just a suggestion to consider an update of the unbound.conf in the guide?
You may use all private IP ranges in the config, that may occur and are suggested in the manpage of unbound (refers to RFC1918) like
Also it may be a good idea to use
or another explicit place (ie in /var) to not flood the syslog.
Just my five cents and great thank you for your work.