I'm using Powershell to develop some custom DNS management tools for Server 2016 / 2019 for multiple domains.
Implementing split brain DNS as outlined on Microsoft recommendations (https://docs.microsoft.com/en-us/windows-server/networking/dns/deploy/split-brain-dns-deployment) requires an additional zone scope to contain public IP addresses for the zone, while the default zone scope contains private / internal addresses.
All works well when configuring the primary, non-AD server. Names resolve as expected, and the primary DNS server is well behaved.
The problem arises when configuring the secondary server for the zone. Creating any records in the additional zone scope of the secondary server fails:
and Powershell complains vehemently with a Win32 9703 error, which simple means that a node can't be created in DNS.
The conclusions of my efforts and research say that a zone scope on a secondary server is pretty much useless - you can create one, you just can't populate it with any records in an automated fashion. Perhaps it can be created by copying and hacking zone files, but it seems this defeats the purpose of DNS management and would quickly become impractical in a large scale DNS implementation.
If the secondary server is changed to be primary then all DNS commands work as expected, which tells me that it's not a problem with command syntax or execution (the same commands function properly on all primary DNS servers). Of course making both servers primary defeats the purpose of zone replication, so that's not an answer either - you're back to the same problem of maintaining multiple servers for the same zone.
In summary, it seems that unless you're using zones that are Active Directory integrated, you're pretty much hosed in trying to implement a multi-server split-brain DNS policy. There are many implications of this fact in online forums, but no concise and definitive statement of the fact.