diff --git a/content/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.md b/content/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.md
index f086480c79ff0f7..5873d778b9aa846 100644
--- a/content/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.md
+++ b/content/dns/zone-setups/zone-transfers/cloudflare-as-primary/setup.md
@@ -112,6 +112,14 @@ To link a primary zone to a peer using the API, send a [POST](/api/operations/se
 {{</tab>}}
 {{</tabs>}}
 
+{{
+
+}}
+For security reasons TSIGs are considered a zone level configuration, this means that if one of the linked peer configured on a zone has a TSIG then all the linked peers on that zone are expected to make zone transfer requests using the same TSIG
+{{
+
+}}
+
 ## Step 4 - Create an ACL
 
 When you create an Access Control List (ACL), that list contains the source IP addresses that are allowed to send zone transfer requests. If you do not configure an ACL, your zone transfers will fail from IP addresses other than the one specified in the peer DNS server linked to your primary zone on Cloudflare.
@@ -177,4 +185,4 @@ To enable outgoing zone transfers using the API, send a [POST](/api/operations/s
 
 ## Step 8 - Add secondary nameservers to registrar
 
-At your registrar, add the nameservers of your secondary DNS provider.
\ No newline at end of file
+At your registrar, add the nameservers of your secondary DNS provider.