Domain Controller – Unable to Do External DNS Resolution

This behavior is expected given your configuration. You shouldn't have the router's IP set as the secondary DNS for PCs and member servers or they'll always sometimes go there which you don't want. They should only have domain controllers as their DNS so all of their DNS traffic routes through the domain controller. You can then either configure your domain controller to forward to an upstream DNS server for domains it can't resolve (usually this would be your ISP) or just leave it alone and it will use the root hints servers to resolve external queries.

Typically you would want two DNS servers on the PCs and member servers and you would get that by having a second domain controller so DNS (and Active Directory) continue to function if the primary goes down.

Get him to run nslookup, and turn debug on,

nslookup
>set debug
foo.example.com

And then post the output. If you like, get him to do the same thing with a working domain and post the output for that too. Remember, he won't be talking directly to the DNS servers your registrar uses, he'll be talking to his own DNS servers (or his ISP / Company DNS servers) and reliant on them.

To be frank, if he's the only person with this issue, and you can't replicate it directly on your DNS servers and the DNS entries are right - it's his problem to fix. But, with output from nslookup you might be able to assist.