diff --git a/man/dnssec-trust-anchors.d.xml b/man/dnssec-trust-anchors.d.xml
index 8b6394e9271..f14ebbce7cb 100644
--- a/man/dnssec-trust-anchors.d.xml
+++ b/man/dnssec-trust-anchors.d.xml
@@ -138,7 +138,17 @@
     and follow the same overriding rules. They are text files with the
     <filename>.negative</filename> suffix. Empty lines and lines whose first character is
     <literal>;</literal> are ignored. Each line specifies one domain name which is the root of a DNS
-    subtree where validation shall be disabled.</para>
+    subtree where validation shall be disabled. For example:</para>
+
+    <programlisting># Reverse IPv4 mappings
+10.in-addr.arpa
+16.172.in-addr.arpa
+168.192.in-addr.arpa
+...
+# Some custom domains
+prod
+stag
+</programlisting>
 
     <para>Negative trust anchors are useful to support private DNS
     subtrees that are not referenced from the Internet DNS hierarchy,