I don't think its clear yet whether this is a problem with our Unbound configuration or the remote server.</s.
EDIT: In this case I'm fairly confident it is not our Unbound configuration/server.
I shared an Unbound configuration in the original thread this was split from that can be used to try and replicate locally. The OP in that thread seems to have success with that. It's not the exact configuration we run in production but seems sufficient for replicating the issue in so much as I understand it presently. Can you give that a shot? I can also provide some logs & pcaps if you share an affected domain name.
I think this was likely always a problem but was masked until our CAA SERVFAIL change.