Though this may sound trivial, and by all accounts should be trivial. Be sure DNS is configured properly. In a recent finding and subsequent correction, it was discovered that a primary DC which also served as the primary DNS server had forwarders set to 127.0.0.1. The secondary DC and secondary DNS server had forwarders set to the primary. I know, goofy right. This resulted in odd DNS errors that were only seen by a select few but, still errors.
This DNS server, which is the primary, was set to 127.0.0.1 and an outside DNS server.
This DNS server, the secondary, was set to point to the primary, AD01, as the first forwarder then to some other dns server outside.
The corrective action that was deployed changed the forwarders on both servers to the 188.8.131.52 and 184.108.40.206 addresses. Though the jury is still out on if this corrected the DNS errors seen. If nothing else it definitely didn’t cause any more and DNS is more than likely operating much more efficiently.
I’ll take the win either way