diff --git a/roles/knot/defaults/main.yml b/roles/knot/defaults/main.yml
index fe50e3b..ce20362 100644
--- a/roles/knot/defaults/main.yml
+++ b/roles/knot/defaults/main.yml
@@ -19,11 +19,11 @@ knot_zone_replica_storage_path: /var/lib/knot/replica
 knot_zone_semantic_checks: 'on'
 knot_zone_dnssec_signing: 'on'
 
-knot_dnssec_policy_algorithm: ecdsap384sha384
+knot_dnssec_policy_algorithm: ed25519
 knot_dnssec_policy_nsec3: 'on'
-knot_dnssec_policy_ksk_shared: 'on'
-knot_dnssec_policy_ksk_size: 384
-knot_dnssec_policy_zsk_size: 384
+knot_dnssec_policy_ksk_shared: 'off'
+knot_dnssec_policy_ksk_size: 256
+knot_dnssec_policy_zsk_size: 256
 knot_dnssec_policy_zsk_lifetime: 30d
 knot_dnssec_policy_ksk_lifetime: 0
 knot_dnssec_policy_cds_publish: 'double-ds'