diff --git a/CHANGES b/CHANGES
index ce23ac0fb1..8eff7be497 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5667.	[bug]		The configuration-checking code failed to account for
+			the inheritance rules of the "dnssec-policy" option.
+			[GL #2780]
+
 5666.	[func]		Tweak the safe "edns-udp-size" to match the probing
 			value from BIND 9.16 for better compatibility.
 			[GL #2183]
diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index 5528fc06b2..ddeb2d7fd7 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -59,3 +59,6 @@ Bug Fixes
 - A deadlock at startup was introduced when fixing :gl:`#1875` because when
   locking key files for reading and writing, "in-view" logic was not taken into
   account. This has been fixed. :gl:`#2783`
+
+- Checking of ``dnssec-policy`` was broken. The checks failed to account for
+  ``dnssec-policy`` inheritance. :gl:`#2780`