Failover dns not working and not sure how to troubleshoot

1. The way Active Directory's multiple-master replication works is quite different from the DNS protocol's primary/secondary replication model. So a secondary copy of the records is truly "secondary", in that it is always refreshed from the master.
2. Not quite sure what you mean... Can you clarify?
3. We need secondary zones because that's the way every other DNS server in the world works, including the industry standard one, BIND. Many companies have their BIND services running on large UNIX servers, and the Windows AD/DNS servers just have a secondary copy.
4. Yes, each domain controller keeps a full copy of all the AD & DNS data (with some minor exceptions--read up on Global Catalogs and FSMO roles).
5. Sort of... there's no built-in command to do this, but you can use BIND tools and a copy of the data from the secondary to fill out a new primary zone. It's not advisable, though.
6. No, you still have full control over zone transfer security. The quoted line is saying that the SOA, NS and A-records which point to the zone's primary & secondary name servers are always available for all clients to read, which means that they could use the info to create their own stub zone if they wanted to.

This could be due to a couple of different things:

1) Are your clients obtaining IPs via a Windows DHCP Server? If so, your DHCP server may not be configured to auto-register their IP with the DNS server.

To check, right-click your DHCP scope and go to properties. On the DNS tab enable DNS dynamic updates and set to "Always dynamically update..." Also enable Dynamic Update for clients that do not request updates.

1a) Even if these are enabled, you might need to make sure the DHCP server has permissions to update DNS records. If your DHCP server is also a domain controller, then you are probably fine, if not, then you may want to see if the DHCP server is a member of the "DnsUpdateProxy" group in AD. Then check the Security tab on the Reverse Zone and make sure that group is authorized to create all child objects (DNS records)

2) If your statically-configured hosts are not updating the reverse zone, make sure their NICs are configured to register their IP in DNS (Windows hosts are enabled for this by default). If they are in the forward zone but not the reverse, then something else is going on...

3) If the issue is that your reverse zones are mismatched between domain controllers (meaning a host was able to register with one of the DCs, but the registration did not get replicated to the others) it could mean the zones themselves aren't replicating between domain controllers. Make sure the reverse zone is AD-Integrated and also check the Zone Transfers tab and make sure they are allowed (generally Only to servers listed on the Name Servers tab). Also make sure your DNS server are listed on the Name Servers tab.

That's all I can think of for now...

EDIT

Ok so given that your DHCP server is not registering the records on behalf of the clients, and aside from your windows clients not being set to register with DNS on their NICs (which you should verify in TCP/IP properties on the client NIC), I would check the security settings on your reverse zone to make sure clients are allowed to register in the reverse zone. This article covers the default security settings for DNS zones: http://technet.microsoft.com/en-us/library/cc780538%28WS.10%29.aspx If the settings are jacked up (or even if they are fine), you might try just blowing away the reverse zone and recreating it since you basically have a non-functioning reverse zone as it is...

Try running an "ipconfig /registerdns" on one of the clients and see if it adds a record to the reverse zone. If it didn't, you might try looking in the DNS event log on the server to see if there are any issues there. I'm not sure if it would say whether or not a client failed to register or not, but may show you other issues with DNS if they exist.