[Samba] Samba4 Internal DNS and pfSense DNS Resolver

[Sonic]

I don't use pfSense but I do use Unbound (pfSense may use it) as a DNS
cache for my networks. Basic setup is all clients use the Unbound server
for DNS resolution, and Unbound has a stub-zone (or zones) that point(s) to
the authoritative DNS server(s) - in some cases it's a Samba AD, in some a
Windows AD or in others another authoritative server such as NSD. The
authoritative DNS servers do no recursion.

It's quite flexible and if you need/want you can easily inject records
and/or hijack domains.