diff --git a/selftest/knownfail.d/dns_tkey b/selftest/knownfail.d/dns_tkey
index edb6e0b2115..8ce60f8507c 100644
--- a/selftest/knownfail.d/dns_tkey
+++ b/selftest/knownfail.d/dns_tkey
@@ -1,12 +1,9 @@
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_keyname.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_mac.fl2008r2dc
-^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_tkey_gss_microsoft_com.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_tsig_tkey_req_answers.fl2008r2dc
-^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_microsoft_com_tkey_req_additional.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_microsoft_com_tkey_req_answers.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_bad_algorithm.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_changed_algorithm1.fl2008r2dc
-^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_changed_algorithm2.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_gss_tsig_tkey_req_additional.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_tsig_windows.fl2008r2dc
 ^samba.tests.dns_tkey.__main__.TestDNSUpdates.test_update_wo_tsig.fl2008r2dc
diff --git a/source4/dns_server/dns_crypto.c b/source4/dns_server/dns_crypto.c
index 9d44512b1ca..19d6b0dad14 100644
--- a/source4/dns_server/dns_crypto.c
+++ b/source4/dns_server/dns_crypto.c
@@ -382,6 +382,7 @@ WERROR dns_sign_tsig(struct dns_server *dns,
 		.data = NULL,
 		.length = 0
 	};
+	const char *algorithm = "gss-tsig";
 
 	tsig = talloc_zero(mem_ctx, struct dns_res_rec);
 	if (tsig == NULL) {
@@ -402,6 +403,8 @@ WERROR dns_sign_tsig(struct dns_server *dns,
 		if (!W_ERROR_IS_OK(werror)) {
 			return werror;
 		}
+
+		algorithm = tkey->algorithm;
 	}
 
 	tsig->name = talloc_strdup(tsig, state->key_name);
@@ -412,7 +415,7 @@ WERROR dns_sign_tsig(struct dns_server *dns,
 	tsig->rr_type = DNS_QTYPE_TSIG;
 	tsig->ttl = 0;
 	tsig->length = UINT16_MAX;
-	tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig, "gss-tsig");
+	tsig->rdata.tsig_record.algorithm_name = talloc_strdup(tsig, algorithm);
 	if (tsig->rdata.tsig_record.algorithm_name == NULL) {
 		return WERR_NOT_ENOUGH_MEMORY;
 	}