diff --git a/CHANGES b/CHANGES
index c3abbde0b1..52967a0174 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6361.	[bug]		Some invalid ISO 8601 durations were accepted
+			erroneously. [GL #4624]
+
 6360.	[bug]		Don't return static-stub synthesised NS RRset.
 			[GL #4608]
 
diff --git a/bin/tests/system/checkconf/bad-kasp-duration.conf b/bin/tests/system/checkconf/bad-kasp-duration.conf
new file mode 100644
index 0000000000..74f08271b7
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-kasp-duration.conf
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy "invalid-sigrefresh" {
+	keys {
+		csk lifetime unlimited algorithm 13;
+	};
+	signatures-refresh P7.5D;
+};
+
+zone "example.net" {
+	type primary;
+	file "example.db";
+	dnssec-policy "invalid-sigrefresh";
+};
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index ca59158dc6..7c1f7295de 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -44,6 +44,9 @@ Bug Fixes
   ISC would like to thank Thomas Amgarten for bringing this issue to
   our attention. :gl:`#4518`, :gl:`#4528`
 
+- Some ISO 8601 durations were accepted erroneously, leading to shorter
+  durations than expected. This has been fixed. :gl:`#4624`
+
 Known Issues
 ~~~~~~~~~~~~
 
diff --git a/lib/isccfg/duration.c b/lib/isccfg/duration.c
index 9ed9d6f657..98476a085b 100644
--- a/lib/isccfg/duration.c
+++ b/lib/isccfg/duration.c
@@ -45,6 +45,7 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	bool not_weeks = false;
 	int i;
 	long long int lli;
+	char *endptr;
 
 	/*
 	 * Copy the buffer as it may not be NULL terminated.
@@ -76,7 +77,11 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Yy");
 	if (X != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		endptr = NULL;
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -94,7 +99,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	 */
 	if (X != NULL && (T == NULL || (size_t)(X - P) < (size_t)(T - P))) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -107,7 +115,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Dd");
 	if (X != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -126,7 +137,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Hh");
 	if (X != NULL && T != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -144,7 +158,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	 */
 	if (X != NULL && T != NULL && (size_t)(X - P) > (size_t)(T - P)) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -157,7 +174,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 	X = strpbrk(str, "Ss");
 	if (X != NULL && T != NULL) {
 		errno = 0;
-		lli = strtoll(str + 1, NULL, 10);
+		lli = strtoll(str + 1, &endptr, 10);
+		if (*endptr != *X) {
+			return (ISC_R_BADNUMBER);
+		}
 		if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 			return (ISC_R_BADNUMBER);
 		}
@@ -174,7 +194,10 @@ isccfg_duration_fromtext(isc_textregion_t *source,
 			return (ISC_R_BADNUMBER);
 		} else {
 			errno = 0;
-			lli = strtoll(str + 1, NULL, 10);
+			lli = strtoll(str + 1, &endptr, 10);
+			if (*endptr != *W) {
+				return (ISC_R_BADNUMBER);
+			}
 			if (errno != 0 || lli < 0 || lli > UINT32_MAX) {
 				return (ISC_R_BADNUMBER);
 			}