Active/DR DNS Deploy | Best practice
We are planning the integration between two F5 DNS in an Active/DR environment. The DNS of the active site is fully built, on the DR site there is no Primary DNS and no active DNS module in F5.
I understand that for domains/zones delegated to F5, IP resolutions for DNS query is not a problem because I can count on several balancing methods (Global Availability/Ratio/Virtual Server Score and etc...).
However, the vast majority of zones/domains are on a primary BIND nameserver, which will also be built into the DR datacenter to allow queries through its nameserver.
The DR datacenter should not receive any kind of DNS traffic while the active datacenter is available (including queries to the nameservers), and the reverse is also valid.
For this type of deploy, I would like to understand best practices to prevent the Primary DNS hosted in the DR datacenter from receiving DNS queries while the Active datacenter is operational.
I've considered conditional firewall rule creations for both sites, but I'm not sure it's the most elegant solution, and also know if when the nameserver query is rejected/dropped, the next available nameserver will be consulted (if the dns query goes to the Primary DNS DR and then got dropped will also go to the next nameserver available Primary DNS Active)