diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge
index 64306bc9b..e3da4860b 100644
--- a/config/unbound/unbound-dhcp-leases-bridge
+++ b/config/unbound/unbound-dhcp-leases-bridge
@@ -28,6 +28,7 @@ import logging.handlers
 import os
 import re
 import signal
+import stat
 import subprocess
 import tempfile
 
@@ -528,6 +529,9 @@ class UnboundConfigWriter(object):
 				for rr in l.rrset:
 					f.write("local-data: \"%s\"\n" % " ".join(rr))
 
+			# Make file readable for everyone
+			os.fchmod(f.fileno(), stat.S_IRUSR|stat.S_IWUSR|stat.S_IRGRP|stat.S_IROTH)
+
 		os.rename(filename, self.path)
 
 	def _control(self, *args):
diff --git a/src/scripts/convert-dns-settings b/src/scripts/convert-dns-settings
index de12b30e3..04a5344f7 100755
--- a/src/scripts/convert-dns-settings
+++ b/src/scripts/convert-dns-settings
@@ -87,6 +87,9 @@ main() {
 
 	# Set correct ownership.
 	chown nobody:nobody /var/ipfire/dns/servers
+
+	# Make DHCP leases readable for nobody
+	chown 644 /etc/unbound/dhcp-leases.conf
 }
 
 main "$@" || exit $?