Unbound DoH is waiting HTTP/2 requests. But Nginx proxy module doesn't support HTTP/2 on the upstream connections.
So you can use grpc proxy:
location /dns-query {
grpc_pass grpc://unbound-host;
}
and disable TLS for DNS-over-HTTP downstream service in unbound.conf:
http-notls-downstream: yes
Comments