Broken host overrides in DNS resolver (sometimes)
If we have host override in pfSense "DNS resolver", pfSense should never ever return public IP for overriden host.
Sometimes pfSense returns external IP of overriden host in additional section of reply to MX-type query (i.e. Unbound do not respect own host overrides when inserts additional info in replies). May be it's Unbound's bug.
How to solve:
Add "minimal-responses: yes" to default Unbound config and prevent Unbount from returning additional info in replies.
Sorry but you have not shown this to be happening... As I brought up over 2 years ago you sure your client is not pointing to some other NS as well as pfsense.
Please show the query to unbound showing you get back the additional A records for the MX... Out of the box unbound defaults to min responses YES... So it will not send any additional records unless they are specifically queried..
I have given multiple examples of this in the thread..
unbound was updated with 2.4.4p1 - its possible that old version of unbound was not using default yes? for min responses?