Unbound error: failed to read /var/lib/unbound/root.key


since the last daily DSL-recycle this morning unbound doesn’t start. Before this recycle unbound was running without error

The configuration is untouched since a very long time (maybe years). I have defined special DNS-Servers, f.e. the one from Lightning Wire Labs (, the ISP DNS-Servers are disabled. Protocol is set to TLS, safe-search is enabled and qname-minimizing is set to “strict”.

unbound is not starting automatically since this morning:

/etc/init.d/unbound status
/usr/sbin/unbound is not running but /var/run/unbound.pid exists.

When i start unbound manually i can see the following messages in syslog:

unbound: [3528:0] warning: did not exit gracefully last time (906)
unbound: [3529:0] notice: init module 0: validator
unbound: [3529:0] error: failed to read /var/lib/unbound/root.key
unbound: [3529:0] error: error reading auto-trust-anchor-file: /var/lib/unbound/root.key
unbound: [3529:0] error: validator: error in trustanchors config
unbound: [3529:0] error: validator: could not apply configuration settings.
unbound: [3529:0] error: module init for module validator failed
unbound: [3529:0] fatal error: failed to setup modules

The file /var/lib/unbound/root.key exists, but has file size = 0:

# ls -l /var/lib/unbound/
total 0
-rw-r--r-- 1 nobody nobody 0 May 24 02:22 root.key

I had a look to my last backup (from yesterday), but the directory /var/lib/unbound isn’t included.

Any hint, what i can do?

Thanks in advance,


This is intended because some dnskeys changed weekly.

Erase the file and run “unbound-anchor” to recreate this file.


Thanks for the very quick reply, that helped. Unbound is running again.