Recursive queries through authoritative server

[John Oliver]

I'm dealing with an environment where domain.com is, of course,
delegated in the root servers, but there is also a set of Windows AD
servers that are authoritative for domain.com.  I wanted to manage DNS
for my labs, so, in the AD servers, I delegated sub.domain.com to a
couple of centOS servers running bind.  Now, "the powers that be" want
all of my lab machines to use my DNS servers rather than the AD servers.
The problem with this is, all queries for domain.com are now handled via
the root servers to the servers handling the "real" domain.com, which is
completely different from the zone served by the AD servers.  On top of
that, reverse DNS no longer works.

I could add zones for domain.com and all in-addr.arpa zones consiting of
NS records, but that doesn't feel right.  Also, it wouldn't help the
next time someone adds an IP range that's being handled by AD.

Is there a way to tell my bind servers to forward all queries they don't
have an answer for up to the AD servers?  Could it be as simple as
configuring them to use the AD servers as root servers?  Would that keep
Internet name resolution working properly?

-- 
* John Oliver                              http://www.john-oliver.net/ *