diff --git a/CHANGES b/CHANGES
index eaac247f7d..467bb7df76 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,6 @@
-6356.	[bug]		Create the pruning task in the dns_cache_flush(), so
+6359.	[bug]		Fix bug in Depends (keymgr_dep) function. [GL #4552]
+
+6356.	[bug]		Attach the loop also in the dns_cache_flush(), so
 			the cache pruning still works after the flush.
 			[GL #4621]
 
diff --git a/lib/dns/keymgr.c b/lib/dns/keymgr.c
index 34fa1dd0cc..023dee9e43 100644
--- a/lib/dns/keymgr.c
+++ b/lib/dns/keymgr.c
@@ -617,6 +617,13 @@ keymgr_dep(dst_key_t *k, dns_dnsseckeylist_t *keyring, uint32_t *dep) {
 		 * Check if k is a direct successor of d, e.g. d depends on k.
 		 */
 		if (keymgr_direct_dep(d->key, k)) {
+			dst_key_state_t hidden[NUM_KEYSTATES] = {
+				HIDDEN, HIDDEN, HIDDEN, HIDDEN
+			};
+			if (keymgr_key_match_state(d->key, k, NA, NA, hidden)) {
+				continue;
+			}
+
 			if (dep != NULL) {
 				*dep = dst_key_id(d->key);
 			}