diff --git a/changes/ticket18319 b/changes/ticket18319
new file mode 100644
index 0000000000..41c5b5641f
--- /dev/null
+++ b/changes/ticket18319
@@ -0,0 +1,4 @@
+  o Minor features (directory authority, security):
+    - The default for AuthDirPinKeys is now 1: directory authorities will
+      reject relays where the RSA identity key matches a previously seen
+      value, but the Ed25519 key has changed. Closes ticket 18319.
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 9b8a0f00bf..5845b1a107 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -2265,7 +2265,7 @@ on the public Tor network.
     publish a descriptor if any other relay has reserved its <Ed25519,RSA>
     identity keypair. In all cases, Tor records every keypair it accepts
     in a journal if it is new, or if it differs from the most recently
-    accepted pinning for one of the keys it contains. (Default: 0)
+    accepted pinning for one of the keys it contains. (Default: 1)
 
 [[AuthDirSharedRandomness]] **AuthDirSharedRandomness** **0**|**1**::
     Authoritative directories only. Switch for the shared random protocol.
diff --git a/src/or/config.c b/src/or/config.c
index a4d063d0e4..0c4200db0c 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -211,7 +211,7 @@ static config_var_t option_vars_[] = {
   V(AuthDirInvalidCCs,           CSV,      ""),
   V(AuthDirFastGuarantee,        MEMUNIT,  "100 KB"),
   V(AuthDirGuardBWGuarantee,     MEMUNIT,  "2 MB"),
-  V(AuthDirPinKeys,              BOOL,     "0"),
+  V(AuthDirPinKeys,              BOOL,     "1"),
   V(AuthDirReject,               LINELIST, NULL),
   V(AuthDirRejectCCs,            CSV,      ""),
   OBSOLETE("AuthDirRejectUnlisted"),