Thanks for doing so!
As mentioned above, we don't use the default edns-buffer-size
because of IP fragmentation attacks against DNS, so that gives me pause to just adjust it back immediately. I/we need to run back through that paper and make sure we know what we're doing.
However, we need to get an unboundtest.com log into the Unbound issues list for them to take a look at this, pointing particularly at DNS-01 challenge fails since unbound 1.18. TXT records can be fetch using unbound 1.16 but not 1.18 1.19 - #12 by JonhBonJob I think . @JonhBonJob since you have the most context, can you open that bug report at Unbound?
Meanwhile, we're now discussing this internally, too, and we'll be happy to weigh in on the Unbound issue.