Currently we have a following setup. We have two domain controllers which also serve as DNS servers, used as resolvers by local clients. We also have external autoritative DNS servers for exact same DNS zone, just for servicing outside world. This leads to a situation when the same record has to be entered twice on both server groups.
One obvious resolution is to use only internal servers and eliminate external server group. We use NAT and all internal servers have address from private ranges, eg. 192.168.1.0 Requests from outside world are forwarded to whatever machine is needed.
The question is how to avoid leaking internal addresses (that will resolve to 192.168...) if internal DNS servers start serving external requests?
We have a similar setup, but I have purposely kept the external DNS on different servers than the internal DNS for security reasons. As soon as you move the external DNS to the same server as your internal which is also Active Directory, you have to open a hole up for resolvers to the same machine that serves your internal Active Directory. If there is a flaw that crops up in the DNS service (as there have been in the past), then an attacker can potentially compromise your internal Active Directory machine. By keeping internal and external DNS on separate machines, you do not have to open up anything through the firewall to the internal DNS/Active Directory box keeping it much safer IMHO.
Having a zone duplicated intranet/internet is called "split brain" and you have outlined the pros/cons nicely. Now you must choose on the pluses and minuses. Hint; live with duplicate updates for the few records that have to be on the internet.
The answer depends in part on the firewall you are using as some firewalls will take care of the DNS translations for you. Whether you want to rely on your firewall to this degree is a big question (at least in my mind). It's also unclear to me whether all/most firewalls offer such capability meaning you may find yourself stuck with what you have, or at least a subset of vendors once you've removed the external DNS servers.
Back to your current setup (and the hassle of doing things twice), it sounds like something that could very easily be automated.
Finally, if depending on why you're interested in eliminating the extra servers you may want to consider outsourcing external DNS service.