Windows domain, dns, and auth over wireguard vpn

First off, sorry if this is not the right place or this has been answered already, I looked around for a better place to post my question but this seemed best.

My issue is resolving DNS and Windows domain auth over the VPN. I cant seem to get it working so for example gpupdate doesnt work, \\mydomain\myshare doesnt work, etc. I'll go into more details below.

- I have a Firewalla Gold with Wireguard running on it

- I have 1 Windows server we'll call ServerA. This server is the only DC and also my DNS server. I'll give it the ip of 10.1.1.3.

- I have several clients but I'll focus on 1 since they all have the same issue. We'll call it ClientA with ip of 10.1.1.100. The subnet is 10.1.1.0/24.

- My domain is DomainA and from the internet it is DomainA.com. I have a * record in both internal and external dns pointing to my firewalla public ip, lets say it is 74.74.74.74.

- I have a host file on my client pointing ServerA, ServerA.DomainA.com, DomainA, DomainA.com all to 10.1.1.3 (this was for troubleshooting, I prefer to remove it)

When I'm locally connected, everything works fine.

My Wireguard configuration is 

Address = 10.1.2.100/32

DNS = 10.1.1.3

AllowedIPs = 10.1.1.0/24, 10.1.2.0/24

So far this all works 100% it routes internal traffic through the vpn and everything else directly out the internet. Note that I tried this all with 0.0.0.0/0 and it had the same issue.

I connect to the VPN

- ping ServerA, ServerA.domainA.com both resolve correctly

- nslookup ServerA gives a non-auth answer with the public IP. even when I explicitly set the server to ServerA. Why? My ServerA dns server is the auth and domain integrated.

- \\ServerA\MyShare - share not found

- \\ServerA.DomainA.com\MyShare - it asks me to auth

-\\10.1.1.3\MyShare - works! (strictnamechecking and loopback have been disabled)

I spent hours with CoPilot trying different things and nothing is getting me any closer. Any tips or help would be greatly appreciated.