I have something hard that I really need you to do - audit your DNS. It takes a lot of time. It is boring to do. However, it is vital. The old network endpoint troubleshooting adage is true, "It is probably DNS".
I believe you really should audit your DNS at least once if not twice a year.
If you have really bizarre things going on with your endpoints, audit your DNS.
If you have a client management system such as KACE or SCCM being strange, audit your DNS.
If you find the devices and IP addresses don't always line up, audit your DNS.
If you have problems properly resolving devices or sites with inside or outside device IPs, audit your DNS.
If you drop to DOS and type: NSLOOKUP and you see UNKNOWNs or timeouts either to get to a prompt, or to attempt to resolve an IP address or name, YOU REALLY NEED TO AUDIT YOUR DNS.
Remember DNS works forward and backward. You need to account for DNS forwards and backwards.
Remember DHCP intersects with DNS via Dynamic DNS. You need to account for that.
Remember zones that are not replicating create gaps in DNS resolution.
When I do this for a district it takes me between 2 and 4 hours to walk through a district's DNS. The more domain controllers the longer the process takes.
You have to do this every six to twelve months.
If you need help with this, give us a call.