How does the ZDC keep track of all of the hosts in the farm to make sure they are live?

If ZDC does not receive an update within the configured amount of time from a member server (default: 1 minute) in its zone, it sends a ping (IMAPing) to the member server in question. This timeframe can be configured in the following registry path:
HKEY_LOCAL_MACHINE\Software\Citrix\IMA\Runtime\KeepAliveInterval

If ZDC does not receive an update within the configured amount of time from a peer ZDC server, it does not continually ping the “lost” ZDC. It waits a default of 5 minutes, which is configurable in the following registry path: HKEY_LOCAL_MACHINE\Software\Citrix\IMA\Runtime\GatewayValidationInterval

How does the ZDC ensure servers communicating with are in the farm and authorized to trade information?

For every 30 minutes, the IMA service contacts the central data store to see if anything has changed. There are several layers of security used in this process, including those that exist in the Transport and Host Resolver functions. One of the most important checks a ZDC does to allow a server to communicate within the farm is called a magic number check. Magic Numbers are set the first time a server in a farm is joined into a farm.
If a server in the farm has a different magic number than the ZDC expects, it can cause the server to believe that it is in it’s own farm and declare itself a data collector, thus causing two data collectors to exist in a single zone and causing further zone elections.