Could you instead set a _acme-challenge.example.com NS record and let the other DNS provider handle only _acme-challenge.example.com that way?
I use the NS approach too at the moment, it does feel like the natural way to do it with DNS. One downside is if your cloud provider charges per zone you end up paying for twice as many zones.
You can use sub-domains as well: _acme-challenge.example.com -> _acme-challenge.DNSAUTH.example.com, _acme-challenge.foo.example.com -> _acme-challenge.foo.dnsauth.example.com.
You can then have a small VM handle answering DNS queries just for dnsauth.example.com. Folks have written servers to do just this: