A domain controller needs to be quite opened in order to provide its services to your network; it just shouldn't be directly connected to the Internet.

Edit

Ok, let's see what you can do here.

Running things like you're doing now is definitely a source for troubles, you should avoid it at all costs.

You have two solutions:

• Remove the "private" NIC from all servers, use only the public IP address on them (but use a static one, not DHCP!) and configure the firewall on each of them to only allow connections between them and from where you'll be RDPing into them.
• Remove the "public" NIC from them, effectively putting them in a private LAN, and add another computer running Windows RRAS or ISA Server (or FFTMG, or Linux, or whatever else you want) with two network cards, one public and one private, acting as a firewall for your network.

Whatever you do, don't stay with two NICs and public/private IP Addresses at the same time on all your computers. This way, you get the troubles of both solutions plus multihoming, and the benefits of none.