I found today your page (unbound - Pi-hole documentation) for Unbound together with Pi-Hole and I propose some improvements.
do not use the following parameter "so-rcvbuf" together with activated AppArmor (see below: 2c) to avoid errors/warnings:
Ensure kernel buffer is large enough to not lose messages in traffic spikes
Logging (unbound - Pi-hole documentation):
a. You must also "include" or uncomment the "/etc/apparmor.d/local/usr.sbin.unbound" into "/etc/apparmor.d/usr.sbin.unbound" before restart AppArmor.
b. Please amend (apparmor instead of unbound):
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.unbound
sudo service unbound restart
c. Before(!) you can restart apparmor it must run really correctly. This is not the case at many systems (like mine, before...). It would be good to mention that it should be checked if in the /boot/cmdline.txt the following parameters are (additionally) set:
I hope you find my proposals useful,