AdguardHome->Unbound->NextDNS TLS - breaks some things like TV streams auth?

[burntoc]

With the awesome community online I've been able to get Unbound using NextDNS TLS via custom options.  Works great.  I'd rather use AdguardHome on my OPNsense box for initial name resolution and filtering as it has much better reporting and control for me, then have it use Unbound as the upstream and on to NextDNS beyond that. 

When I change the port on Unbound, activate AdguardHome and specify Unbound as the upstream (and the PTR host for local hostname resolution as I continue to use OPNsense for DHCP), most everything seems to work just fine.  I have a Channels DVR, however, that pulls in TVE tv streams from a couple of providers to integrate into a guide and DVR for me, but when I introduce the Adguardhome to Unbound step then Channels can no longer operate properly.  It seems it authenticates via an Adobe auth mechanism to the various TVE stream providers ant this breaks.  There may be other issues I haven't yet uncovered, but it seems like most everything else works just fine. 

I can't figure out why this is working so well yet not quite completely functional.  Any of you DNS gurus have an idea of what might be going on?

[burntoc]

Fixed it by manually specifying the IP address of my OPNsense firewall in the container's Extra Parameters area in Unraid.