BIND DNSSEC management with WEBMIN

OS type and version Ubuntu Linux 20.04.4
Webmin version 2.000

BIND version 9.16

Hi all,
How does Webmin manage dnssec operations - records signing and resigning, keys regeneration etc.? I mean should it simply put corresponding BIND options into BIND config file and let BIND do all things, or Webmin uses its own timers and calls utilities for these tasks?

I ask this because I have dnssec enabled thru Webmin for one of my zones (all I’ve done is just created keys for the zone) - and all records got signed. But when I look into named.conf I cannot find any dnssec-related directive there*. Therefore I guess that BIND itself won’t do anything with signatures when they get expired.
Now I have RRSIG records with expiration date 2022-10-27 but not sure will they be resigned automatically and what system must initiate this process.

*There is “dnssec-validation auto”, but it’s not about zone signing

Thanks in advance