RODC was included in the windows 2008 for security reasons as it is not always possible to provide sufficient physical server security in office branches. RODC has read-only feature, DNS and password protection, and administrator role separation. DNS should be modified to support the RODC features and capabilities like the support of unidirectional replication of AD. The RODC will usually send an LDAP referral response redirecting application requiring write access to the active directory to a writable domain controller.
RODC differs from the ordinary domain controllers in that they allow an application requesting write access privileges to write the active directory. The ordinary domain controllers are writable (Sosinsky 84).
Previously, the DNS server would take unnecessarily long duration to load data with extremely large zone stored in the ADS rendering the DNS unable to serve the clients request in a timely fashion. In windows server 2008, DNS loads the zone data from AD while it restarts so as it handles clients’ requests coming from other zones to DNS. For example, if 20 zones are created in DNS and data for two zones have been properly loaded, the server can respond to clients request coming to the first two zones while still loading the data for the other sites. Separate threads perform the task of loading zones, therefore, the server can respond to queries while still loading the zones (Chellis & Panek 67).
When the DNS starts, it enumerates all the zones to be loaded, first loads root hints and the file-based zones start responding to DNS queries from the client’s computers inclusive of all RPC calls and finally creates separate threads so that DNS queries from clients computers can be served effectively and efficiently. When a client sends a request for a host in a zone that has already been loaded, DNS replies but if the request is for a zone that has not yet been loaded, the DNS reads zone data from AD and replies (Seguis 333).