The client is the problem here, unfortunately. Microsoft clients issue recursive queries, which will always be handled by their primary/alternate DNS server. I'm not sure if this can be turned off, but that wouldn't have been an option anyway for my clients. In our environment, we point our clients directly to the GTM and forward all non-local requests to the Microsoft DNS servers. In the GTM named configuration, I added the bold lines under the listed headers:
options {
forward only;
forwarders {
;
;
;
};
allow-query {
internal;
};
recursion yes;
};
acl internal {
/;
};