I'm currently working on unraveling the Active Directory Integrated DNS vulns reported by Dirk-jan Mollema, CVE-2020-0761 and CVE-2020-0718 (and the likely related CVE-2020-0856 found internally at MS) and oof are there a lot of layers involved here.
Dirk-jan mentioned he plans on doing a blog post on it at some point, but it's always fun to have it figured out before the details are public 😀