diff --git a/CHANGES b/CHANGES
index f73ecbf4e6..de55fcf8a5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+4400.	[bug]		ttl policy was not being inherited in policy.py.
+			[RT #42718]
+
 4399.	[bug] 		policy.py 'ECCGOST', 'ECDSAP256SHA256', and
 			'ECDSAP384SHA384' don't have settable keysize.
 			[RT #42718]
diff --git a/bin/python/isc/policy.py.in b/bin/python/isc/policy.py.in
index 99e820a75e..7cced86f7a 100644
--- a/bin/python/isc/policy.py.in
+++ b/bin/python/isc/policy.py.in
@@ -493,6 +493,12 @@ class dnssec_policy:
             p.zsk_postpublish = parent and \
                 parent.zsk_postpublish or ap.zsk_postpublish
 
+        if p.keyttl is None:
+            parent = p.parent or self.named_policy['default']
+            while parent is not None and not parent.keyttl:
+                parent = parent.parent
+            p.keyttl = parent and parent.keyttl
+
         if 'novalidate' not in kwargs or not kwargs['novalidate']:
             (valid, msg) = p.validate()
             if not valid: