none
Member server in DMZ with RODC Event ID 8015 (Failed to register A record) RRS feed

  • Question

  • Hi all,

    We need to have a domain joined member server in our DMZ but with as few ports open to the Internal network as possible.  Do we need to allow port 53 between the member server and internal domain controllers so it can register and update it's dns records?

    The event logs are showing 8015 errors.

    My original understanding was that the member server goes to the rodc which then in turns goes to the writable domain controllers in the internal network.  I think that is incorrect, and that in fact the rodc finds a writable domain controller and instructs the member server to use it.  If that is true, and we need to allow port 53 are there any security concerns?

    Thanks

    Friday, February 9, 2018 6:25 PM

All replies