Switching from the DNS forwarder to the Unbound resolver has many benefits for your OpnSense system. The main one is that Unbound can also use DNSSEC for validating requests.
To switch, simply follow the steps.
Step 1. Have an OpnSense installation up and running
Step 2. Login to https://192.168.1.1
Step 3. Select Services > DNS Forwarder and disable it
Step 4. Select Services > DNS Resolver > General and enable it, also enable DNSSEC (if your DNS servers support it) and “Enable Forwarding Mode” should be turned on.
Step 5. Save and Reboot for some piece of mind, and enjoy!