I have been using unbound as a caching DNS server forwarding to dnscrypt-proxy and it was working relatively well for a while (years, although about a year or so with dnscrypt-proxy) requiring no restarts for upwards of 30 days (roughly the time between system restarts); however, lately, I noticed that it frequently stops resolving. I completely disabled a process supervisor to help with debugging and why this needs restarted with no solution yet ...
Oddly enough, if I query the upstream server directly, I get the result I expect. Additionally, if I use unbound-control to do a lookup (or possibly I waited long enough when doing so), I do get a response.
I monitored traffic when this was happening and noticed that unbound is not querying the upstream server (dnscrypt-proxy) when this happens. I do not see any "errors" in the logs, so nothing obvious stands out. Unbound-control indicates the service is still running.
Other bits of information - my ad blocking list is about 15M. I was thinking that could very well be a problem; however, I don't see any documentation on how big local-zone data could be.
I had configured unbound to use up to 256m (rrset), 128m (msg) but bumped it to 512 and 256 respectively. That did not prevent the problem from occurring.
When this fails, I get a "server can't find" message:
nslookup www.youtube.com Server: 127.0.0.1 Address: 127.0.0.1#53
** server can't find www.youtube.com: SERVFAIL
I haven't had this issue since switching the connection to the upstream server to UDP.
I filed a bug report here: https://github.com/NLnetLabs/unbound/issues/89