So I was trying to get DNS over TLS with serialized queries from Dnsmasq working on OpenWrt 21.02.0-rc4. I was stuck with one last issue. When rebooting unbound was failing to start because the key files were stored in /var/lib/unbound which of course gets wiped every reboot. I first tried adding unbound-control-setup to startup but even through it was running in S95done mount_root() had not finished and /var/lib/unbound was not available to the command. So I replaced it in startup with;

 while [ ! -d /var/lib/unbound ]; do sleep 2; done; unbound-control-setup &

Just wanted to share in case anyone else ran into this issue.

You'd better use a persistent storage location similar to Opkg using /usr/lib/opkg.

/var/ and /tmp/ should be in RAM mutually aliased and as TMPFS before anything else in /etc/init gets going. I don't know how mkdir -p /var/lib/unbound can possibly fail. Unless you remap some slow external spin-storage on USB?