diff --git a/unbound/tasks/main.yml b/unbound/tasks/main.yml
index 209c6d0f..ea7e9060 100644
--- a/unbound/tasks/main.yml
+++ b/unbound/tasks/main.yml
@@ -7,6 +7,16 @@
   tags:
   - unbound
 
+- name: Retrieve list of root DNS servers
+  get_url:
+    url: https://www.internic.net/domain/named.cache
+    dest: /etc/unbound/root.hints
+    force: yes
+    mode: "0644"
+  notify: reload unbound
+  tags:
+  - unbound
+
 - name: Copy Unbound config
   template:
     src: unbound.conf.j2
diff --git a/unbound/templates/unbound.conf.j2 b/unbound/templates/unbound.conf.j2
index 73c03141..a97e725d 100644
--- a/unbound/templates/unbound.conf.j2
+++ b/unbound/templates/unbound.conf.j2
@@ -13,7 +13,7 @@ server:
 	hide-identity: yes
 	hide-version: yes
 
-	# root-hints: "/var/unbound/etc/named.cache"
+	root-hints: "/etc/unbound/root.hints"
 	# Uncomment to enable DNSSEC validation.
 	#auto-trust-anchor-file: "/etc/unbound/root.key"
 	# Serve zones authoritatively from Unbound to resolver clients.