OD Master, PDC, Tiger 10.4.11, xp clients unable to locate domain controller

After a migration/upgrade from 10.3.9 to 10.4.11 Server, windows XP clients are intermittently unable to log in to or even bind to the PDC running on that server. I did a clean format and install from the 10.4 media, choosing the standalone server type, and applied all the Software Updates, I got forward and reverse DNS working for my zone, then I followed the instructions at https://www.afp548.com/article.php?story=20050615173039158 to move my OD from a working 10.3.9 server to 10.4. This server goes against the usual recommendations, as it provides DNS, OD master, PDC and file services to 32 clients all in the same subnet, 20 running Windows XP SP2 and 12 running OS X Client 10.4.x or 10.5.x. File services and various other users of the OD/LDAP, for example Wildfire Jabber/XMPP server and Apache2/LDAP running on a separate Linux server, are able to authenticate against the new 10.4.11 OD. However, at this point the symptoms become intermittent approx. 40% of the Windows XP clients were unable to log in with various domain accounts, yielding errors of the form "Unable to find domain FOO". If I remove a client from the domain by joining it to WORKGROUP and rebooting, then try to join FOO again, I'll get an error, "Unable to locate Domain Controller for FOO..." The set-up: My server's FQDN is myserver.foo.example.com The server's DNS is authoritative for the 10.10.10.0/24, foo.example.com zone and I have the trailing dot's in the right places, so ping myserver.foo.example.com, ping myserver, and ping 10.10.10.10 (server's example IP from the foo.example.com zone) all work correctly. The DHCP server for this vlan is providing my DNS server to the clients, but is providing no netbios server. The XP clients are all set to use the DHCP server setting, which, according to the TCP/IP Advanced Settings panel, means that they'll revert to netbios over tcp/ip since no wins server is specified. In Server Admin->Windows->General: Role: Primary Domain Controller (PDC) Description: FOO Domain at example.com Computer Name: myserver Domain: FOO Server Admin->Windows->Access: Allow Guest Access: Check Client Connections: Unlimited Authentication: NTLMv2 & Kerberos, NTLM, and LAN Manager: All check Logging->Log Detail: High Advanced->Code Page: Latin US Services: Workgroup Master browser and Domain master browser: check WINS Registration: Off Homes: Enable virtual share points: check Should my Windows service on 10.4.11 be providing WINS or not? If so, should the DHCP server be set to point the clients to it? If not, how do the XP clients reliably resolve the FOO domain? Why did all these XP clients work fine with a 10.3.9 Windows PDC but don't work with 10.4.11? Another strange point - I can use the XP-side 'net view' command to poke around and things look reasonable. I.E. even the clients that aren't joined to the domain and can't locate the domain controller will return sane results for 'net view /domain:FOO'.