The root zone (aka .
) itself is signed with RSA/SHA256 (KSK as well as ZSK are RSA/SHA256).
Thus, a validating resolver that does not support RSA/SHA256 will be mostly useless on the Internet as it wouldn't be able to validate the full chain.
I think it's safe for you to assume that RSA/SHA256 is supported.
http://dnsviz.net/d/org/dnssec/ may provide a useful visualization of the keys in use up to the org
zone.