Yeah, dual-write is a foot gun. The problem is you're now responsible for detecting and resolving divergence in production, which is way harder than preventing it upfront.
If you actually need zero downtime, expand/contract migrations (add column, migrate data in background, cut over reads, then drop old column) work better because you're still single-source-of-truth. But honestly, 8 minutes during off-peak is the pragmatic call for most services. The operational complexity of dual-write setups compounds quickly once you add retries, partial failures, or need to debug consistency issues at 3am.