In order to enable logging in the Unbound DNS resolver, you have to add the following lines to your
/etc/unbound/unbound.conf configuration file:
server: chroot: "" logfile: /var/log/unbound.log verbosity: 1 log-queries: yes ...
Then, create the file and make sure it’s owned by the
touch /var/log/unbound.log chown unbound:unbound /var/log/unbound.log
Finally, restart Unbound:
Now you should be able to see the log:
tail -f /var/log/unbound.log  unbound[32655:0] info: 127.0.0.1 googlemail.l.google.com. A IN  unbound[32655:0] info: 127.0.0.1 acp-ss-ew1.adobe.io. A IN  unbound[32655:0] info: 127.0.0.1 clients4.google.com. A IN ...
The reason you have to add
chroot: "" is because by default unbound runs in a chroot and can’t write to
This post was tested on OpenWRT.