Maybe the first query works for some reason and the result is cached, then once the TTL expires on those results, it has to query again and at that point something is stopping it working?
Currently, your clients on the internal network query the Core for results and the core then does a full recursive look up (it doesn't use your ISP's DNS servers), whereas any resolutions your core attempts to do for applications running locally (like browsers on KDE) are not using the Core's DNS server, they just use the Core's normal DNS client to query your ISP. Perhaps if you tried getting internal client resolution going the same way this might fix it?
You can simulate (similar) behaviour by setting up forwarders on the core. These will tell it not to resolve queries itself, but to forward them on to your ISP in a similar query to the DNS client running on the core. You can do this in /etc/bind/named.conf.forwarders
