-
kr_dnskeys_trusted() semantics is changed, but I do NOT consider that a part of public API. Go insecure due to algorithm support even if DNSKEY is NODATA. I can't see how that's relevant to practical usage, but I think this new behavior makes more sense. We still do try to fetch the DNSKEY even though we have information about its un-usability beforehand. I'd consider fixing that a premature optimization. We'll still be affected if the DNSKEY query SERVFAILs or something. Thanks to PowerDNS people for catching this!
To find the state of this project's repository at the time of any of these versions, check out the tags.