A. It's possible to configure an RODC as a DNS server that allows clients to query the RODC for DNS information. However, an RODC only has read-only copies of DNS information and there's no way to replicate DNS changes to writable DNS servers. An RODC cannot make DNS changes.
When a client makes a write request, they first make a request for an authoritative server to their configured DNS server, which would be the RODC in this scenario. The RODC will try to find a writable DNS server in the client's local site and send the client a name server resource record for the writable DNS server so the client can make the update. If no DC can be found in the local site, the RODC will refer the client to any writable DNS server in the environment.
After about five minutes, the RODC will try to perform a replication of the single object from the writable DNS server that was updated so its database has the data that was written by the client.
- Q. How do I remove a cached password from a read-only domain controller (RODC)?
- Q. If the DNS on my read-only domain controller (RODC) is read-only, should clients at that location point to DNS on the RODC or another DNS server that's writable?
- Q. Can a read-only domain controller (RODC) write to its database?
- Q. How do I install and configure a read-only domain controller (RODC)?
Check out hundreds more useful Q&As like this in John Savill's FAQ for Windows. Also, watch instructional videos made by John at ITTV.net.