We use our own authoritative DNS Servers, 4 of them (the maximum). Our Main site (3 DNS servers there), and a DR site (1 DNS server there). The DR site authoritative DNS server is kept disabled (but would be enabled in the event of an unlikely DR situation).
The DR site DNS server is the "last" (highest) host name in the list. They are NS1, NS2, NS3, and NS4 (NS4 is the DR site DNS server).
We have used this arrangement for many years.
Recently, I had a cranky new customer notify me that some of their DNS queries had went to the DR site DNS server, and it was taking "too long" for their needs, as their DNS query would timeout with no response (well of course, since that DNS server is disabled). He said that Windows normally uses the last DNS server first (in which I really didn't believe), and then he later said it was round-robin (a more plausible possibility I guess).
I guess it would be nice to perhaps find a little better approach to this, but without doing a lot of changes in terms of the total general design. Maybe a nice tweak at the DR site, perhaps. Having that DR site DNS server timeout is an issue I guess, in general, although for a long time no one else has said anything about it.
We use Barracuda Link Ba lancers for this process. They have a firewall in them, and the authoritative DNS servers.