diff --git a/net/unbound/Makefile b/net/unbound/Makefile
index 57a65045a..d8db017a4 100644
--- a/net/unbound/Makefile
+++ b/net/unbound/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=unbound
 PKG_VERSION:=1.6.1
-PKG_RELEASE:=5
+PKG_RELEASE:=6
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_LICENSE_FILES:=LICENSE
diff --git a/net/unbound/files/odhcpd.awk b/net/unbound/files/odhcpd.awk
index 34e6710d8..160950884 100644
--- a/net/unbound/files/odhcpd.awk
+++ b/net/unbound/files/odhcpd.awk
@@ -28,10 +28,13 @@
 
 /^#/ {
   # We need to pick out DHCP v4 or v6 records
-  net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ;
+  net = $2 ; id = $3 ; cls = $4 ; hst = $5 ; adr = $9 ; adr2 = $10
   cdr = adr ;
+  cdr2 = adr2 ;
   sub( /\/.*/, "", adr ) ;
   sub( /.*\//, "", cdr ) ;
+  sub( /\/.*/, "", adr2 ) ;
+  sub( /.*\//, "", cdr2 ) ;
 
 
   if ( bisolt == 1 ) {
@@ -132,6 +135,22 @@
         print ( x "\n" y ) > hostfile ;
       }
     }
+    
+    if (( cdr2 == 128 ) && ( hst != "-" )) {
+      if ( bconf == 1 ) {
+        x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr2 "\"" ) ;
+        y = ( "local-data-ptr: \"" adr2 " 120 " fqdn "\"" ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+
+      else {
+        # odhcp puts GA and ULA on the same line (position 9 and 10)
+        qpr2 = ipv6_ptr( adr2 ) ;
+        x = ( fqdn ". 120 IN AAAA " adr2 ) ;
+        y = ( qpr2 ". 120 IN PTR " fqdn ) ;
+        print ( x "\n" y ) > hostfile ;
+      }
+    }
   }
 }
 
diff --git a/net/unbound/files/unbound.init b/net/unbound/files/unbound.init
index e4b7ec85f..1edf9ef80 100755
--- a/net/unbound/files/unbound.init
+++ b/net/unbound/files/unbound.init
@@ -9,7 +9,8 @@
 #
 ##############################################################################
 
-START=60
+START=19
+STOP=50
 USE_PROCD=1
 PROG=/usr/sbin/unbound
 
@@ -19,9 +20,18 @@ PROG=/usr/sbin/unbound
 
 ##############################################################################
 
+boot() {
+  UNBOUND_BOOT=1
+  start "$@"
+}
+
+##############################################################################
+
 start_service() {
-  # WAIT! Unbound often takes its time writing closure stats to syslog
-  pidof $PROG && sleep 1
+  if [ -n "$UNBOUND_BOOT" ] ; then
+    # Load procd triggers (rc) and use event IFUP to really start
+    return 0
+  fi
 
   # complex UCI work
   unbound_start
@@ -37,13 +47,17 @@ start_service() {
 
 stop_service() {
   unbound_stop
+  
+  # Wait! on restart Unbound may take time writing closure stats to syslog
+  pidof $PROG && sleep 1
 }
 
 ##############################################################################
 
 service_triggers() {
+  # use soft reload to prevent continuous stop-start and cache flush
   procd_add_reload_trigger "unbound"
-  procd_add_raw_trigger "interface.*" 2000 /etc/init.d/unbound restart
+  procd_add_raw_trigger "interface.*.up" 2000 /etc/init.d/unbound reload
 }
 
 ##############################################################################
diff --git a/net/unbound/files/unbound.ntpd b/net/unbound/files/unbound.ntpd
index 5c7191656..d744cb067 100755
--- a/net/unbound/files/unbound.ntpd
+++ b/net/unbound/files/unbound.ntpd
@@ -20,6 +20,7 @@
 if [ "$ACTION" = stratum -a ! -f "$UNBOUND_TIMEFILE" ] ; then
   echo "ntpd: $( date )" > $UNBOUND_TIMEFILE
   /etc/init.d/unbound enabled && /etc/init.d/unbound restart
+  # Yes, hard RESTART. We need to be absolutely sure to enable DNSSEC.
 fi
 
 ##############################################################################
diff --git a/net/unbound/files/unbound.sh b/net/unbound/files/unbound.sh
index d918152d7..4daefda4d 100644
--- a/net/unbound/files/unbound.sh
+++ b/net/unbound/files/unbound.sh
@@ -315,7 +315,7 @@ unbound_mkdir() {
       # Debian-like package dns-root-data
       cp -p /usr/share/dns/root.hints $UNBOUND_HINTFILE
 
-    else
+    elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "iterator will use built-in root hints"
     fi
   fi
@@ -329,7 +329,7 @@ unbound_mkdir() {
     elif [ -x $UNBOUND_ANCHOR ] ; then
       $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
 
-    else
+    elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "validator will use built-in trust anchor"
     fi
   fi
@@ -526,7 +526,7 @@ unbound_conf() {
       echo
     } >> $UNBOUND_CONFFILE
 
-  else
+  elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
     logger -t unbound -s "default memory resource consumption"
   fi
 
@@ -602,7 +602,9 @@ unbound_conf() {
       ;;
 
     *)
-      logger -t unbound -s "default recursion configuration"
+      if [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+        logger -t unbound -s "default recursion configuration"
+      fi
       ;;
   esac
 
@@ -822,7 +824,11 @@ unbound_uci() {
 
     if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
       UNBOUND_D_DHCP_LINK=dnsmasq
-      logger -t unbound -s "Please use 'dhcp_link' selector instead"
+      
+      
+      if [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+        logger -t unbound -s "Please use 'dhcp_link' selector instead"
+      fi
     fi
   fi
 
@@ -835,7 +841,7 @@ unbound_uci() {
     fi
 
 
-    if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
+    if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "cannot forward to dnsmasq"
     fi
   fi
@@ -849,7 +855,7 @@ unbound_uci() {
     fi
 
 
-    if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
+    if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then
       logger -t unbound -s "cannot receive records from odhcpd"
     fi
   fi