monitor local resolves to check if unbound fails
In #41639 (closed) we have a point about replicating what was being done with the dsa-check-unbound-anchors
script. That script is looking up files in the unbound-specific directory to check whether there's garbage old files or invalid keys present in the directory.
We may want to replicate this monitoring rather by verifying the symptom, so by poking around DNS and checking if key anchors are valid for outside users.