Solved this type of shenanigans some years ago with this.
New-UnboundInterface.sh - linux/rhel-like specific
# create a bridge interface for Unbound
# because Docker...
IFTYPE=bridge
IFNAME=unbound0
IPADDR=10.53.0.1
IPADDR6=fd53:fd53:fd53::1
nmcli connection add type $IFTYPE ifname $IFNAME
nmcli connection modify $IFTYPE-$IFNAME ip4 $IPADDR/32
nmcli connection modify $IFTYPE-$IFNAME ipv4.dns $IPADDR
nmcli connection modify $IFTYPE-$IFNAME ip6 $IPADDR6/64
nmcli connection modify $IFTYPE-$IFNAME ipv6.dns $IPADDR6
nmcli connection up $IFTYPE-$IFNAME
firewall-cmd --new-zone=unbound --permanent
firewall-cmd --zone=unbound --permanent --change-interface=$IFNAME
firewall-cmd --zone=unbound --permanent --add-service=dns
firewall-cmd --reload
# should be placed in /etc/unbound/conf.d
# bind to a specified IP address, allow access
server:
interface: 10.53.0.1
interface: fd53:fd53:fd53::1
access-control: 10.53.0.1/32 allow
access-control: fd53:fd53:fd53::1/128 allow
# allow queries from the Docker "bridge"
server:
access-control: 172.18.0.1/16 allow