We have a domain that we'll call 'resource' that needs to be accessed by users in a third party domain that we'll call 'source.'
Due to security issues, we cannot route to all of the domain controllers in source from resource. What we've done is setup a DMZ in source and placed a RODC in it. We've created a dns zone on the DNS servers in resource pointing to the RODC (so all the necessary _ldap and _kerberos SRV records and the necessary A records).
When we try and create the external outgoing trust, we receive a message saying: 'The name you specified is not a valid Windows domain. Is the specified name a Kerberos V5 realm?'.
I've been told that the source RODC has full access to the writeable DCs in its domain. I'm also told that we should be able to setup the trust using the RODC, although I am sceptical.