Domain controllers register DNS record in order to be discovered by the Active Directory clients (workstations and servers member of the domain). This is explained here: How DNS Support for Active Directory Works
https://technet.microsoft.com/en-us/library/cc759550%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
As you can read in this article, the clients locate their DC using DNS requests but using a specific type of record called SRV records. You can see them in your DNS administration console under the node _msdcs.
Now, the DC also records records for clients which are not able to use SRV records (poor those... SRV records are around for decades... but well, it happens). So DCs also register an A record for the name of the domain. For example contoso.com. You can see
those records in your DNS administration console, they show up with the mention <same as parent folder> just under the node of your domain.
When a client is looking for a DC for authentication, or for LDAP queries for example, they do not use the A record contoso.com. They use the SRV records. So technically, if there was no A records for contoso.com, your workstations and servers can still
work perfectly fine (unless they host applications which are explicitly using the A record, but not a Windows component). You can do the test, delete those A records for contoso.com, reboot your workstation, you'll be able to log on and to get your group policies
and even use the Users and Computers console etc.
Now, what you see is due to the cache of the DNS client. When you ask for contoso.com the first time, the DNS server returns the IPs of all DCs of your domain (technically, this is also customizable, you can tell a DC not to register this A record). The
client tries the first of the list and then cache the association IP <> DC FQDN. So if the DC goes down, the ping command will still try the DC in cache until the cache expires. You can do an pconfig /flushdns and try to ping again (you might have to
try several ipconfig /flushdns in case the DNS server put in first position the offline DC again).
So what can you do to make sure you can always reach a DC? Well it is simply the wrong command. Don't use PING but NLTEST. For example the following:
nltest /dsgetdc:contoso.com
If this shows the DC offline, it means that no application asked for a DC since you turn this one off. And in this case, you can wait a bit and try this command again to see what is the DC that you are currently using, or you can force your client to refresh
your "DC cache" with the following:
nltest /dsgetdc:contoso.com /force
Hope this blues sky the situation :)