unbound

Hi!

I have unbound from ports on FreeBSD 14.0 which I use for DNS over TLS.
In /etc/resov.conf I have 
nameserver 127.0.0.1
options edns0

and in /usr/loca/etc/unbound/unbound.conf I have
server: port:53
directory: /usr/local/etc/unbound
username: unbound
chroot: /usr/local/etc/unbound 
tls-cert-bundle: /etc/ssl/cert.pem
module-config: "validator iterator" 
access-control: 127.0.0.1/8  allow  
....
....

forward-zone: 
name: "." 
forward-tls-upstream: yes forward-first: no
forward-addr:  9.9.9.9@853#dns.quad9.net 
forward-addr: 149.112.112.112@853#dns.quad9.net

And it doesn't works but google, cloadflare have not problem.
Than I added auto-trust-anchor-file:
And start works except claws-mail.
I am using IPFW firewal, default workstation and it blocks
ipfw: 65500 Deny TCP 149.112.112.112:853 192.168.1.194:18760 in via
lagg0
ipfw: 65500 Deny TCP 9.9.9.9:853 192.168.1.194:15141 in via lagg0

What should be the reason, please?

Thank you.

-- 
"If you can't explain it to a six year old, you don't understand it
yourself." — Albert Einstein