@edanpedragosa thanks for reporting this. I will investigate further. Regarding your workaround, we support tight integration with built-in resolver which is still sometimes used directly by pfSense.
To survive reboot, make sure DNS Resolver is bound to interface localhost only and then create a forwarding rule for gateway.lan to be forwarded to 127.0.0.1.
The full unbound integration article is here: https://support.adamnet.works/t/dns-bindings-practices-when-combining-with-unbound/609