The solution pihole + unbound is easy to implement, you already have it working'. @DL6ER has documented it well in his wiki.
If you use unbound with pihole, you should disable DNSSEC in pihole (settings) and have DNSSEC records evaluated by unbound.
Why is this currently the preferred solution? see here.