Why my Pi-hole was logging tens of thousands of queries against my default gateway for domain SRV records

If you're running Pi-hole (which you should if you can, it's awesome - you can even run it on a virtual machine) and also happen to be running it in an Active Directory environment, there are various recommendations regarding how to configure it dotted around on the internet.

Even having followed everything I've read, I was seeing some very unusual traffic where there would be regular incredibly large batches of SRV queries against some of the domain DNS entries like _ldap._tcp.dc._msdcs.mydomain.local which looked more than a little odd. These queries would tick-up at a rate of knots, 10s of them a second, and all were showing as originating from my UniFi USG device despite the fact that this would have no cause to be making these requests. Because I run a lab environment with multiple domains, subnets and VLANs my immediate suspicion was that one of the secondary domains had got itself a little broken but the inter-domain trust appeared fine and there was a distinct lack of errors or warnings in the Event Log in any domains that may be involved.

Eventually (by trial and error, sitting, watching and waiting) I narrowed it down to having the Use Conditional Forwarding setting in the Pi-hole configured to query the USG:

Changing this to the IP address of one of the primary domains controllers stopped this massive number of queries from being logged with no negative impact on domain behaviour. This also substantially reduced the rate at which logs on the Pi-hole grew, for obvious reasons.