I believe that the dns forwarder should be used for //all// dnsqueries which Samba cannot serve it's self, even ones that are part of the local domain. There are at least two obvious use cases for this scenerio. For both of these examples the domain name is: example.com The first example is where not all hosts for the domain are local and are not managed locally. They would be located based on the global public DNS records. The second case, which is where I am falling, is that I need to have DNS working as a pre-requisite for systems that must come online before the domain can startup. I already have to manage a configuration there, but I am not using BIND so it makes sense to have any non-successful queries sent to the forwarder, as I had expected the setting acted. Based on tcpdump, the currently observed behavior is that Samba chooses to forward or not based entirely on the domain of the query, instead of forwarding all questions it does not have a successful answer for.
Search results finally lead me to ask a slightly different version of this question: https://wiki.samba.org/index.php/Active_Directory_Naming_FAQ How can I make Samba //NOT// be an authoritative DNS server? Should this be configurable, that would be particularly useful for legacy installations (such as what I'm working with).
let's not discuss all kinds of DNS configurations here. The bug/feature request was about forward DNS queries for the own example.com domain to the forwarder. This will not be supported. If you want to make any (deprecated/unsupported) hacks like that, then you should do such thing on a different DNS server, wherer you configured the example.com zone as a forwarding zone with the coresponding DNS servers as forwarders.