Hello Benoit
Our Customers ADS Server keeps autocreating one records like this: gc._msdcs.web.EXAMPLE.COM 1800 IN A 192.0.2.44
Which is kinda expected for an Active Directory DNS Zone. In fact what you see here is actually a glue record for the whole AD-part, as the _msdcs-part, which contains all the super duper secret special sauce of Active Directory, is a sub-zone within the named ad-zone.
So basically your customer made the error to use a real-world zone name (EXAMPLE.COM) as his AD-Name instead of EXAMPLE.LOCAL which would stay internal and have another, non ad-zone configured for the external domain.
It all comes down to the point that you should never try to use BIND as a secondary DNS of an AD-Zone as Microsoft apparently violate the RFCs as you already pointed out.