DNS resolution fails in web browser but nslookup succeeds

DNS resolution fails in web browser but nslookup succeeds

This is cross-posted from ServerFault on the chance that it's more of a
client-side problem rather than a server/network issue.
We are a small, 300-seat organization with a mixed BYOD and Active
Directory environment (Windows Server 2012 Standard, Windows 7 Enterprise)
and we are having a very strange problem involving very specific-scope
failures to resolve our organization's domain name on our domain-joined,
company-controlled machines. For the purpose of this discussion, I'll use
company.com instead of our domain name.
Background:
Active Directory Domain Controller is located at 172.16.1.3
The AD/DC machine is also running DHCP, DNS, and HTTP (IIS)
Our organizations websites at company.com and subdomain.company.com are
hosted by IIS on the AD/DC machine
We have a split-DNS scenario in which the AD/DC server is used for
internal DNS resolution but a different, off-site server provides DNS
resolution for public queries
The IP address corresponding to company.com and subdomain.company.com is
the public IP address used by a firewall at the edge of our network (both
on the AD/DC DNS server and the off-site DNS server)
The firewall is correctly configured for NAT to pass HTTP and HTTPS
requests it receives on its public IP address to the internal IP of the
AD/DC server and reflects
Scenario 1:
A user on a domain-joined Windows 7 Enterprise machine is connected
directly to our local network with local address 172.16.6.100 /16, issued
by the DHCP server.
The DNS server entry is provided by DHCP (172.16.1.3)
This user is able to access the websites hosted at company.com and
subdomain.company.com
Scenario 2:
The same user on the same domain-joined Windows 7 Enterprise machine goes
home and connects to the Internet using their residential ISP
The IP and DNS server entries for the client machine are provided by DHCP
This user can access any internet resources, such as google.com
This user cannot access the website at company.com or
subdomain.company.com (a "host not resolved" error is returned)
When this user runs nslookup on company.com they DO receive the correct
public IP address provided by DNS
HTTP/HTTPS requests to the IP address succeed and a webpage is returned
properly by the server
This issue prevails across all web browsers
Using tracert company.com returns "unable to resolve target system name"
Using ping company.com returns "could not find host company.com"
When running Wireshark on the client before/during a failed request, no
packets are sent by the client machine (either for DNS resolution or for
an initial HTTP/ping/tracert request)
Restarting the DNS Client service does not resolve the problem
Stopping the DNS Client service does not resolve the problem
Using ipconfig /flushdns does not resolve this issue
Using route /f does not resolve this issue
Resetting the network connections using netsh int ip reset does not
resolve this issue
Scenario 3:
This same user on a personal (not domain-joined) Windows 7 Professional
computer is able to access the websites at company.com and
subdomain.company.com when connected to our local network
Scenario 4:
This same user on a personal (not domain-joined) Windows 7 Professional
computer is able to access the websites at company.com and
subdomain.company.com when connected their home network
Final Notes:
This issue seems to be generalized to affect all company-owned computers.
We are using a common system image for all company-owned computers, which
was just loaded in August. I have been scouring the internet in search of
possible solutions and have come up empty handed so far -- I really
appreciate any suggestions or advice you may have.