diff --git a/roles/knot/templates/etc/knot/knot.conf.j2 b/roles/knot/templates/etc/knot/knot.conf.j2
index 03eebd9..420837d 100644
--- a/roles/knot/templates/etc/knot/knot.conf.j2
+++ b/roles/knot/templates/etc/knot/knot.conf.j2
@@ -103,10 +103,10 @@ policy:
 {% if inventory_hostname in zone.masters %}
 
   - id: dnssec-{{ zone.name }}
-    algorithm: {{ knot_dnssec_policy_algorithm }}
+    algorithm: {{ zone.algorithm | default(knot_dnssec_policy_algorithm) }}
     nsec3: {{ knot_dnssec_policy_nsec3 }}
-    ksk-size: {{ knot_dnssec_policy_ksk_size }}
-    zsk-size: {{ knot_dnssec_policy_zsk_size }}
+    ksk-size: {{ zone.ksk_size | default(knot_dnssec_policy_ksk_size) }}
+    zsk-size: {{ zone.zsk_size | default(knot_dnssec_policy_zsk_size) }}
     zsk-lifetime: {{ zone.zsk_lifetime | default(knot_dnssec_policy_zsk_lifetime) }}
     ksk-lifetime: {{ zone.ksk_lifetime | default(knot_dnssec_policy_ksk_lifetime) }}
     ksk-submission: submission-{{ zone.name }}