windows server dns，禁用根区域请求

大家好。我遇到了一个简单的问题，但我无法解决。我有一个 DC，其域名为 sub.domain.com。我还有一个公共域，其网站为 domain.com，托管在另一台服务器和另一个 DNS 上。当我尝试从域 PC 请求 fb.com（如何举例）时。它请求 fb.com.sub.domain.com，并从我的 DC DNS 获得答案，然后 PC 请求根域 fb.com.domain.com（不带“sub”），服务器没有答案（因为没有本地记录）我如何禁止对 domain.com 的请求，并将其解析到互联网 ps 抱歉我的英语不好

查找日志

PS C:\Windows\system32> nslookup -d2 fb.com
------------
SendRequest(), len 40
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN

------------
------------
Got answer (63 bytes):
HEADER:
opcode = QUERY, id = 1, rcode = NOERROR
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 1, authority records = 0, additional = 0

QUESTIONS:
1.0.0.127.in-addr.arpa, type = PTR, class = IN
ANSWERS:
-> 1.0.0.127.in-addr.arpa
type = PTR, class = IN, dlen = 11
name = localhost
ttl = 3600 (1 hour)

------------
Server: localhost
Address: 127.0.0.1

------------
SendRequest(), len 41
HEADER:
opcode = QUERY, id = 2, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
fb.com.sub.domain.com, type = A, class = IN

------------
------------
Got answer (110 bytes):
HEADER:
opcode = QUERY, id = 2, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
fb.com.sub.domain.com, type = A, class = IN
AUTHORITY RECORDS:
-> sub.domain.com
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = dc2.sub.domain.com
responsible mail addr = hostmaster.sub.domain.com
serial = 57017
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 3600 (1 hour)
default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 41
HEADER:
opcode = QUERY, id = 3, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
fb.com.sub.domain.com, type = AAAA, class = IN

------------
------------
Got answer (110 bytes):
HEADER:
opcode = QUERY, id = 3, rcode = NXDOMAIN
header flags: response, auth. answer, want recursion, recursion avail.
questions = 1, answers = 0, authority records = 1, additional = 0

QUESTIONS:
fb.com.sub.domain.com, type = AAAA, class = IN
AUTHORITY RECORDS:
-> sub.domain.com
type = SOA, class = IN, dlen = 41
ttl = 3600 (1 hour)
primary name server = dc2.sub.domain.com
responsible mail addr = hostmaster.sub.domain.com
serial = 57017
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 3600 (1 hour)
default TTL = 3600 (1 hour)

------------
------------
SendRequest(), len 37
HEADER:
opcode = QUERY, id = 4, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
fb.com.domain.com, type = A, class = IN

------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 37
HEADER:
opcode = QUERY, id = 5, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
fb.com.domain.com, type = AAAA, class = IN

------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 24
HEADER:
opcode = QUERY, id = 6, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
fb.com, type = A, class = IN

------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
------------
SendRequest(), len 24
HEADER:
opcode = QUERY, id = 7, rcode = NOERROR
header flags: query, want recursion
questions = 1, answers = 0, authority records = 0, additional = 0

QUESTIONS:
fb.com, type = AAAA, class = IN

------------
DNS request timed out.
timeout was 2 seconds.
timeout (2 secs)
SendRequest failed
*** Request to localhost timed-out