We have a new Windows 2008 R2 installation running as a domain controller with DNS. We also have external public IP's which NAT to internal resources on our network. An external DNS has been configured with these external public IP's to resolve the internal resources on our company domain name.
These same DNS records have also been configured on the internal Windows 2008 DNS to map to the internal private IP's (where the A record is for a resource not part of the AD, i.e. like a custom company website URL etc).
Our problem is that even though internal clients or other member servers have the primary DNS setup as the Windows 2008 DNS server (and the router set as the secondary DNS) the DNS query would intermittently resolve to the external public IP (which won't work as the Cisco router blocks it). Even when you do a nslookup on the resource it will give the Windows DNS as the primay DNS, return the correct internal IP. But still when you ping the resource or try to access it via a browser (as it is a website) it would then resolve to the external public IP.
Why on earth would it do this?