I can only say that what you've done in Windows doesn't make a lot of sense. It's almost a bug in Windows that it lets you configure this way, and ESXi is more sensible.
Why would you need to avoid having your AD server unable to resolve public addresses? Every PC in that domain would need to point to those DNS servers, and if you don't want internal access to the Internet, breaking your DNS isn't the way to do it.