Access a Cloudflare Tunnel internally because of local Active Directory DNS

Not sure if it’s possible to point a record from Microsoft AD DNS to a Cloudflare tunnel.

The tunnel works from all networks except the network where the server is hosted. Endpoints DNS point to Active Directory DNS, where the root domain is the same as AD (domain.com, so I can’t resolve subdomain.domain.com because that isn’t sent to external DNS). I can create a record for subdomain.domain.com in AD DNS, but not sure where I can point it to. Usually, you would point this at the IP of the web server, but I want it to use the Cloudflare tunnel.

I’m looking for the same solution.
Our DC is the authoritive DNS server for our domain.
test[dot]domain[dot]com isn’t know internally, but Cloudflare knows it because of the cloudflared tunnel.
However, since the DC is authoritive, it doesn’t lookup the request to the forwarders but answers a ‘I don’t know’.
To what should I point the record in the DC?
Or could I point to the Cloudflare DNS and have the Cloudflare DNS look at the DC for local traffic?