Thinking about large environments I would like to see a way to filter who can connect and use PiHole. A list that can be setup to use IP addresses or Ranges as the only ones allowed to use it would be helpful to ensure all requests are coming from the proper systems we setup.
Not sure what you want precisely, but have you checked the settings page "advanced dns settings"?
So the thought would be this- On the network we allow only the Domain controller IP to be able to query the PiHole as a resolver not the local workstations, they would be sent to the Domain controller DNS first.
Alternatively if we were to put Pihole in AWS or something similar that we can be sure random IPs will not connect to it and use it as a resolver, only the the IPs that we specify which would be our location.
I hope that explains it a little better