diff --git a/unbound.changes b/unbound.changes
index 18c9724..66ea9f0 100644
--- a/unbound.changes
+++ b/unbound.changes
@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Wed Nov 27 11:45:12 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
+
+- add workaround for bug
+  https://github.com/NLnetLabs/unbound/issues/509
+  Starting up with 127.0.0.1 in the /etc/resolv.conf leads to long
+  delays if the anchor update is being run as ExecStartPre in the
+  unbound service
+
 -------------------------------------------------------------------
 Fri Oct 18 11:02:26 UTC 2024 - Jorik Cronenberg <jorik.cronenberg@suse.com>
 
diff --git a/unbound.service b/unbound.service
index 00b6c9c..a7e9902 100644
--- a/unbound.service
+++ b/unbound.service
@@ -13,7 +13,8 @@ User=unbound
 Group=unbound
 EnvironmentFile=-/etc/sysconfig/unbound
 #ExecStartPre=/sbin/runuser --shell /bin/sh -c "/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem" unbound
-ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
+# https://github.com/NLnetLabs/unbound/issues/509
+ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_UNBOUND_ANCHOR" == "yes" ]; then /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem -R; else echo "Updates of root keys with unbound-anchor is disabled"; fi'
 ExecStartPre=/usr/sbin/unbound-checkconf
 ExecStart=!/usr/sbin/unbound -d $UNBOUND_OPTIONS
 
diff --git a/unbound.sysconfig b/unbound.sysconfig
index cd5dcb1..fd54187 100644
--- a/unbound.sysconfig
+++ b/unbound.sysconfig
@@ -1,3 +1,6 @@
 # for extra debug, add "-v -v" or change verbosity: in unbound.conf
 
 UNBOUND_OPTIONS=""
+
+# to disable the anchor update, set this to 'yes'
+DISABLE_UNBOUND_ANCHOR="no"