In the local network, I also have a Samknows Whitebox which runs a few test, among them DNS response time.
At the end of march I installed unbound, in parallel mode. if I were to trust my subjective feeling, the performance is the same as before but the following graph tells a different story.
Is there a good way to crosscheck these findings within openwrt? Perhaps extracing the stats from unbound and plotting them? I couldn't find a way to do that out-of-the-box with collectd.
If you measure them yourself, do you see any difference?
Install bind-dig and do a dig www.example.com | grep time
Only the first time you'll get the actual response time. Beyond that you'll see 0, because the cache will respond.
Are you using the same servers now?
Visually, looks like requests take about 150ms on average. That is time added on each new connection. Perhaps it's a reasonable price to pay.
Such a coincidence that bind-dig was already installed here 
Anyhow, that one test showed 920ms, yikes.
Of course not: when I was using dnsmasq, the only upstream was google; now with unbound there is none, all lookups are handled locally and then cached.
That's also my opinion, however I was a bit surprised that I couldn't notice the effect without a graph telling me about it.
For this reason I was looking for a way to create my own stats.
This can't be. You must have some upstream nameserver which unbound asks.
There is no single upstream, it does the standard recursive lookup from TLD downwards.
Recursive lookup can add a lot of delay.
F 192.5.5.241 2001:500:2f::f should be anycast in Italy. See if you can use that.
I know, but I'm not too worried about adding a delay: the initial goal was security / independence.
I'm just surprised that I don't feel this delay and I was looking for a way to graph stats from unbound. I still am.
I have created a /etc/unbound/root.hints.f file like this, by cutting out all lines except those for F:
. 3600000 NS F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f
In /etc/unbound/unbound_srv.conf I have added:
root-hints: "/etc/unbound/root.hints.f"
Restarted unbound from cmdline, now dig says it cannot find any servers 
Removed the root-hints keyword, restarted, works again. Same thing if I use the full unedited file: does not work. The files are readable, they're copied correctly to the chroot and I've verified it is not a firewall issue (there's only one rule to block forwards from internal network, not relevant).
EDIT: possibly fixed the hints problem, maybe a chroot issue.
Correct: root-hints: "/root.hints"
Incidentally, if I just enable the caching of zone files the lookup for example.com goes down a little bit.
EDIT: performance with just the F root server in the hints file is in the 600-800ms range, just like zone caching.
Let's drop this hints test for the moment, I'd be perfectly happy for the moment to have the ability to plot performance stats from unbound. There are examples but none for collectd.
May I ask why? Is there any issue using upstream secured servers?
I'd rather avoid it if possible: I'm skating towards more privacy and more robustness, so depending on a single upstream isn't desirable, else I would have stayed with the default dnsmasq installation.