diff --git a/unbound.spec b/unbound.spec
index 5a7e807f5a4a4a6783817db4d0dd7120e7622bb9..661747eb12db606a98bf99dbc3706a349fc496cb 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -2,7 +2,7 @@
 
 Name:          unbound
 Version:       1.17.1
-Release:       5
+Release:       6
 Summary:       Unbound is a validating, recursive, caching DNS resolver
 License:       BSD-3-Clause
 Url:           https://nlnetlabs.nl/projects/unbound/about/
@@ -35,6 +35,8 @@ BuildRequires: gcc byacc
 
 %{?systemd_requires}
 Requires:      %{name}-libs = %{version}-%{release}
+Requires:      %{name}-anchor = %{version}-%{release}
+Recommends:    %{name}-utils = %{version}-%{release}
 Requires:      openssl
 
 %description
@@ -53,6 +55,22 @@ Requires(pre): shadow-utils
 %description libs
 Libraries for %{name}.
 
+%package anchor
+Requires: %{name}-libs = %{version}-%{release}
+Summary: DNSSEC trust anchor maintaining tool
+
+%description anchor
+Contains tool maintaining trust anchor using RFC 5011 key rollover algorithm.
+
+%package utils
+Requires: %{name}-libs = %{version}-%{release}
+Summary: Unbound DNS lookup utilities
+
+%description utils
+Contains tools for making DNS queries. Can make queries to DNS servers
+also over TLS connection or validate DNSSEC signatures. Similar to
+bind-utils.
+
 %package devel
 Summary:       Libraries and header files
 Requires:      %{name}-libs = %{version}-%{release} openssl-devel pkgconfig
@@ -149,10 +167,11 @@ useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
 %systemd_post unbound.service
 %systemd_post unbound-keygen.service
 
-%post libs
-%{?ldconfig}
-%systemd_post unbound-anchor.timer
+%post anchor
+%systemd_post unbound-anchor.service unbound-anchor.timer
+# start the timer only if installing the package to prevent starting it, if it was stopped on purpose
 if [ "$1" -eq 1 ]; then
+    # the Unit is in presets, but would be started after reboot
     /bin/systemctl start unbound-anchor.timer >/dev/null 2>&1 || :
 fi
 
@@ -160,16 +179,15 @@ fi
 %systemd_preun unbound.service
 %systemd_preun unbound-keygen.service
 
-%preun libs
-%systemd_preun unbound-anchor.timer
+%preun anchor
+%systemd_preun unbound-anchor.service unbound-anchor.timer
 
 %postun
 %systemd_postun_with_restart unbound.service
 %systemd_postun unbound-keygen.service
 
-%postun libs
-%{?ldconfig}
-%systemd_postun_with_restart unbound-anchor.timer
+%postun anchor
+%systemd_postun_with_restart unbound-anchor.service unbound-anchor.timer
 
 %triggerun -- unbound < 1.4.12-4
 /usr/bin/systemd-sysv-convert --save unbound >/dev/null 2>&1 ||:
@@ -202,27 +220,21 @@ popd
 %ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_control.key
 %ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.pem
 %ghost %attr(0640,root,unbound) %{_sysconfdir}/%{name}/unbound_server.key
-%{_sbindir}/*
-%exclude %{_sbindir}/unbound-anchor
+%{_sbindir}/unbound
+%{_sbindir}/unbound-checkconf
+%{_sbindir}/unbound-control
+%{_sbindir}/unbound-control-setup
 
 %files libs
 %defattr(-,root,root)
-%dir %attr(0755,root,root) %{_sysconfdir}/%{name}
 %if %{?openEuler:1}0
-%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
 %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
 %attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
-%{_sysconfdir}/%{name}/icannbundle.pem
 %else
-%attr(0600,root,root) %config %{_sysconfdir}/%{name}/root.key
 %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
 %attr(0600,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
-%attr(0600,root,root) %{_sysconfdir}/%{name}/icannbundle.pem
 %endif
-%{_sbindir}/unbound-anchor
 %{_libdir}/libunbound.so.*
-%{_unitdir}/unbound-anchor.timer
-%{_unitdir}/unbound-anchor.service
 
 %files -n python3-unbound
 %defattr(-,root,root)
@@ -235,11 +247,29 @@ popd
 %{_libdir}/pkgconfig/*.pc
 %{_includedir}/*
 
+%files anchor
+%dir %attr(0755,root,root) %{_sysconfdir}/%{name}
+%{_sbindir}/unbound-anchor
+%attr(0644,root,root) %config %{_sysconfdir}/%{name}/root.key
+%{_sysconfdir}/%{name}/icannbundle.pem
+%{_unitdir}/unbound-anchor.timer
+%{_unitdir}/unbound-anchor.service
+
+%files utils
+%{_sbindir}/unbound-host
+%{_sbindir}/unbound-streamtcp
+
 %files help
 %defattr(-,root,root)
 %{_mandir}/man*
 
 %changelog
+* Mon Jun 24 2024 gaihuiying <eaglegai@163.com> - 1.17.1-6
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:separate unbound-anchor and unbound-utils
+
 * Fri May 17 2024 gaihuiying <eaglegai@163.com> - 1.17.1-5
 - Type:cves
 - CVE:CVE-2024-33655