diff --git a/scripts/cloudron-support b/scripts/cloudron-support
index adbfdbc8d..35d022ecf 100755
--- a/scripts/cloudron-support
+++ b/scripts/cloudron-support
@@ -247,8 +247,7 @@ function check_dns() {
 
 function check_unbound() {
     if ! systemctl is-active -q unbound; then
-        info "unbound is down. updating root anchor to see if it fixes it"
-        unbound-anchor -a /var/lib/unbound/root.key
+        info "unbound is down. restarting to see if it fixes it" # unbound-anchor is part of ExecStartPre
         systemctl restart unbound
 
         if ! systemctl is-active -q unbound; then
diff --git a/setup/start.sh b/setup/start.sh
index 0271faf71..9495f2d92 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -120,9 +120,6 @@ if vergte "${unbound_version}" "1.19.2"; then
     cp "${script_dir}/start/unbound/prefer-ip4.conf" /etc/unbound/unbound.conf.d/cloudron-prefer-ip4.conf
 fi
 rm -f /etc/unbound/unbound.conf.d/remote-control.conf # on ubuntu 24
-# update the root anchor after a out-of-disk-space situation (see #269)
-# it returns 1 even on fail, it's not clear - https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound-anchor.html#exit-code
-unbound-anchor -v -a /var/lib/unbound/root.key || log "unbound-anchor failed, but it probably worked"
 
 log "Adding systemd services"
 cp -r "${script_dir}/start/systemd/." /etc/systemd/system/
diff --git a/setup/start/systemd/unbound.service b/setup/start/systemd/unbound.service
index 4f475a52b..3b03ac547 100644
--- a/setup/start/systemd/unbound.service
+++ b/setup/start/systemd/unbound.service
@@ -8,11 +8,13 @@ Wants=network-online.target nss-lookup.target
 
 [Service]
 PIDFile=/run/unbound.pid
-ExecStartPre=/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key
+# https://www.freedesktop.org/software/systemd/man/latest/systemd.service.html ("Special Excecutable Prefixes")
+# update the root anchor after a out-of-disk-space situation (see #269)
+# it returns 1 even on fail, it's not clear - https://unbound.docs.nlnetlabs.nl/en/latest/manpages/unbound-anchor.html#exit-code
+ExecStartPre=-/usr/sbin/unbound-anchor -a /var/lib/unbound/root.key
 ExecStart=/usr/sbin/unbound -d
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=always
-# On ubuntu 16, this doesn't work for some reason
 Type=notify
 
 [Install]
diff --git a/src/scripts/restartservice.sh b/src/scripts/restartservice.sh
index b8f77a09b..c38a1230c 100755
--- a/src/scripts/restartservice.sh
+++ b/src/scripts/restartservice.sh
@@ -22,7 +22,6 @@ fi
 service="$1"
 
 if [[ "${service}" == "unbound" ]]; then
-    unbound-anchor -a /var/lib/unbound/root.key
     systemctl restart --no-block unbound
 elif [[ "${service}" == "nginx" ]]; then
     if systemctl -q is-active nginx; then