Update changes, documentation

CHANGES

+5366.	[bug]		Fix a race condition with the keymgr when the same
+			zone plus dnssec-policy is configured in multiple
+			views. [GL #1653]
+
 5365.	[bug]		Algorithm rollover was stuck on submitting DS
 			because keymgr thought it would move to an invalid
 			state.  Fixed by when checking the current key,

doc/arm/Bv9ARM-book.xml

@@ -11132,6 +11132,13 @@ example.com                 CNAME   rpz-tcp-only.
 	    roll, which cryptographic algorithms to use, and how often RRSIG
 	    records need to be refreshed.
 	  </para>
+	  <para>
+	    Keys are not shared among zones, which means that one set of keys
+	    per zone will be generated even if they have the same policy.
+	    If multiple views are configured with different versions of the
+	    same zone, each separate version will use the same set of signing
+	    keys.
+	  </para>
 	  <para>
 	    Multiple key and signing policies can be configured.  To
 	    attach a policy to a zone, add a <command>dnssec-policy</command>