OpenSSH-6.0 will be out soon  and introduces support for ldns , a
DNSSEC-compliant resolver library providing features similar to
dnsutils. To integrate this in our packages, I plan to:
- put a new package in [core] called dnssec-anchors;
- make dnsutils and ldns depend on dnssec-anchors;
- move ldns from [community] to [core];
- make openssh depend on ldns.
You can check those packages out in my repo . Comments are welcome.
In my opinion, ldns and sister projects unbound  and nsd  are
great steps forward sane mainstream DNS software, and I am glad to see
OpenSSH agree. If you are presently using BIND, I strongly recommend you
consider switching to them.