PSA around unbound forwarding to dnsmasq - check Unbound local zone type

[dopey1620]

I decided to migrate to the new "default" dnsmasq + unbound configuration.  Previously just using ISC + unbound.  Tried out Kea, but lack of dynamic lease registration is a problem for me.
Followed this
https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
and .... DNS forwarding in unbound was NOT working.

I couldn't figure out why, I enabled max verbosity and debug logging and nothing seemed to pop out at me.  ChatGPT, Gemini, Copilot, went to the usual AI sources hoping for some idea.  Nope. nothing.

I have a spare mini PC that i randomly install fresh versions of opnsense on to test, and I tried it there, and it just worked.   so WTF!!

Compared my unbound configuration with my regular opnsense router and... I don't know why I did this but I had previously set the unbound local zone type to `static` from the default of transparent.  After consulting the unbound documentation, it's now clear in hindsight why this wasn't working at all.

I've been running opnsense for many many years now, upgrading and upgrading  I set up the unbound configuration long long ago.  No idea why I set it to static.

Thought I'd post this here in case anyone else tries and runs across the same problem - double check your Unbound configuration and specifically Local Zone Type :)