diff --git a/plinth/modules/bind/__init__.py b/plinth/modules/bind/__init__.py
index 326b64086..fe2f114a5 100644
--- a/plinth/modules/bind/__init__.py
+++ b/plinth/modules/bind/__init__.py
@@ -30,7 +30,7 @@ class BindApp(app_module.App):
 
     app_id = 'bind'
 
-    _version = 2
+    _version = 3
 
     def __init__(self):
         """Create components for the app."""
diff --git a/plinth/modules/bind/forms.py b/plinth/modules/bind/forms.py
index 36cca46cc..95e87407e 100644
--- a/plinth/modules/bind/forms.py
+++ b/plinth/modules/bind/forms.py
@@ -1,7 +1,5 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
-"""
-Forms for BIND module.
-"""
+"""Forms for BIND module."""
 
 from django import forms
 from django.core.validators import validate_ipv46_address
@@ -15,12 +13,9 @@ def validate_ips(ips):
 
 
 class BindForm(forms.Form):
-    """BIND configuration form"""
+    """BIND configuration form."""
+
     forwarders = forms.CharField(
         label=_('Forwarders'), required=False, validators=[validate_ips],
         help_text=_('A list DNS servers, separated by space, to which '
                     'requests will be forwarded'))
-
-    enable_dnssec = forms.BooleanField(
-        label=_('Enable DNSSEC'), required=False,
-        help_text=_('Enable Domain Name System Security Extensions'))
diff --git a/plinth/modules/bind/privileged.py b/plinth/modules/bind/privileged.py
index 562ee5199..0e1713229 100644
--- a/plinth/modules/bind/privileged.py
+++ b/plinth/modules/bind/privileged.py
@@ -28,9 +28,6 @@ forwarders {
 };
 forward first;
 
-dnssec-enable yes;
-dnssec-validation auto;
-
 auth-nxdomain no;    # conform to RFC1035
 listen-on-v6 { any; };
 };
@@ -43,6 +40,8 @@ def setup(old_version: int):
     if old_version == 0:
         with open(CONFIG_FILE, 'w', encoding='utf-8') as conf_file:
             conf_file.write(DEFAULT_CONFIG)
+    elif old_version < 3:
+        _remove_dnssec()
 
     Path(ZONES_DIR).mkdir(exist_ok=True, parents=True)
 
@@ -50,10 +49,9 @@ def setup(old_version: int):
 
 
 @privileged
-def configure(forwarders: str, dnssec: bool):
+def configure(forwarders: str):
     """Configure BIND."""
     _set_forwarders(forwarders)
-    _set_dnssec(dnssec)
     action_utils.service_restart('named')
 
 
@@ -62,22 +60,15 @@ def get_config():
     data = [line.strip() for line in open(CONFIG_FILE, 'r', encoding='utf-8')]
 
     forwarders = ''
-    dnssec_enabled = False
     flag = False
     for line in data:
         if re.match(r'^\s*forwarders\s+{', line):
             flag = True
-        elif re.match(r'^\s*dnssec-enable\s+yes;', line):
-            dnssec_enabled = True
         elif flag and '//' not in line:
             forwarders = re.sub('[;]', '', line)
             flag = False
 
-    conf = {
-        'forwarders': forwarders,
-        'enable_dnssec': dnssec_enabled,
-    }
-    return conf
+    return {'forwarders': forwarders}
 
 
 def _set_forwarders(forwarders):
@@ -100,24 +91,14 @@ def _set_forwarders(forwarders):
     conf_file.close()
 
 
-def _set_dnssec(choice):
-    """Enable or disable DNSSEC."""
+def _remove_dnssec():
+    """Remove DNSSEC options."""
     data = [line.strip() for line in open(CONFIG_FILE, 'r', encoding='utf-8')]
 
-    if choice:
-        conf_file = open(CONFIG_FILE, 'w', encoding='utf-8')
+    with open(CONFIG_FILE, 'w', encoding='utf-8') as file_handle:
         for line in data:
-            if re.match(r'//\s*dnssec-enable\s+yes;', line):
-                line = line.lstrip('/')
-            conf_file.write(line + '\n')
-        conf_file.close()
-    else:
-        conf_file = open(CONFIG_FILE, 'w', encoding='utf-8')
-        for line in data:
-            if re.match(r'^\s*dnssec-enable\s+yes;', line):
-                line = '//' + line
-            conf_file.write(line + '\n')
-        conf_file.close()
+            if not re.match(r'^\s*dnssec-enable\s+yes;', line):
+                file_handle.write(line + '\n')
 
 
 def get_served_domains():
diff --git a/plinth/modules/bind/tests/test_bind.py b/plinth/modules/bind/tests/test_bind.py
index 465fd3781..6131893a9 100644
--- a/plinth/modules/bind/tests/test_bind.py
+++ b/plinth/modules/bind/tests/test_bind.py
@@ -74,18 +74,6 @@ def test_set_forwarders():
     assert conf['forwarders'] == ''
 
 
-@pytest.mark.usefixtures('configuration_file')
-def test_enable_dnssec():
-    """Test that enabling DNSSEC works."""
-    bind.privileged._set_dnssec(True)
-    conf = bind.privileged.get_config()
-    assert conf['enable_dnssec']
-
-    bind.privileged._set_dnssec(False)
-    conf = bind.privileged.get_config()
-    assert not conf['enable_dnssec']
-
-
 @pytest.mark.usefixtures('bind_zones_folder')
 def test_get_correct_served_domains():
     """
diff --git a/plinth/modules/bind/tests/test_functional.py b/plinth/modules/bind/tests/test_functional.py
index fc43e6ab6..99f2c1e0c 100644
--- a/plinth/modules/bind/tests/test_functional.py
+++ b/plinth/modules/bind/tests/test_functional.py
@@ -23,45 +23,14 @@ class TestBindApp(functional.BaseAppTests):
         functional.set_forwarders(session_browser, '1.1.1.1 1.0.0.1')
         assert functional.get_forwarders(session_browser) == '1.1.1.1 1.0.0.1'
 
-    def test_enable_disable_dnssec(self, session_browser):
-        """Test enabling/disabling DNSSEC."""
-        functional.app_enable(session_browser, 'bind')
-        _enable_dnssec(session_browser, False)
-
-        _enable_dnssec(session_browser, True)
-        assert _get_dnssec(session_browser)
-
-        _enable_dnssec(session_browser, False)
-        assert not _get_dnssec(session_browser)
-
     @pytest.mark.backups
     def test_backup_restore(self, session_browser):
         """Test backup and restore."""
         functional.app_enable(session_browser, 'bind')
         functional.set_forwarders(session_browser, '1.1.1.1')
-        _enable_dnssec(session_browser, False)
         functional.backup_create(session_browser, 'bind', 'test_bind')
 
         functional.set_forwarders(session_browser, '1.0.0.1')
-        _enable_dnssec(session_browser, True)
 
         functional.backup_restore(session_browser, 'bind', 'test_bind')
         assert functional.get_forwarders(session_browser) == '1.1.1.1'
-        assert not _get_dnssec(session_browser)
-
-
-def _enable_dnssec(browser, enable):
-    """Enable/disable DNSSEC in bind configuration."""
-    functional.nav_to_module(browser, 'bind')
-    if enable:
-        browser.check('enable_dnssec')
-    else:
-        browser.uncheck('enable_dnssec')
-
-    functional.submit(browser, form_class='form-configuration')
-
-
-def _get_dnssec(browser):
-    """Return whether DNSSEC is enabled/disabled in bind configuration."""
-    functional.nav_to_module(browser, 'bind')
-    return browser.find_by_name('enable_dnssec').first.checked
diff --git a/plinth/modules/bind/views.py b/plinth/modules/bind/views.py
index 20ab92e85..d5de97387 100644
--- a/plinth/modules/bind/views.py
+++ b/plinth/modules/bind/views.py
@@ -56,9 +56,8 @@ class BindAppView(AppView):  # pylint: disable=too-many-ancestors
         data = form.cleaned_data
         old_config = privileged.get_config()
 
-        if old_config['forwarders'] != data['forwarders'] \
-           or old_config['enable_dnssec'] != data['enable_dnssec']:
-            privileged.configure(data['forwarders'], data['enable_dnssec'])
+        if old_config['forwarders'] != data['forwarders']:
+            privileged.configure(data['forwarders'])
             messages.success(self.request, _('Configuration updated'))
 
         return super().form_valid(form)