The domain controller is complaining about the router not resolving certain AD information which hopefully I can sort out.
Does the ZS DNS server accept dynamic DNS entries and is it zone-transferring from the domain controller properly? Active Directory changes some things fairly constantly; it’s why an AD DNS zone has such short TTL values compared to most internet DNS zones.
There’s also two DNS zones in a default AD domain; there’s the domain itself (say, example.com) and a protected subdomain (_msdcs.example.com) that contains GUIDs and such for the DCs. That’s sensitive information to AD. The DC running the DNS service treats these as separate zones. If you want ZS to mirror AD DNS completely you need to permit zone transfers for both zones. You could be foolhardy and merge the two into the same zone (Windows 2000 did this originally) but I think MS made this change so AD admins could publish their zones to the internet without exposing this sensitive information.
You’d also have to somehow permit the DC’s DNS service to accept changes to DNS written to the ZS DNS server. I think. It’s almost like permitting bi-directional zone transfers, which I don’t think works in non-AD DNS but works in AD DNS because the zones are stored in AD instead of in zone files.
It’s been a long time since I tried hosting AD DNS on anything but a domain controller. The rules changed a lot over that time.