diff --git a/docker-build/Dockerfile b/docker-build/Dockerfile
index 7ac7847..610de65 100644
--- a/docker-build/Dockerfile
+++ b/docker-build/Dockerfile
@@ -1,5 +1,5 @@
 # Get the latest Pi-hole version
-FROM pihole/pihole:2022.02.1
+FROM pihole/pihole:2022.04.1
 
 # Install necessary programs
 RUN apt-get update && \
@@ -10,12 +10,17 @@ RUN apt-get update && \
 
 # Additional configs
 # unbound
-COPY unbound-v1.9_pihole.conf  /etc/unbound/unbound.conf.d/pihole.conf
+# COPY unbound-v1.9_pihole.conf  /etc/unbound/unbound.conf.d/pihole.conf
+COPY unbound-v1.13.1_pihole.conf  /etc/unbound/unbound.conf.d/pihole.conf
 
-# Download the DNS-Root-Zone. Change owner and move it to the right directory
+# Download the DNS-Root-Zone. 
+# Create the chroot directory.
+# Copy / move files and change owner.
 RUN wget -O root.hints https://www.internic.net/domain/named.root && \
-    mv root.hints /var/lib/unbound/ && \
-    chown unbound:unbound /var/lib/unbound/root.hints
+    mkdir /usr/local/etc/unbound && \
+    cp /var/lib/unbound/root.key /usr/local/etc/unbound/root.key && \
+    mv root.hints /usr/local/etc/unbound/ && \
+    chown -R unbound:unbound /usr/local/etc/unbound/root.*
 
 # Unbound startup script
 COPY start_unbound_and_s6_init.sh start_unbound_and_s6_init.sh
diff --git a/docker-build/VERSION b/docker-build/VERSION
index 1f761d3..5a084a4 100644
--- a/docker-build/VERSION
+++ b/docker-build/VERSION
@@ -1 +1 @@
-2022.02.1
+2022.04.1
diff --git a/docker-build/unbound-v1.13.1_pihole.conf b/docker-build/unbound-v1.13.1_pihole.conf
index e1fe9d6..9de63c0 100644
--- a/docker-build/unbound-v1.13.1_pihole.conf
+++ b/docker-build/unbound-v1.13.1_pihole.conf
@@ -1,8 +1,8 @@
 server:
     ###########################################################################
     # BASIC SETTINGS
-    ###########################################################################
-    
+    ###########################################################################   
+ 
     # Listen to for queries from clients and answer from this network interface
     # and port.
     interface: 127.0.0.1	
@@ -16,8 +16,11 @@ server:
     # and for *native* IPv6
     prefer-ip6: no
 
+    # Enable DNSSEC
+    auto-trust-anchor-file: "/usr/local/etc/unbound/root.key"
+
     # where to find root server data
-    root-hints: /var/lib/unbound/root.hints
+    root-hints: "/usr/local/etc/unbound/root.hints"
 
     # Reduce EDNS reassembly buffer size.
     # Suggested by the unbound man page to reduce fragmentation reassembly problems
@@ -104,7 +107,7 @@ server:
 
     # Enable chroot (i.e, change apparent root directory for the current
     # running process and its children)
-    #chroot: "/etc/unbound"
+    chroot: "/usr/local/etc/unbound/"
 
     # Deny queries of type ANY with an empty response.
     deny-any: yes