Here's another error you might run into if you're setting up a DNS server to use some existing application partitions. I got it because I was being impatient and restarting the service constantly after enlisting in a couple of app partitions. By default DNS will only check AD once every five minutes for new data (though ACLs are special, those are checked every thirty seconds).
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 12/8/2008
Time: 1:23:48 AM
User: N/A
Computer: MyDnsServerDescription:
The DNS server encountered error 9605 attempting to load zone somedomain.briandesmond.com from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
If you look up error 9605, the error in question is DNS_ERROR_ZONE_HAS_NO_SOA_RECORD.
What's happening here is AD has not completely replicated a zone (namely the SOA record isn't there yet). DNS can't load an AD zone without a valid SOA record for various reasons, so it fails. It will try again in the next polling interval (five minutes by default).