diff --git a/roles/unbound/tasks/main.yml b/roles/unbound/tasks/main.yml
index a64720b..a9f4f6d 100644
--- a/roles/unbound/tasks/main.yml
+++ b/roles/unbound/tasks/main.yml
@@ -15,6 +15,15 @@
     creates: "{{ unbound_confdir }}/unbound_control.key"
   notify: Restart unbound
 
+- name: Update DNSSEC root key
+  ansible.builtin.command:
+    argv:
+      - unbound-anchor
+    creates: "{{ unbound_zonedir }}/root.key"
+  register: result
+  failed_when: result.rc not in [0, 1]
+  notify: Restart unbound
+
 - name: Copy zone files
   ansible.builtin.copy:
     dest: "{{ unbound_zonedir }}/{{ item }}"