diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8eb75a86..938a0785 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1040,7 +1040,6 @@ and there is no easy way to migrate the original Server to use ServerFuture.
 - library documentation examples
 - test coverage for resolver
 
-
 ## 0.2.0 (Client/Server 2015-09-07)
 
 ### Added
diff --git a/crates/client/src/client/client.rs b/crates/client/src/client/client.rs
index 0348067f..7dc9d47c 100644
--- a/crates/client/src/client/client.rs
+++ b/crates/client/src/client/client.rs
@@ -21,21 +21,19 @@ use tokio::runtime::{self, Runtime};
 use trust_dns_proto::xfer::DnsRequest;
 
 use crate::client::async_client::ClientStreamXfr;
-#[cfg(feature = "dnssec")]
-use crate::client::AsyncDnssecClient;
 use crate::client::{AsyncClient, ClientConnection, ClientHandle, Signer};
 use crate::error::*;
 use crate::proto::{
     error::ProtoError,
     xfer::{DnsExchangeSend, DnsHandle, DnsResponse},
 };
-#[cfg(feature = "dnssec")]
-use crate::rr::dnssec::tsig::TSigner;
-use crate::rr::dnssec::SigSigner;
-#[cfg(feature = "dnssec")]
-use crate::rr::dnssec::TrustAnchor;
 use crate::rr::rdata::SOA;
 use crate::rr::{DNSClass, Name, Record, RecordSet, RecordType};
+#[cfg(feature = "dnssec")]
+use {
+    crate::client::AsyncDnssecClient,
+    crate::rr::dnssec::{tsig::TSigner, SigSigner, TrustAnchor},
+};
 
 use super::ClientStreamingResponse;
 
@@ -463,6 +461,8 @@ impl<CC: ClientConnection> SyncClient<CC> {
     ///
     /// * `conn` - the [`ClientConnection`] to use for all communication
     /// * `signer` - signer to use, this needs an associated private key
+    #[cfg(feature = "dnssec")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
     pub fn with_signer(conn: CC, signer: SigSigner) -> Self {
         SyncClient {
             conn,
diff --git a/crates/client/src/client/client_connection.rs b/crates/client/src/client/client_connection.rs
index 8a32e040..2e0c7db9 100644
--- a/crates/client/src/client/client_connection.rs
+++ b/crates/client/src/client/client_connection.rs
@@ -31,8 +31,11 @@ use crate::proto::op::Message;
 use crate::proto::rr::Record;
 
 /// List of currently supported signers
+#[allow(missing_copy_implementations)]
 pub enum Signer {
     /// A Sig0 based signer
+    #[cfg(feature = "dnssec")]
+    #[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
     Sig0(SigSigner),
     /// A TSIG based signer
     #[cfg(feature = "dnssec")]
@@ -57,7 +60,7 @@ impl From<TSigner> for Signer {
 }
 
 impl MessageFinalizer for Signer {
-    #[allow(unreachable_patterns)]
+    #[allow(unreachable_patterns, unused_variables)]
     fn finalize_message(
         &self,
         message: &Message,
diff --git a/crates/client/src/rr/dnssec/signer.rs b/crates/client/src/rr/dnssec/signer.rs
index 069c340d..a35f1a00 100644
--- a/crates/client/src/rr/dnssec/signer.rs
+++ b/crates/client/src/rr/dnssec/signer.rs
@@ -6,33 +6,21 @@
 // copied, modified, or distributed except according to those terms.
 
 //! signer is a structure for performing many of the signing processes of the DNSSec specification
-#[cfg(any(feature = "openssl", feature = "ring"))]
+#[cfg(feature = "dnssec")]
 use chrono::Duration;
 
-use crate::proto::error::{ProtoErrorKind, ProtoResult};
-#[cfg(feature = "dnssec")]
-use crate::proto::rr::dnssec::{tbs, TBS};
-
-#[cfg(feature = "dnssec")]
-use crate::error::DnsSecResult;
 use crate::op::{Message, MessageFinalizer, MessageVerifier};
-#[cfg(feature = "dnssec")]
-use crate::rr::dnssec::Private;
-#[cfg(feature = "dnssec")]
-use crate::rr::dnssec::{Algorithm, KeyPair};
-#[cfg(feature = "dnssec")]
-use crate::rr::rdata::DNSSECRData;
-#[cfg(feature = "dnssec")]
-use crate::rr::rdata::SIG;
-#[cfg(feature = "dnssec")]
-use crate::rr::rdata::{DNSSECRecordType, DNSKEY, KEY};
-#[cfg(feature = "dnssec")]
-use crate::rr::RData;
+use crate::proto::error::{ProtoErrorKind, ProtoResult};
 use crate::rr::Record;
 #[cfg(feature = "dnssec")]
-use crate::rr::{DNSClass, Name, RecordType};
-#[cfg(feature = "dnssec")]
-use crate::serialize::binary::BinEncoder;
+use {
+    crate::error::DnsSecResult,
+    crate::proto::rr::dnssec::{tbs, TBS},
+    crate::rr::dnssec::{Algorithm, KeyPair, Private},
+    crate::rr::rdata::{DNSSECRData, DNSSECRecordType, DNSKEY, KEY, SIG},
+    crate::rr::{DNSClass, Name, RData, RecordType},
+    crate::serialize::binary::BinEncoder,
+};
 
 /// Use for performing signing and validation of DNSSec based components. The SigSigner can be used for singing requests and responses with SIG0, or DNSSEC RRSIG records. The format is based on the SIG record type.
 ///
@@ -235,8 +223,8 @@ use crate::serialize::binary::BinEncoder;
 ///    Note that the response received by the resolver should include all
 ///    NSEC RRs needed to authenticate the response (see Section 3.1.3).
 /// ```
-#[cfg(any(feature = "openssl", feature = "ring"))]
-#[cfg_attr(docsrs, doc(cfg(any(feature = "openssl", feature = "ring"))))]
+#[cfg(feature = "dnssec")]
+#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
 pub struct SigSigner {
     // TODO: this should really be a trait and generic struct over KEY and DNSKEY
     key_rdata: RData,
@@ -248,16 +236,16 @@ pub struct SigSigner {
 }
 
 /// Placeholder type for when OpenSSL and *ring* are disabled; enable OpenSSL and Ring for support
-#[cfg(not(any(feature = "openssl", feature = "ring")))]
-#[derive(Clone, Copy)]
+#[cfg(not(feature = "dnssec"))]
+#[allow(missing_copy_implementations)]
 pub struct SigSigner;
 
 /// See [`SigSigner`](crate::rr::dnssec::SigSigner)
 #[deprecated(note = "renamed to SigSigner")]
 pub type Signer = SigSigner;
 
-#[cfg(any(feature = "openssl", feature = "ring"))]
-#[cfg_attr(docsrs, doc(cfg(any(feature = "openssl", feature = "ring"))))]
+#[cfg(feature = "dnssec")]
+#[cfg_attr(docsrs, doc(cfg(feature = "dnssec")))]
 impl SigSigner {
     /// Version of Signer for verifying RRSIGs and SIG0 records.
     ///
@@ -522,7 +510,7 @@ impl SigSigner {
 }
 
 impl MessageFinalizer for SigSigner {
-    #[cfg(any(feature = "openssl", feature = "ring"))]
+    #[cfg(feature = "dnssec")]
     fn finalize_message(
         &self,
         message: &Message,
@@ -573,7 +561,7 @@ impl MessageFinalizer for SigSigner {
         Ok((vec![sig0], None))
     }
 
-    #[cfg(not(any(feature = "openssl", feature = "ring")))]
+    #[cfg(not(feature = "dnssec"))]
     fn finalize_message(
         &self,
         _: &Message,
diff --git a/crates/resolver/src/name_server/name_server.rs b/crates/resolver/src/name_server/name_server.rs
index 147c1fde..03f90fa2 100644
--- a/crates/resolver/src/name_server/name_server.rs
+++ b/crates/resolver/src/name_server/name_server.rs
@@ -90,6 +90,7 @@ impl<C: DnsHandle<Error = ResolveError>, P: ConnectionProvider<Conn = C>> NameSe
     }
 
     #[cfg(test)]
+    #[allow(dead_code)]
     pub(crate) fn is_connected(&self) -> bool {
         !self.state.is_failed()
             && if let Some(client) = self.client.try_lock() {
diff --git a/crates/resolver/src/name_server/name_server_pool.rs b/crates/resolver/src/name_server/name_server_pool.rs
index b9e58008..24606baf 100644
--- a/crates/resolver/src/name_server/name_server_pool.rs
+++ b/crates/resolver/src/name_server/name_server_pool.rs
@@ -148,6 +148,7 @@ where
 
     #[cfg(test)]
     #[cfg(not(feature = "mdns"))]
+    #[allow(dead_code)]
     fn from_nameservers_test(
         options: &ResolverOpts,
         datagram_conns: Arc<[NameServer<C, P>]>,