"dnssec-validation yes" should fail when no trust anchors are configured
I propose to change behavior of options { dnssec-validation yes; };
configuration to cause startup failure when no trust anchors are configured. This should apply only to v9.19.
Right now it silently skips validation, which I consider a terrible UX.