PowerDNS uses DNSSEC signatures that are valid for 3 weeks, Thursday to Thursday. That's usually my trick for checking. (And I run PowerDNS, so I just dig one of my own domains instead of checking a calendar to see what date Thursday is.) I don't know of any other signers that commonly behave the same way.
colmena.biz. 38400 IN RRSIG A 13 2 38400 20180524000000 20180503000000 43819 colmena.biz. bxNwUq34XourXzODxpZbwH+ha+mikcXxz8mNHSPBW66rS3MAgH6NdQ1/ ISyn0WjaJjLyO3k0y+ibvcwwhnbbGQ==
Upgrading won't necessarily help. The issue is that some methods of updating records automatically update the associated negative records and some don't., requiring you to rectify. If you don't, the negative records may no longer be valid. It's more a design limitation than a bug. I think newer versions handle it automatically under more circumstances, but still not all.
It's configurable. You can turn it off, customize it, or leave it at the default. I guess they've taken option 2, or have a more complicated DNS architecture.