time {
+		return time.Date(2019, 3, 7, 12, 0, 0, 0, time.UTC)
+	}
 	resolver.queryFn = func(qname string, qtype uint16) (*dns.Msg, error) {
 		msg := &dns.Msg{}
 		if isMockQuery == false {
diff --git a/signedzone.go b/signedzone.go
index c5e3ca2..ef65f01 100644
--- a/signedzone.go
+++ b/signedzone.go
@@ -4,7 +4,6 @@ import (
 	"github.com/miekg/dns"
 	"log"
 	"strings"
-	"time"
 )
 
 // SignedZone represents a DNSSEC-enabled zone, its DNSKEY and DS records
@@ -14,6 +13,7 @@ type SignedZone struct {
 	ds           *RRSet
 	parentZone   *SignedZone
 	pubKeyLookup map[uint16]*dns.DNSKEY
+	resolver     *Resolver
 }
 
 // lookupPubkey returns a DNSKEY by its keytag
@@ -50,7 +50,7 @@ func (z SignedZone) verifyRRSIG(signedRRset *RRSet) (err error) {
 		return err
 	}
 
-	if !signedRRset.rrSig.ValidityPeriod(time.Now()) {
+	if !signedRRset.rrSig.ValidityPeriod(z.resolver.timeNow()) {
 		log.Println("invalid validity period", err)
 		return ErrRrsigValidityPeriod
 	}
@@ -95,11 +95,13 @@ func (z *SignedZone) checkHasDnskeys() bool {
 	return len(z.dnskey.rrSet) > 0
 }
 
-// NewSignedZone initializes a new SignedZone and returns it.
-func NewSignedZone(domainName string) *SignedZone {
+// newSignedZone initializes a new SignedZone and returns it.
+// This is an internal function not part of the public API.
+func newSignedZone(domainName string, resolver *Resolver) *SignedZone {
 	return &SignedZone{
-		zone:   domainName,
-		ds:     &RRSet{},
-		dnskey: &RRSet{},
+		zone:     domainName,
+		ds:       &RRSet{},
+		dnskey:   &RRSet{},
+		resolver: resolver,
 	}
 }