diff --git a/rootfs/tmp/etc/bind/named.conf b/rootfs/tmp/etc/bind/named.conf
index 45ac481..4cab310 100644
--- a/rootfs/tmp/etc/bind/named.conf
+++ b/rootfs/tmp/etc/bind/named.conf
@@ -1,7 +1,7 @@
 # default options - https://bind9.readthedocs.io/en/latest/chapter3.html
 #####################################################################
 # rndc keys
-key "dhcp-key" { algorithm hmac-md5; secret "REPLACE_KEY_DHCP"; };
+key "dhcp-key" { algorithm hmac-sha256; secret "REPLACE_KEY_DHCP"; };
 key "rndc-key" { algorithm hmac-sha256; secret "REPLACE_KEY_RNDC"; };
 key "backup-key" { algorithm hmac-sha256; secret "MKEQ/REPLACE_KEY_BACKUP"; };
 key "certbot." { algorithm hmac-sha512; secret "REPLACE_KEY_CERTBOT"; };
diff --git a/rootfs/usr/local/etc/docker/init.d/00-named.sh b/rootfs/usr/local/etc/docker/init.d/00-named.sh
index 0ea0d6c..ca6a855 100755
--- a/rootfs/usr/local/etc/docker/init.d/00-named.sh
+++ b/rootfs/usr/local/etc/docker/init.d/00-named.sh
@@ -158,7 +158,7 @@ user_pass="${NAMED_USER_PASS_WORD:-}" # normal user password
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Additional predefined variables
 DNS_SERIAL="$(date +'%Y%m%d%S')"
-KEY_DHCP="${KEY_DHCP:-$(__dhcp_key || __tsig_key md5)}"
+KEY_DHCP="${KEY_DHCP:-$(__dhcp_key || __tsig_key sha256)}"
 KEY_RNDC="${KEY_RNDC:-$(__rndc_key || __tsig_key sha256)}"
 KEY_BACKUP="${KEY_BACKUP:-$(__backup_key || __tsig_key sha256)}"
 KEY_CERTBOT="${KEY_CERTBOT:-$(__certbot_key || __tsig_key sha512)}"