diff --git a/doc/configuration.rst b/doc/configuration.rst
index 448523570402bafa8bd18b822cd03b57007189ff..97978b707e96db1873b63456234c09f8217eb2ee 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -438,3 +438,15 @@ of the limitations will be hopefully removed in the near future.
   - Legacy key import requires a private key.
   - Legacy key export is not implemented.
   - DS record export is not implemented.
+
+.. _dnssec-keyusage:
+
+DNSSEC keys used by multiple zones 
+----------------------------------
+
+Using same key for multiple zones with automatic key management is possible. 
+However, all zones must be listed in keyusage (keys directory) or they will be deleted,
+when they retire in any zone.
+
+If keys are added manually as published, but not active (for next rollover event), they are added automatically.
+