Active Directory DNS server security misconfiguration or an acceptable practice?

I work for a large Eastern European bank as a programmer.

Recently, I was setting up a documentation website for my team. We came up with the host name, and now all we needed was to pick the best suitable zone for it and send a request to IT support team to create a new DNS record.

So, I fired up PowerShell and loaded DnsServer module to list available DNS zones (I was unaware at the time, that ordinary users, generally, can not enumerate anything on AD DNS server. Access SHOULD be denied by default).

The Get-DnsServerZone cmdlet promptly listed all available zones. I've picked one, and to make sure there were no similar host names in this zone, ran Get-DnsServerResourceRecord command too. Everything worked fine.

While I was at it, out of curiosity, I decided to explore "Add-*" commands too: Add-DnsServerResourceRecordA, Add-DnsServerResourceRecordCName etc. I did not expect these to work at all, but, to my great surprise, cmdlets did not throw errors - they completed successfully!!!

I've verified created records using Get-DnsServerResourceRecord and nslookup. Also ran same commands using non-privileged technical user account (which belongs only to DOMAIN\Users group and nothing else) and got same result: DNS records were added successfully. Looks like any authenticated user can create DNS records. This does not feel right.

The Question:

Is this an acceptable practice or a security misconfiguration? Should I report it?

(I have not reported it yet, because of lots of beaurocracy involved. Also I dont want to attract unneeded attention. We have quite unhealthy culture and broken communication here - this is a bank, after all).