We have set up a external forest trust between two domains (lets say DomainA and DomainB) . I can only access two DC's in DomainB, because of firewall rules in place, but there are more DC's for DomainB spread over different AD sites. The servers in DomainB that I can access have been used to create the conditional forwarder in DNS for DomainB.
What I see is that when I query the domainname for certain ports using portquery, the domain name get's resolved to a random DC, so chances are the resolved DC cannot be accessed for forest trust communication.
Is there any way to restrict this to only the two DC's that can be contacted through the firewall, by using the default Conditional Forwarding zone in DNS?
