diff --git a/lib/isccfg/kaspconf.c b/lib/isccfg/kaspconf.c
index e51d2a1426..2b9eeb5c15 100644
--- a/lib/isccfg/kaspconf.c
+++ b/lib/isccfg/kaspconf.c
@@ -183,6 +183,14 @@ cfg_kaspkey_fromconfig(const cfg_obj_t *config, dns_kasp_t *kasp,
 			goto cleanup;
 		}
 
+		if (!dst_algorithm_supported(key->algorithm)) {
+			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+				    "dnssec-policy: algorithm %s not supported",
+				    alg.base);
+			result = DNS_R_BADALG;
+			goto cleanup;
+		}
+
 		obj = cfg_tuple_get(config, "length");
 		if (cfg_obj_isuint32(obj)) {
 			uint32_t min, size;