diff --git a/.gitignore b/.gitignore
index 00e9789..4a8d2f6 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /stubby-0.3.1.tar.gz
 /stubby-0.4.0.tar.gz
+/stubby-0.4.2.tar.gz
diff --git a/sources b/sources
index bea98d2..1d95bfe 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (stubby-0.4.0.tar.gz) = 2529a42cc786f4363e9d0ea12e40fc30c197492cbec4722763f6839cc9ec922985219374f8bf7df02dea51a1029b41b46a1547028492776efbf4d7a45fe86958
+SHA512 (stubby-0.4.2.tar.gz) = baa75d78f912de7701607578846df5837fdd810f9854a9d7593395e21f2684d3fb4431eb827454d3fcbaab8906d302a9011bb0ad289dbdf788de6eea4ed478be
diff --git a/stubby-0.3.1-dnssec-ta.patch b/stubby-0.3.1-dnssec-ta.patch
index 4018f79..6454043 100644
--- a/stubby-0.3.1-dnssec-ta.patch
+++ b/stubby-0.3.1-dnssec-ta.patch
@@ -1,11 +1,28 @@
-diff -up getdns-1.6.0/stubby/stubby.yml.example.anchor getdns-1.6.0/stubby/stubby.yml.example
---- getdns-1.6.0/stubby/stubby.yml.example.anchor	2020-03-11 23:57:32.380258063 +0100
-+++ getdns-1.6.0/stubby/stubby.yml.example	2020-03-11 23:59:59.545636591 +0100
-@@ -157,6 +157,7 @@ listen_addresses:
- # Specify the location of the installed trust anchor file to override the 
+From 3dc07827ba060247b714efdc00f2fc5617163204 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Sat, 15 Oct 2022 14:21:39 +0200
+Subject: [PATCH] Use trust anchor path maintained by unbound-anchor
+
+Other packages use it as well. Point to single file, which might be
+reused by other packages. But keep the path commented out and use by
+default just built-in trust anchor.
+---
+ stubby.yml.example | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/stubby.yml.example b/stubby.yml.example
+index 1af0468..b86cd65 100644
+--- a/stubby.yml.example
++++ b/stubby.yml.example
+@@ -171,7 +171,7 @@ listen_addresses:
+ # Specify the location of the installed trust anchor files to override the
  # default location (see above)
- # dnssec_trust_anchors: "/etc/unbound/getdns-root.key"
-+dnssec_trust_anchors: "/var/lib/unbound/root.key"
+ # dnssec_trust_anchors:
+-#   - "/etc/unbound/getdns-root.key"
++#   - "/var/lib/unbound/root.key"
  
  
  ##################################  UPSTREAMS  ################################
+-- 
+2.37.3
+
diff --git a/stubby-0.4-systemd.service.patch b/stubby-0.4-systemd.service.patch
new file mode 100644
index 0000000..d44c127
--- /dev/null
+++ b/stubby-0.4-systemd.service.patch
@@ -0,0 +1,25 @@
+From 1e2779daa85957701c91bbe491693a35790e4d73 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
+Date: Sat, 15 Oct 2022 13:52:53 +0200
+Subject: [PATCH] Private users prevents running on systemd
+
+Original value does not work on systemd v250, Fedora 36.
+---
+ systemd/stubby.service | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/systemd/stubby.service b/systemd/stubby.service
+index 3cba0e6..f0e631b 100644
+--- a/systemd/stubby.service
++++ b/systemd/stubby.service
+@@ -18,7 +18,6 @@ MemoryDenyWriteExecute=true
+ NoNewPrivileges=true
+ PrivateDevices=true
+ PrivateTmp=true
+-PrivateUsers=true
+ ProtectClock=true
+ ProtectControlGroups=true
+ ProtectHome=true
+-- 
+2.37.3
+
diff --git a/stubby.spec b/stubby.spec
index 3781d50..c4f53dd 100644
--- a/stubby.spec
+++ b/stubby.spec
@@ -1,6 +1,6 @@
 Name:           stubby
-Version:        0.4.0
-Release:        3%{?dist}
+Version:        0.4.2
+Release:        2%{?dist}
 Summary:        Application that act as a local DNS Privacy stub resolver
 
 License:        BSD
@@ -11,6 +11,10 @@ Provides:       getdns-stubby = 1.7.0-1
 Obsoletes:      getdns-stubby < 1.7.0-1
 %{?systemd_requires}
 
+Patch1:         stubby-0.3.1-dnssec-ta.patch
+# https://github.com/getdnsapi/stubby/pull/324
+Patch2:         stubby-0.4-systemd.service.patch
+
 BuildRequires: gcc
 BuildRequires: make
 BuildRequires: cmake
@@ -25,7 +29,7 @@ Stubby encrypts DNS queries sent from a client machine to a
 DNS Privacy resolver increasing end user privacy.
 
 %prep
-%autosetup
+%autosetup -p1
 
 %build
 %cmake -DCMAKE_BUILD_TYPE:STRING=Release .
@@ -64,6 +68,14 @@ fi
 
 
 %changelog
+* Sat Oct 15 2022 Petr Menšík <pemensik@redhat.com> - 0.4.2-2
+- Private users do not work with dynamic users
+- Provide path to unbound-anchor key, but keep it commented out
+
+* Thu Oct 13 2022 Petr Menšík <pemensik@redhat.com> - 0.4.2-1
+- Update to 0.4.2 (#1974450)
+- Use unbound-anchor key again
+
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild