DNS failover not working during windows update

In my network i am running with two DNS servers installed on with active directory.
Recently we came across one issue during windows security update. On Primary DNS server we installed Windows security update and we restarted server after installation, but because some issue server stuck in restart and started reverting back. During this stage we observed loss of connectivity on client nodes, some application stopped working even though alternet DNS server is defined on NIC and is healthy. Clients are not querying alternate DNS as primary dns is pingable but stuck in Windows updating stage.
We try to restart client nodes but they are taking very long time go restart and relogin.

So question here is why clients not looking go alternate DNS and additional DC ? Why primary DNS nOt declared completely fail?
