Found this in my daily mail: unbound-an -U root ttyp5 0.02 secs Sun Oct 6 21:57 (0:00:00.16)
Since I have auto-trust-anchor-file: "/var/unbound/db/root.key" in my /var/unbound/etc/unbound.conf, on starting unbound, the rc.d script runs /usr/sbin/unbound-anchor -v. Running it manually yields this: $ doas /usr/sbin/unbound-anchor -v /var/unbound/db/root.key has content [1570433629] libunbound[28321:0] fatal error: could not open autotrust file for writing, /var/unbound/db/root.key.28321-0-1966ee948e00: No such file or directory The problem is the following change that came with the update to 1.9.3: - Add hex print of trust anchor pointer to trust anchor file temp name to make it unique, for libunbound created multiple contexts. See https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/unbound/validator/autotrust.c.diff?r1=1.10&r2=1.11 Thus, the unveil code in smallapp/unbound-anchor.c needs some adjustment. if (asprintf(&root_anchor_tempfile, "%s.%d-0", root_anchor_file, getpid()) == -1) { if(verb) printf("out of memory\n"); exit(0); } if (unveil(root_anchor_file, "rwc") == -1) err(1, "unveil"); if (unveil(root_anchor_tempfile, "rwc") == -1) err(1, "unveil"); The problem is that tp used for tempfile generation is not yet known at that point. Not sure how best to deal with this.