diff --git a/plugins/modules/nsupdate_zone.py b/plugins/modules/nsupdate_zone.py
index f43f0a0..d983ff4 100644
--- a/plugins/modules/nsupdate_zone.py
+++ b/plugins/modules/nsupdate_zone.py
@@ -132,7 +132,7 @@ options:
   ignore_dnssec_records:
     description:
       - Automatically ignore DNSSEC-managed record types.
-      - When enabled, DNSKEY, RRSIG, NSEC, NSEC3, and NSEC3PARAM records are added to the ignore list.
+      - When enabled, DNSKEY, RRSIG, NSEC, NSEC3, NSEC3PARAM, CDNSKEY, CDS, and TYPE65534 records are added to the ignore list.
       - Useful when DNS servers manage DNSSEC records automatically and they should not be modified.
     type: bool
     default: true
@@ -365,7 +365,7 @@ class DNSZoneManager:
         
         # Add DNSSEC record types to ignore list if enabled
         if module.params.get('ignore_dnssec_records', True):
-            dnssec_types = {'DNSKEY', 'RRSIG', 'NSEC', 'NSEC3', 'NSEC3PARAM'}
+            dnssec_types = {'DNSKEY', 'RRSIG', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'CDNSKEY', 'CDS', 'TYPE65534'}
             self.ignore_types.update(dnssec_types)
         
         # Add SOA record type to ignore list if enabled