diff --git a/unbound.spec b/unbound.spec
index 1303e48..453f964 100644
--- a/unbound.spec
+++ b/unbound.spec
@@ -53,6 +53,7 @@ Source17: unbound-anchor.service
 Source18: https://nlnetlabs.nl/downloads/%{name}/%{name}-%{version}%{?extra_version}.tar.gz.asc
 # source: https://nlnetlabs.nl/people/
 Source19: https://keys.openpgp.org/pks/lookup?op=get&search=0x9F6F1C2D7E045F8D#/wouter.nlnetlabs.nl.key
+Source20: unbound.sysusers
 
 
 BuildRequires: gcc, make
@@ -92,6 +93,7 @@ Requires: %{name}-anchor%{?_isa} = %{version}-%{release}
 Recommends: %{name}-utils%{?_isa} = %{version}-%{release}
 # unbound-keygen.service requires it, bug #2116790
 Requires: openssl
+Requires(pre): systemd-sysusers
 
 %description
 Unbound is a validating, recursive, and caching DNS(SEC) resolver.
@@ -290,6 +292,7 @@ install -p -m 0644 %{SOURCE17} %{buildroot}%{_unitdir}/unbound-anchor.service
 install -p -m 0755 %{SOURCE2} %{buildroot}%{_sysconfdir}/unbound
 install -p -m 0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/unbound
 install -p -m 0644 %{SOURCE14} %{buildroot}%{_sysconfdir}/sysconfig/unbound
+install -p -D -m 0644 %{SOURCE20} %{buildroot}%{_sysusersdir}/%{name}.sysusers
 %if %{with_munin}
 # Install munin plugin and its softlinks
 install -d -m 0755 %{buildroot}%{_sysconfdir}/munin/plugin-conf.d
@@ -342,10 +345,7 @@ echo ".so man8/unbound-control.8" > %{buildroot}/%{_mandir}/man8/unbound-control
 
 
 %pre libs
-getent group unbound >/dev/null || groupadd -r unbound
-getent passwd unbound >/dev/null || \
-useradd -r -g unbound -d %{_sysconfdir}/unbound -s /sbin/nologin \
--c "Unbound DNS resolver" unbound
+%sysusers_create_compat %{SOURCE20}
 
 %post
 %systemd_post unbound.service
@@ -452,7 +452,8 @@ popd
 %doc doc/README
 %license doc/LICENSE
 %attr(0755,root,root) %dir %{_sysconfdir}/%{name}
-%{_libdir}/libunbound.so.*
+%{_sysusersdir}/%{name}.sysusers
+%{_libdir}/libunbound.so.8*
 %dir %attr(0755,unbound,unbound) %{_sharedstatedir}/%{name}
 %attr(0644,unbound,unbound) %config %{_sharedstatedir}/%{name}/root.key
 # just left for backwards compat with user changed unbound.conf files - format is different!
@@ -476,6 +477,7 @@ popd
 %changelog
 * Thu Dec 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-2
 - Move unbound user creation to libs (#2149036)
+- Use systemd-sysusers for user creation (#2105416)
 
 * Tue Nov 01 2022 Petr Menšík <pemensik@redhat.com> - 1.17.0-1
 - Update to 1.17.0 (#2134348)
diff --git a/unbound.sysusers b/unbound.sysusers
new file mode 100644
index 0000000..6614682
--- /dev/null
+++ b/unbound.sysusers
@@ -0,0 +1 @@
+u unbound - "Unbound DNS resolver" /var/lib/unbound /sbin/nologin