pfSense

https://nanog.org/events/nanog-96/content/5731/
https://localroot.isi.edu/about/

This is "experimental", but seems to work fine in unbound on pfsense 2.8.1 / 25.11.1

To activate and test just, add the following to the DNS Resolver -> Custom options

auth-zone:
name: "." 
url: "https://www.internic.net/domain/root.zone" 
fallback-enabled: yes
for-downstream: no
for-upstream: yes
zonefile: "root.zone" 

This basicly "mirrors" the entire root zone locally (including DNSSEC/ZONEMD signatures/checksums), improving latency etc...

This is better explained in the links above (note that the localroot.isi.edu hasn't been updated yet, so afaik, only the slides/video of the nanog-96 talk, contain currently relevant info and the correct unbound config).

My suggestion is, to either add this as a note somewhere in the DNS Resolver documentation,
or add some kind of checkbox (for testing/experimental) that add's the config section.