EDNS is an extension of the 512 bytes DNS UDP packets to allow adding additional information. It is used e.g. as well for DNSSEC. However, the first checkbox is about EDNS Client Subnet (ECS), which adds parts of the client’s subnet to the DNS request. This can be used by DNS servers to resolve names to CDN IPs which are geographically near the client to speed up it’s (final) requests. But of course this only works if the final hostname/resource is served via some CDN and if the upstream resolver and authoritative DNS server support ECS. And it can be seen as privacy issue, which is why e.g. Cloudflare doesn’t support it/doesn’t forward that info: EDNS Client Subnet - Wikipedia
If you use Unbound, you don’t need AGH to do DNSSEC as Unbound is doing it already.
For private reverse DNS you enter the IP of your DHCP server (router), yes. PTR requests are reverse DNS requests. The first checkbox below that is to resolve local PTR requests from clients via the configured local resolver (router), instead of sending them upstream, which definitly makes sense. The second checkbox is about AGH to reverse resolve IPs of it’s clients to show them in log/dashboard, AFAIK, which you can leave disabled if IPs are fine there.