Tried to make domain from one PFsense accessible to another PFsense using domain overrides in DNS resolver (unbound). Apparently unbound is miss configured as default so it does not find the route to the other pfsense box. Changing Outgoing Network Interfaces fixes it.
in the DNS Resolver page, set “Outgoing Network Interfaces” to LAN and localhost
Save and try again. Should work. This is a known quirk of DNS over IPSEC tunnels.