diff --git a/src/sign/mod.rs b/src/sign/mod.rs
index 5173d4a84..4a4e3a0a9 100644
--- a/src/sign/mod.rs
+++ b/src/sign/mod.rs
@@ -392,15 +392,6 @@ where
 
 //------------ sign_zone() ---------------------------------------------------
 
-/// DNSSEC sign the given zone records.
-///
-/// Assumes that the given zone records are sorted according to
-/// [`CanonicalOrd`]. The behaviour is undefined otherwise.
-///
-/// # Panics
-///
-/// This function will panic in debug builds if the given zone is not sorted
-/// according to [`CanonicalOrd`].
 pub fn sign_zone<N, Octs, S, DSK, Inner, KeyStrat, Sort, HP, T>(
     mut in_out: SignableZoneInOut<N, Octs, S, T, Sort>,
     apex: &N,
@@ -444,8 +435,6 @@ where
         return Err(SigningError::NoSoaFound);
     };
 
-    debug_assert!(in_out.as_slice().is_sorted_by(CanonicalOrd::canonical_le));
-
     // RFC 9077 updated RFC 4034 (NSEC) and RFC 5155 (NSEC3) to say that
     // the "TTL of the NSEC(3) RR that is returned MUST be the lesser of
     // the MINIMUM field of the SOA record and the TTL of the SOA itself".