resources in the prod zone scope
Are you able to provide a bit more information on what you mean by this. The DNS policies support the following ways to identify how to apply the policy, fqdn being queried, client's IP/range, query type, transport or IP protocol used. I'm not aware of a method that will enable you to specific if the client's FQDN is a member of a specific zone.
Typically you would create clientsubnet which contains the IP addresses or range of the production machines, then create a policy to ignore or deny query for the qa.{redacted}.internal zone based on the clientsubnet.
Add-DnsserverClientsubnet -name Prod -ipv4subnet 192.168.1.38/32
Add-DNSServerQueryResolutionPolicy -name blockprod -action ignore -fqdn "EQ,*.blocked.com" -clientsubnet "EQ,Prod"
the filename field was blank
If this is related to the output of the Get-DNSServerZoneScope cmdlet, then this means that the DNS zone has been stored in the Active Directory.
Please provide the details of the approaches you have tried already, as it might help understand why it's failing.
Gary.