What I am unclear on is what routes I will need to set and why DA hasn't created it automatically? The only thing I can think is that the network adapter already had a static IPv6 address assigned when I started configuring DA so it didn't have full control
over as much as usual.
Hi. The only routing you might need to configure is this:

Still, with single AD domain name structure, your AD's fqdn will be added here with IPv6 automatically, which means that traffic into your internal domain will be routed via DA server, as designed.
Static IPv6 is okay. You might want to check, is the IPv6 prefix the same as in DA Client GPO policies. DA server should generate IPv6 prefix and IPv6 subnet based on LAN configuration and write it to the client policies. After this, from client side first
thing to check is, that do the clients receve the same IPv6 prefix as they should, based on GPO.
Most commin mistake in DA is, that clients can´t reach NLS and they cannot decide, are they in corporate network or external.
MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.