Well, I am still a tiny bit confused about its behaviour in a couple of ways.
I am sure if my knowledge was better, I could do it through pfSense.
I appreciate all of your help and advice up to this point, and I take your points around "not do whatever this stuff is on your local network" 😉
In any case, I found that server 2016 does have some filtering capability, but only through powershell. Asked the question over on serverfault here and was able to come up with a solution.
I now have my DC setup to ignore any DNS queries from this client that are not for my internal domain name. This allows the client to then use the secondary DNS server specified for external resolution, which I already know goes over my VPN.
So scrapping unbound on pfSense, I am able to do what I need. It just isn't as clean as I would have liked, but as long as I don't make any infrastructure changes, it will continue to work! Happy days!
Eds