I've checked my servers and must add a detail for transparency: Some of my servers have resolvconf, some don't. Including some at the same providers. I myself don't recall ever installing it consciously. Unfortunately I don't have my previous resolvers available anymore to check if they had resolvconf or not. So it is possible that it's my first time having both resolvconf and Unbound installed on a single machine and therefore it would still be my first time encountering the case/issue.
Daniel's proposition seems reasonable to me. A separate package for the forwarding hook would make the choice explicit and conscious, which addresses the core issue: users should not have their privacy silently reduced without opting in. Though it adds complexity for maintainers. Thanks, LRob
