BIND: Slave zone to Master zone(Windows 2012 DC) doesn't work

CodeChuck

I've searched and then tried inquiring with a few posts with no luck. So I'm reattempting again with a more detailed post about my setup.

WAN aka em0
Interface IP: 216.40.150.250
Name: fw.example.com

LAN aka em1
Interface IP: 192.168.1.1
DHCP: range 192.168.1.100-199
Got a static NAT of 216.40.150.246(external) => 192.168.1.200(internal)

OPT1 aka em2
Transparent bridge
Interface IP: 216.40.150.249
DHCP: range of 216.40.150.241-245
DHCP being served to a couple of Windows 7 VMs
Windows 2012 DC; also setup as DNS server; has static IP of 215.40.150.247

BIND master zone config file:
$TTL 1h
;
$ORIGIN snoopyfan.com.

; Database file example.com.DB for example.com zone.
; Do not edit this file!!!
; Zone version 2437079441
;
example.com. IN  SOA fw.example.com. example.com. (
2437079441 ; serial
1d ; refresh
2h ; retry
4w ; expire
1h ; default_ttl
)

;
; Zone Records
;
@ IN NS fw.example.com.
@ IN A 216.40.150.250
www IN CNAME  fw.example.com.
fw.example.com. IN A  216.40.150.250
appl.example.com. IN A  216.40.150.246
littlesheep.example.com. IN A  216.40.150.247

;
;custom zone records
;
@        IN NS  ec2.example.org.
localhost IN A 127.0.0.1

Master zone works as clients on LAN and OPT1 interfaces resolve the defined zone records.

GOAL:

1. Setup Windows 2012 as subdomain and called the new forest littlesheep.example.com; FQDN is shepherd.littlesheep.example.com

2. Setup same Windows 2012 DC as DNS server

3. In pfsense>BIND, setup ACL, Views, slave zone for littlesheep

3a) ACL includes
216.40.150.241(Windows 7 with hostname baaah)
216.40.150.242(Windows 7 with hostname lambchop)
216.40.150.243
216.40.150.244
216.40.150.245
216.40.150.247(Windows 2012 DC with DNS)

3b) View Name is "littlesheep
Recursive "YES"
Match-Client "littlesheep"
Allow-recursion "littlesheep"

3c) Zone Name is littlesheep.example.com
Zone Type "slave"
View "littlesheep"
Master Zone IP "216.40.150.247"
Allow-Query "littlesheep"
Allow-transfer "littlesheep"
Zone Domain Records:
  www cname littlesheep.example.com.
  littlesheep.example.com. A 216.40.150.247
  appl.example.com. A 216.40.150.246
  fw.example.com. A 216.40.150.246

WHERE I'M STUCK

4. On shepherd(DC), I set it to all transfer for ANY.  I go to one of my Windows 7 box and try to join it to littlesheep.example.com, I get this message:

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "littlesheep.example.com":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.littlesheep.example.com

Common causes of this error include the following:

• The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

216.40.150.250

• One or more of the following zones do not include delegation to its child zone:

littlesheep.example.com
example.com
com
. (the root zone)

I thought by setting up the slave zone with the littlesheep view, the Windows 7 VMs should be able to join the domain but it doesn't.  When I'm at the Windows 7 VM, I can ping littlesheep.example.com and it resolves.  If I'm on the Windows 7 VMs, and I manually add the DC IP 216.40.150.247 in the DNS field in network properties, I can join the domain.  But on the Windows 7 VM, DHCP DNS address is of the pfsense(216.40.150.250), it won't join.

Any ideas what's happening here?