if DNSSEC was signed before DNS is disabled, it should be re-signed with the same keys when DNS is re-enabled.
it should be standard practice to check whether or not the DNSSEC is signed before disabling DNS so that DNSSEC can be re-signed after re-enabling DNS.
A better option would be for Plesk Panel to automatically recognize if DNSSEC was signed before DNS is disabled and then re-signing with the same keys when DNS is re-enabled. If this isn't a possibility, the next best thing would be, if DNSSEC is signed, to provide a warning to the user in the form of a confirmation prompt saying something to the effect that "doing this will unsign DNSSEC and you will need to manually re-enable DNSSEC for the domain. Do you wish to continue?".
This came up as an issue, not just because I had DNSSEC enabled, but because it was preventing me from being able to issue a Let's Encrypt certificate for the domain.
Thank you for your input! We will consider this functionality in upcoming releases if it is popular. Everyone, please continue voting for this feature if you consider it important.
--
IG