Hide DNSSEC from SOA if DNS-Mirrors are available (prevents broken DNSSEC-Implementaion on Multiserver-Setups)
You can still set DNSSEC for a zone in the create zone wizard.
DNSSEC was still useful on a mirrored setup, you just needed to manually copy the .key/.private and dsset-* files from the master to the slave. When removing the option entirely from the config that's no longer an option (because the named.conf.local entry won't point to the .signed zone file). I'm not "pushing" to leave it in, but just pointing out one consideration (I personally would have used it for a few domains, but not nearly as many as if it were working correctly).