GUI versus remote GUI or powershell for DNS (hint creates missing dns entries)

I have a rather interesting issue I'm hoping the community may be able to point me in the direction of what I should look at for troubleshooting the matter.

My first question is how does the DNS GUI retrieve DNS records?
I ask because when I'm logged directly into the Domain Controller I can see all DNS entries in the forward lookup zone for my domain.  It then get interesting when I log into a management server and open DNS there, I connect to the same DC as above but now I'm missing a number of records. (it would appear all computers on my domain can no longer translate these missing dns entry computer names to IP).  However reverse lookup of the IP address do resolve to the name.
The plot get more interesting when I run the following powershell command on the DC the GUI shows all records.

$table = @()
Get-WmiObject -Class MicrosoftDNS_AType -NameSpace Root\MicrosoftDNS -Filter "DomainName = 'THEDOMAIN'" | %{
                                                            $table += New-Object PSObject -Property @{
                                                                        computer = $_.Ownername
                                                                        ip = $_.ipaddress
                                                                        }
                                                                    }

the powershell command is suffering the same missing dns entries as all the rest, so I'm curious on how the GUI does the look up locally versus remotely.

This is obviously having a flow on affect as name resolution failure leads to monitor failures and connection issues.

This may be related but I'm unsure as I remove a security group from the network thatpenetration testing claimed they got access to members and therefore access to edit the domain admins group.  however again when running effective permissions on the DC it should they did not have the rights, however connecting to the same DC from a management server the effective permissions should they did. (I tested with an account they didn't have the rights so it was a false positive result) I can't help but wonder if the two issues are linked.

one thought could be replication but surely connecting to the same DC (let alone running the powershell locally on the DC) would rule this out.

anyone have any thoughts on what paths I should be looking into?  Currently running 2008 R2 level (there is a project to upgrade 2016 hopefully in the next month so who knows this could be my cure)