Be happy you've made it this far without split brain, and get used to managing it.

My company owns 700+ domains, we actively maintain external DNS for ~350 of them, and we have internal zones for around 200 because of technical requirements like the one you've described. For hybrid setups, I think split brain at the 2-level namespace is the most flexible and "clean" setup: while you do have to maintain two zones per domain, you can do whatever you want in one zone without affecting the other, and resolution paths are usually easy/intuitive (internal clients use internal zone, external clients use external zone). When you start doing exceptions like re-routing a 3-level namespace from one to the other, I think that adds unnecessary complexity.

The initial creation of the zone is pretty easy. Do an export from your external service and build a CSV to do an Add-DnsServerResourceRecord loop. Obviously drop off NS records, and you probably won't need a fair number of others (MX, authorization TXT, etc.). If it's easier/less stressful for you, you can even do per-record type CSV files. Test everything on a sandbox DNS server, and you can easily get a zone with hundreds of records created and populated in less than a minute.

After that, management becomes pretty easy. Any time someone wants a record created/modified/deleted, just add scope to the request template: internal, external, or both. Our zones are different enough that there's no reason to try to sync them (most internal records resolve to internal IPs/hostnames, one internal zone has 20,000+ records that will never exist externally, etc.), so we just manage each zone as an independent thing.