From the netstat output, it seems port 5335 (from the official guide) is free to use.
Configure that port from the guide instead of 51234 pls?
Could you post output for below one?
sudo rgrep -v '^ *#\|^ *$' /etc/unbound/unbound.conf*
You already have Unbound configured to log to a file.
But lower verbosity to three instead of four at first bc it can be very talkative and cryptic?
After you've lowered verbosity and changed the port to 5335, run below one to apply:
sudo systemctl restart unbound.service
I dont know if you can reproduce the time-outs but if you can get it to fail, tail/follow the logs live with below:
sudo tail -F /var/log/unbound/unbound.log
Run below query in another session (if thats the domain failing):
dig pi-hole.net @127.0.0.1 -p 5335
And post the resulting log lines here pls?
Ps. you dont have to configure that root-hints: directive!
When you've installed Unbound with apt, the root hints are already installed as a dependency:
$ apt depends unbound
unbound
[..]
Depends: dns-root-data
$ dpkg -L dns-root-data
[..]
/usr/share/dns/root.hints
/usr/share/dns/root.hints.sig
/usr/share/dns/root.key
And Unbound knows where to find it without that root-hints: directive.
Another remark, dont forget to lower verbosity to zero and hash out/comment that logfile: directive when finished diagnosing!
See below two postings of mine: