Hi,
any specific reason for the Ubuntu DNS-Server to need multiple NICs on each VLAN?
Having multiple default gateways in your VMs routing table most likely leads to these problems. To check, you could disable all other NICs except the IoT VLAN one and see if the IoT-Machine can ping the DNS.
If you're using a firewall I would go with a single-NIC DNS-Server, establish Routing and proper Rules and then use the PFSense DNS Forwarder described here: Services — DNS Forwarder | pfSense Documentation (netgate.com)