We have a separate AD Site setup for our DMZ. Within our DMZ Site, we have two RODC's. I have a member server inside of the DMZ which I want to communicate exclusively with the RODC's for any AD requests.
I have my subnets set up correctly in Sites and Services to ensure that the member server uses the RODC's as it should. If I issue the 'nltest /dsgetdc:<domainname>' command from the member server, the correct RODC and Site is returned as it should be.
However, I'm looking at the firewall between our DMZ and our main network, and I'm finding that my member server in the DMZ is still regularly trying to make LDAP connections to the DC's on my internal network. What other reasons would cause the member server to still attempt LDAP connections to my other DC's?