Hi,
This is the expected behavior, when domain controller sends request to external DNS for resoluition, it will send it with its own IP.
Is there any way to monitor the request before it reaches to your internal domain controller ? you may put an ACL at your core switch with a entry matching destination IP of the host with logging, ACL will be having permit only statements.
or you can check your Domain controller for the queries it received for the DNS resolution