pfSense

The pfsense server is 10.233.105.10/26

The interface I have to use for this dns query is 10.232.100.63/25

There is a static route for 10.232.0.0/16 routed over the gateway 10.232.100.1

On the pfsense server, if I put the DNS server as 10.232.100.27 it resolves fine, if I try 10.232.3.131, it doesn't return a result.

If I dig the host on the pfsense machine, it resolves fine on each DNS server, if I capture packets, the packet is still received with a valid answer.

10.232.100.63.33090 > 10.232.3.131.53: [udp sum ok] 36518+ A? portal.cpn.vwg. (32)
10.232.3.131.53 > 10.232.100.63.33090: [udp sum ok] 36518 q: A? portal.cpn.vwg. 1/0/0 portal.cpn.vwg. A 10.112.198.242 (48)

pfsense is choosing to ignore the result, there is no entry in the system log relating to a rebind attack (but is behaving exactly that way).