Tried again, it's saying the same thing.
Added
server:
domain-insecure: "api.met.no"
And then the output was
dig api.met.no @127.0.0.1 -p 5335
; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> api.met.no @127.0.0.1 -p 5335
;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49175 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION:
;api.met.no. IN A ;; ANSWER SECTION:
api.met.no. 300 IN A 157.249.81.141
;; Query time: 83 msec ;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP)
;; WHEN: Thu Nov 14 18:40:56 GMT 2024 ;; MSG SIZE rcvd: 55
Follow the systemd journal/logs for unbound live with below:
sudo journalctl --no-hostname --full --follow --unit unbound.service
In another shell session, run below one again:
dig api.met.no @127.0.0.1 -p 5335
And copy/paste the resulting journal/log lines that appear to here for us to analyse?
This works best if you remove Unbound as upstream for Pi-hole (configure another) so no other DNS queries coming from Pi-hole show up in the journal.
EDIT: Oh above is if you still want to troubleshoot the issue but without that domain-insecure directive that circumvents DNSSEC validation for that domain.
This indicates that your unbound instance isn't responding on that port, and never received the request. There is a problem with your local unbound install.
The only thing it says is
sudo journalctl --no-hostname --full --follow --unit unbound.service
Nov 14 18:40:35 systemd[1]: Started unbound.service - Unbound DNS server. Nov 14 18:58:14 unbound[14374]: [14374:0] info: service stopped (unbound 1.17.1). Nov 14 18:58:14 systemd[1]: Stopping unbound.service - Unbound DNS server... Nov 14 18:58:14 systemd[1]: unbound.service: Deactivated successfully.
Nov 14 18:58:14 systemd[1]: Stopped unbound.service - Unbound DNS server.
Nov 14 18:58:14 systemd[1]: unbound.service: Consumed 1.214s CPU time. Nov 14 18:58:14 systemd[1]: Starting unbound.service - Unbound DNS server... Nov 14 18:58:14 unbound[14494]: [14494:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache. Nov 14 18:58:15 unbound[14494]: [14494:0] info: start of service (unbound 1.17.1). Nov 14 18:58:15 systemd[1]: Started unbound.service - Unbound DNS server.
But Pi-Hole shows it's responding okay for everything else 
But at least we have a direction right? Is there something we can do to fix this?
Can you post output for below pls?
sudo rgrep -v '^ *#\|^ *$' /etc/unbound/unbound.conf*
The logfile directive in pi-hole.conf should be commented/hashed out for the queries to register in the journal eg:
$ sudo nano /etc/unbound/unbound.conf.d/pi-hole.conf
server:
# If no logfile is specified, syslog is used
# logfile: "/var/log/unbound/unbound.log"
verbosity: 5
You still want to dig a bit deeper but without that domain-insecure directive that seems to have fixed your issue?
$ man unbound.conf
[..]
domain-insecure: <domain name>
Sets domain name to be insecure, DNSSEC chain of trust
is ignored towards the domain name. So a trust anchor
above the domain name can not make the domain secure
with a DS record, such a DS record is then ignored.
Can be given multiple times to specify multiple do‐
mains that are treated as if unsigned. If you set
trust anchors for the domain they override this set‐
ting (and the domain is secured).
This can be useful if you want to make sure a trust
anchor for external lookups does not affect an (un‐
signed) internal domain. A DS record externally can
create validation failures for that internal domain.
So I tried another domain and I get this
dig pi-hole.net @127.0.0.1 -p 5335 ; <<>> DiG 9.18.28-1~deb12u2-Debian <<>> pi-hole.net @127.0.0.1 -p 5335 ;; global options: +cmd
;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9838;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION:
;pi-hole.net. IN A
;; ANSWER SECTION: pi-hole.net. 300 IN A 3.18.136.52
;; Query time: 55 msec
;; SERVER: 127.0.0.1#5335(127.0.0.1) (UDP) ;; WHEN: Thu Nov 14 20:31:24 GMT 2024 ;; MSG SIZE rcvd: 56
Looks good.
It didn't even fix the issue, because then pi-hole started saying unknown and home assistant still couldn't access the domain. So yes please, if it's not too much trouble.
So it's definitely just this met.no domain that is making Unbound freak out. Why me? 
Is that with that domain-insecure directive still active?
I removed it after you said to
sudo rgrep -v '^ *#\|^ *$' /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server: /etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control: /etc/unbound/unbound.conf.d/remote-control.conf: control-enable: yes /etc/unbound/unbound.conf.d/remote-control.conf: control-interface: /run/unbound.ctl /etc/unbound/unbound.conf.d/pi-hole.conf:server: /etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0 /etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1 /etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335 /etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no /etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes /etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no /etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232 /etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8 /etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
Could you do something about the CR/LF issue?
Makes it very hard to read.
Apologies, I think it's Termux, as I'm posting from a phone
I've tried to manually remedy problem, tell me if I got the line breaks wrong
sudo rgrep -v '^ *#\|^ *$' /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control: /etc/unbound/unbound.conf.d/remote-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf: control-interface: /run/unbound.ctl
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
I corrected it in the meantime 
sudo rgrep -v '^ *#\|^ *$' /etc/unbound/unbound.conf*
/etc/unbound/unbound.conf:include-toplevel: "/etc/unbound/unbound.conf.d/*.conf"
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf:server:
/etc/unbound/unbound.conf.d/root-auto-trust-anchor-file.conf: auto-trust-anchor-file: "/var/lib/unbound/root.key"
/etc/unbound/unbound.conf.d/remote-control.conf:remote-control:
/etc/unbound/unbound.conf.d/remote-control.conf: control-enable: yes
/etc/unbound/unbound.conf.d/remote-control.conf: control-interface: /run/unbound.ctl
/etc/unbound/unbound.conf.d/pi-hole.conf:server:
/etc/unbound/unbound.conf.d/pi-hole.conf: verbosity: 0
/etc/unbound/unbound.conf.d/pi-hole.conf: interface: 127.0.0.1
/etc/unbound/unbound.conf.d/pi-hole.conf: port: 5335
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip4: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-udp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-tcp: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: do-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: prefer-ip6: no
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-glue: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: harden-dnssec-stripped: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: use-caps-for-id: no
/etc/unbound/unbound.conf.d/pi-hole.conf: edns-buffer-size: 1232
/etc/unbound/unbound.conf.d/pi-hole.conf: prefetch: yes
/etc/unbound/unbound.conf.d/pi-hole.conf: num-threads: 1
/etc/unbound/unbound.conf.d/pi-hole.conf: so-rcvbuf: 1m
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 192.168.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 169.254.0.0/16
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 172.16.0.0/12
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: 10.0.0.0/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fd00::/8
/etc/unbound/unbound.conf.d/pi-hole.conf: private-address: fe80::/10
That looks dandy.
If you made any changes, run below to check syntax:
sudo unbound-checkconf
And below to apply:
sudo systemctl reload unbound.service
Then:
Our postings crossed
Still getting the same output. It looks as though nothing is happening
sudo journalctl --no-hostname --full --follow --unit unbound.service
Nov 14 18:58:14 systemd[1]: unbound.service: Consumed 1.214s CPU time.
Nov 14 18:58:14 systemd[1]: Starting unbound.service - Unbound DNS server...
Nov 14 18:58:14 unbound[14494]: [14494:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Nov 14 18:58:15 unbound[14494]: [14494:0] info: start of service (unbound 1.17.1).
Nov 14 18:58:15 systemd[1]: Started unbound.service - Unbound DNS server.
Nov 14 20:56:19 systemd[1]: Reloading unbound.service - Unbound DNS server...
Nov 14 20:56:19 unbound[14494]: [14494:0] info: service stopped (unbound 1.17.1).
Nov 14 20:56:19 unbound[14494]: [14494:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
Nov 14 20:56:19 unbound[14494]: [14494:0] info: start of service (unbound 1.17.1).
Nov 14 20:56:19 systemd[1]: Reloaded unbound.service - Unbound DNS server.