It would sure be nice to have DNSSEC validation on the bytemark resolvers now that most(?) of the world are signing their zones. Something to consider in the near future?
But I see that you still run PowerDNS Recursor 3.6.2 on these servers, so I guess it depends on an update to PowerDNS 4.x. Or maybe to BIND or Unbound, which I believe both support DNSSEC validation in jessie.