diff --git a/CHANGES b/CHANGES
index 7fa55a93ef..18fe978440 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,8 @@
+4599.	[bug]		Fix inconsistencies in inline signing time
+			comparison that were introduced with the
+			introduction of rdatasetheader->resign_lsb.
+			[RT #42112]
+
 4597.	[bug]		The validator now ignores SHA-1 DS digest type
 			when a DS record with SHA-384 digest type is
 			present and is a supported digest type.
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 6b0c5a3f9f..2e47c8de61 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -588,7 +588,7 @@ struct dns_rbtdb {
 	 * context to use for the heap (which differs from the main
 	 * database memory context in the case of a cache).
 	 */
-	isc_mem_t *			hmctx;
+	isc_mem_t			*hmctx;
 	isc_heap_t                      **heaps;
 
 	/* Locked by tree_lock. */
@@ -911,9 +911,7 @@ ttl_sooner(void *v1, void *v2) {
 	rdatasetheader_t *h1 = v1;
 	rdatasetheader_t *h2 = v2;
 
-	if (h1->rdh_ttl < h2->rdh_ttl)
-		return (ISC_TRUE);
-	return (ISC_FALSE);
+	return (ISC_TF(h1->rdh_ttl < h2->rdh_ttl));
 }
 
 static isc_boolean_t
@@ -921,10 +919,9 @@ resign_sooner(void *v1, void *v2) {
 	rdatasetheader_t *h1 = v1;
 	rdatasetheader_t *h2 = v2;
 
-	if (h1->resign < h2->resign ||
-	    (h1->resign == h2->resign && h1->resign_lsb < h2->resign_lsb))
-		return (ISC_TRUE);
-	return (ISC_FALSE);
+	return (ISC_TF(h1->resign < h2->resign ||
+		       (h1->resign == h2->resign &&
+			h1->resign_lsb < h2->resign_lsb)));
 }
 
 /*%
@@ -6322,7 +6319,8 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
 				init_rdataset(rbtdb, newheader);
 				if (loading && RESIGN(newheader) &&
 				    RESIGN(header) &&
-				    header->resign < newheader->resign) {
+				    resign_sooner(header, newheader))
+				{
 					newheader->resign = header->resign;
 					newheader->resign_lsb =
 							header->resign_lsb;
@@ -7643,7 +7641,7 @@ setsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, isc_stdtime_t resign) {
 	NODE_LOCK(&rbtdb->node_locks[header->node->locknum].lock,
 		  isc_rwlocktype_write);
 
-	oldresign = header->resign;
+	oldresign = (header->resign << 1) | header->resign_lsb;
 	header->resign = (isc_stdtime_t)(dns_time64_from32(resign) >> 1);
 	header->resign_lsb = resign & 0x1;
 	if (header->heap_index != 0) {
@@ -7691,7 +7689,7 @@ getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset,
 		}
 		if (header == NULL)
 			header = this;
-		else if (isc_serial_lt(this->resign, header->resign)) {
+		else if (resign_sooner(this, header)) {
 			locknum = header->node->locknum;
 			NODE_UNLOCK(&rbtdb->node_locks[locknum].lock,
 				    isc_rwlocktype_read);