diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2
index ee49875..e0d3a26 100644
--- a/roles/knot/templates/etc/knot/knot.conf.j2
+++ b/roles/knot/templates/etc/knot/knot.conf.j2
@@ -24,16 +24,18 @@ log:
 #
 
 key:
-{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters', default=[]) ) ) | flatten | unique %}
+{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters') | select('defined') ) ) | flatten | unique %}
+{% if 'knot_tsig_key' in hostvars[remote] %}
 
   - id: {{ hostvars[remote].knot_tsig_key.name }}
     algorithm: {{ hostvars[remote].knot_tsig_key.algorithm }}
     secret: {{ hostvars[remote].knot_tsig_key.secret }}
+{% endif %}
 {% endfor %}
 
 
 remote:
-{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters', default=[]) ) ) | flatten | unique %}
+{% for remote in ( (zones | map(attribute='replicas') ) + (zones | map(attribute='masters') ) + (zones | map(attribute='updaters') | select('defined') ) ) | flatten | unique %}
 
   - id: remote-{{ remote }}
 {% for address in hostvars[remote].knot_dns_addresses %}
@@ -46,7 +48,7 @@ acl:
 
   - id: acl-xfr-{{ remote }}
     action: transfer
-{% if knot_tsig_key in hostvars[remote] %}
+{% if 'knot_tsig_key' in hostvars[remote] %}
     key: {{ hostvars[remote].knot_tsig_key.name }}
 {% else %}
 {% for address in hostvars[remote].knot_dns_addresses %}
@@ -59,7 +61,7 @@ acl:
 
   - id: acl-notify-{{ remote }}
     action: notify
-{% if knot_tsig_key in hostvars[remote] %}
+{% if 'knot_tsig_key' in hostvars[remote] %}
     key: {{ hostvars[remote].knot_tsig_key.name }}
 {% else %}
 {% for address in hostvars[remote].knot_dns_addresses %}
@@ -68,7 +70,7 @@ acl:
 {% endif %}
 {% endfor %}
 
-{% for remote in zones | map(attribute='updaters', default=[]) | flatten | unique %}
+{% for remote in zones | map(attribute='updaters') | select('defined') | flatten | unique %}
 
   - id: acl-update-{{ remote }}
     action: update