Auditing external DNS and planning migration to a dedicated provider

[Steven_M]

As the new sysadmin for a small business, I'm tasked with taking over our external DNS management, which is currently a messy mix of records hosted with our domain registrar and some pointing to old services we no longer use. I want to consolidate and follow DNS management best practices for security and reliability, starting with moving to a dedicated DNS provider. For those who have cleaned up similar situations, what was your process for auditing existing records without causing downtime, and what specific record types or configurations (like DNSSEC, proper TTLs, or redundant nameservers) did you prioritize implementing first to build a more resilient foundation?