Domain Name System

How to set up a Windows Server 2012 R2 backup domain controller?

In the wake of the question I asked earlier: How best to organize 2 DC domain controllers? partly.
Initially, the organization had 2 DCs, both virtual, the second was turned off instead of setting up a new one. Domain %DOMAIN%.LOCAL
The primary domain controller DC1(192.168.0.250) is a virtual, Windows Server 2012 Standard. It is spinning on a Windows Hyper-V Server 2012 host.
The second domain controller is the name DC3 (192.168.0.9), a physical Windows Server 2016. I am trying to make it a backup in case the first one fails. Yes, yes, I know that, in principle, the concept of "backup DC" does not exist from a formal point of view, it's better to help with the question than to be smart about some advisers.
Forest and domain functional mode windows server 2008 r2. Both in the same local network, Both DCs in the domain, both GCs, both have DNS, DHCP roles installed. DNS, as I understand it, is replicated out of the box, but machines with DC1 got into the forward and reverse zones on DC3 when I looked in MMC DNS. DHCP configured in hot swap mode, how correct is this from the point of view of failure, maybe another mode?
During the test, I disabled DC1, tried to log in on the client machine as a user who had never logged in on this machine, the result was the error "There are no servers that could process the request to enter the network." When trying to log in as an existing user on a client machine, everything seems to be fine. In addition, after turning DC1 back on, I could only log in through 59manager until the host and DC1 that hangs on it were synchronized, only after 10-30 minutes. That is, DC3 does not work as a backup DC, as far as I understand.
Pings in both directions are dc1->dc3, dc3->dc1. And yes, I tried to set DNS crosswise, for dc1 the first dc3, for dc3 the first dc1. There are questions at the very end.
I tried to prepare the question collected the parameters of both DCs:
DC1:
IPCONFIG OUTPUT:
Windows IP Setting
Computer Name . . . . . . . . . : DC1
Primary DNS Suffix . . . . . . : DOMAIN.LOCAL Node
type. . . . . . . . . . . . . : Hybrid
IP Routing is enabled. . . . : No
WINS proxy enabled. . . . . . . : No
DNS suffix lookup order. : DOMAIN.LOCAL
Ethernet adapter Ethernet:
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Microsoft Hyper-V network adapter
Physical address. . . . . . . . . : 00-15-5D-11-FE-01
DHCP is enabled. . . . . . . . . . . : No
Auto tuning is enabled. . . . . . : Yes
Link-local IPv6 address. . . : fe80::c0a8:fa%12(Main)
Link-local IPv6 address. . . : fe80::f459:f53a:6d4f:4507%12(Primary)
IPv4 address. . . . . . . . . . . . : 192.168.0.250(Main)
Subnet mask . . . . . . . . . . : 255.255.255.0 Default
gateway. . . . . . . . . : 192.168.0.15
IAID DHCPv6 . . . . . . . . . . . : 251663709
DHCPv6 client DUID . . . . . . . : 00-01-00-01-1B-26-37-01-00-15-5D-11-FE-01
DNS servers. . . . . . . . . . . : fe80::c0a8:fb%12
fe80::c0a8:fa%12
fe80::c0a8:fd%12
192.168.0.250
192.168.0.9
NetBios over TCP/IP. . . . . . . . : Switched on
Reusable ISATAP Interface Tunnel Adapter {7AC827F7-4A02-4959-9BB2-90F2B86DE671}:
Environment status. . . . . . . . : The transmission medium is not available.
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Microsoft ISATAP adapter
Physical address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP is enabled. . . . . . . . . . . : No
Auto tuning is enabled. . . . . . : Yes
Tunnel adapter isatap.{24942D37-D692-4B32-9D16-82F8B0811DDF}:
Environment status. . . . . . . . : The transmission medium is not available.
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Microsoft ISATAP #2 adapter
Physical address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP enabled. . . . . . . . . . . : No
Auto tuning is enabled. . . . . . : Yes
Teredo Tunneling Pseudo-Interface:
Environment status. . . . . . . . : The transmission medium is not available.
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP is enabled. . . . . . . . . . . : No
Auto tuning is enabled. . . . . . : Yes
OUTPUT NETDOM QUERY FSMO:
Schema master DC1.DOMAIN.LOCAL
Domain naming master DC1.DOMAIN.LOCAL
PDC DC1.DOMAIN.LOCAL
RID pool manager DC1.DOMAIN.LOCAL
Infrastructure Master DC1.DOMAIN.LOCAL
Command completed successfully.
OUTPUT NETDOM QUERY TRUST:
Direction trusted\Trusted domain Trust type
==================================== = ==========
Command completed successfully.
NSLOOKUP OUTPUT to DC3:
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fe80::c0a8:fb
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fe80::c0a8:fb
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: fe80::c0a8:fb
DNS request timed out.
timeout was 2 seconds.
REPADMIN OUTPUT: CALLBACK
MESSAGE: The following is currently replicating:
From: 7ea06dd2-f3cf-4990-b0ec-7ecaae12c8bd._msdcs.DOMAIN.LOCAL
To: f97b0f16-427e-49e5-a480-36f0a3b35506._msdcs.DOMAIN.LOCAL
CALLBACK MESSAGE: The following replication completed successfully:
From: 7ea06dd2-f3cf-4990-b0ec-7ecaae12c8bd._msdcs.DOMAIN.LOCAL
To: f97b0f16-427e-49e5-a480-36f0a3b35506._msdcs.DOMAIN.LOCAL SYNC operation ended: OUTPUT SYNC
MESSAGE ENDED .
The SyncAll command completed without errors.
DC3:
OUTPUT IPCONFIG:
IP Configuration for Windows
Computer Name . . . . . . . . . : DC3
Primary DNS suffix . . . . . . : DOMAIN.LOCAL Node
type. . . . . . . . . . . . . : Hybrid
IP Routing is enabled. . . . : No
WINS proxy enabled. . . . . . . : No
DNS suffix lookup order. : DOMAIN.LOCAL
Ethernet adapter Ethernet 2:
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical address. . . . . . . . . : 40-61-86-96-A3-92
DHCP is enabled. . . . . . . . . . . : No
Auto tuning is enabled. . . . . . : Yes
Link-local IPv6 address. . . : fe80::cd10:1e51:e505:3c0b%2(Primary)
IPv4 address. . . . . . . . . . . . : 192.168.0.9(Main)
Subnet mask . . . . . . . . . . : 255.255.255.0 Default
gateway. . . . . . . . . : 192.168.0.1
IAID DHCPv6 . . . . . . . . . . . : 121659782
DHCPv6 client DUID . . . . . . . : 00-01-00-01-20-58-B4-CC-C8-3A-35-D6-55-CC
DNS servers. . . . . . . . . . . : ::one
192.168.0.9
192.168.0.250
NetBios over TCP/IP. . . . . . . . : Enabled
Ethernet adapter Ethernet:
Environment status. . . . . . . . : The transmission medium is not available.
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical address. . . . . . . . . : C8-3A-35-D6-55-CC
DHCP is enabled. . . . . . . . . . . : Yes
Auto tuning is enabled. . . . . . : Yes
Tunnel adapter isatap.{9D1F1299-3017-449D-9CB2-575EFA08964F}:
Environment status. . . . . . . . : The transmission medium is not available.
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP is enabled. . . . . . . . . . . : No
Auto tuning is enabled. . . . . . : Yes
Tunnel adapter isatap.{0DD4A79E-C561-4B45-85EE-00BFDE69A870}:
Environment status. . . . . . . . : The transmission medium is not available.
Connection DNS suffix . . . . . :
Description. . . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP is enabled. . . . . . . . . . . : No
Auto tuning is enabled. . . . . . : Yes
OUTPUT NETDOM QUERY FSMO:
Schema master DC1.DOMAIN.LOCAL
Domain Naming Master DC1.DOMAIN.LOCAL
PDC DC1.DOMAIN.LOCAL
RID Pool Manager DC1.DOMAIN.LOCAL
Infrastructure Master DC1.DOMAIN.LOCAL
Command completed successfully.
OUTPUT NETDOM QUERY TRUST:
Direction trusted\Trusted domain Trust type
==================================== = ==========
Command completed successfully.
NSLOOKUP OUTPUT to DC1:
Server: UnKnown
Address: ::1
Name: dc1.DOMAIN.LOCAL
Address: 192.168.0.250
Server: UnKnown
Address: ::1
Name: dc1.domain.local
Address: 192.168.0.250
Server: UnKnown
Address: ::1
Name: dc1.domain.local
Address: 192.168.0.250
REPADMIN OUTPUT: CALLBACK
MESSAGE: The following replication is currently in progress:
From: f97b0f16-427e-49e5-a480-36f0a3b35506._msddcs.DOMAIN.LOCAL
To: 7ea062- f3cf-4990-b0ec-7ecaae12c8bd._msdcs.DOMAIN.LOCAL CALLBACK
MESSAGE: The following replication completed successfully:
From: f97b0f16-427e-49e5-a480-36f0a3b35506._msdcs.DOMAIN.LOCAL
To: 7ea06ec12c-dd4db2-f099ae ._msdcs.DOMAIN.LOCAL CALLBACK
MESSAGE: SyncAll operation completed.
The SyncAll command completed without errors.
Questions that I read on the net on my own, but I still can’t interpret the information, not my level:
Do I need a setting in the MMC DNS "zone transfer" in my case. Why do you need it at all is not clear?
"Forwarders" is the same?
Do I need to set up trust relationships in the MMC "domains and trust", I tried it didn't work, see the screenshot below