DNS Forwarder not authoritative for all private reverse lookups

pool15

On pfSense CE 2.5.1, I'm setting up the DNS Forwarder, registering DHCP leases and static mappings. It's set to "not forward private reverse lookups", and the expectation is it will do reverse lookups for 192.168/24, but it doesn't. The dnsmasq commandline looks like it's specified correctly for this:

nobody 35308   0.5  0.2  16092  4956  -  S    18:15      0:00.03 /usr/local/sbin/dnsmasq --all-servers -C /dev/null --rebind-localhost-ok --stop-dns-rebind --dhcp-hostsfile=/etc/hosts --listen-address=192.168.1.1 --listen-address=127.0.0.1 --bind-interfaces --server=/10.in-addr.arpa/ --server=/168.192.in-addr.arpa/ --server=/16.172.in-addr.arpa/ --server=/17.172.in-addr.arpa/ --server=/18.172.in-addr.arpa/ --server=/19.172.in-addr.arpa/ --server=/20.172.in-addr.arpa/ --server=/21.172.in-addr.arpa/ --server=/22.172.in-addr.arpa/ --server=/23.172.in-addr.arpa/ --server=/24.172.in-addr.arpa/ --server=/25.172.in-addr.arpa/ --server=/26.172.in-addr.arpa/ --server=/27.172.in-addr.arpa/ --server=/28.172.in-addr.arpa/ --server=/29.172.in-addr.arpa/ --server=/30.172.in-addr.arpa/ --server=/31.172.in-addr.arpa/ --dns-forward-max=5000 --cache-size=10000 --local-ttl=1

... but the log entries for dnsmasq startup show it's configuring something different:

Apr 27 18:16:01	dnsmasq	35308	read /etc/hosts - 51 addresses
Apr 27 18:16:01	dnsmasq	35308	read /etc/hosts - 51 addresses
Apr 27 18:16:01	dnsmasq	35308	using 10 more local addresses
Apr 27 18:16:01	dnsmasq	35308	using nameserver 209.244.0.3#53
Apr 27 18:16:01	dnsmasq	35308	using nameserver 209.244.0.4#53
Apr 27 18:16:01	dnsmasq	35308	using nameserver 129.250.35.251#53
Apr 27 18:16:01	dnsmasq	35308	ignoring nameserver 127.0.0.1 - local interface
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 24.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 25.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 26.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 27.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 28.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 29.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 30.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	using only locally-known addresses for domain 31.172.in-addr.arpa
Apr 27 18:16:01	dnsmasq	35308	reading /etc/resolv.conf
Apr 27 18:16:00	dnsmasq	35308	read /etc/hosts - 51 addresses
Apr 27 18:16:00	dnsmasq	35308	read /etc/hosts - 51 addresses
Apr 27 18:15:59	dnsmasq	35308	read /etc/hosts - 51 addresses
Apr 27 18:15:59	dnsmasq	35308	using 10 more local addresses
Apr 27 18:15:59	dnsmasq	35308	using nameserver 209.244.0.3#53
Apr 27 18:15:59	dnsmasq	35308	using nameserver 209.244.0.4#53
Apr 27 18:15:59	dnsmasq	35308	using nameserver 129.250.35.251#53
Apr 27 18:15:59	dnsmasq	35308	ignoring nameserver 127.0.0.1 - local interface
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 24.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 25.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 26.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 27.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 28.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 29.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 30.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 31.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	reading /etc/resolv.conf
Apr 27 18:15:59	dnsmasq	35308	using 10 more local addresses
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 24.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 25.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 26.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 27.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 28.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 29.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 30.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	using only locally-known addresses for domain 31.172.in-addr.arpa
Apr 27 18:15:59	dnsmasq	35308	compile time options: IPv6 GNU-getopt no-DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth cryptohash DNSSEC loop-detect no-inotify dumpfile
Apr 27 18:15:59	dnsmasq	35308	started, version 2.84 cachesize 10000

i.e., it's configuring to be authoritative for the same 8 RFC1918 address ranges, twice, and ignoring the others. As expected given the syslog, it's not returning any results for lookups to 168.192.in-addr.arpa. Is this something I'm doing wrong, or is it genuinely misconfiguring itself, despite the options it was invoked with? How can I troubleshoot this further?