Hi,
You can refer to the link to get the list of required network to be opened with domain controllers:
config-firewall-for-ad-domains-and-trusts
Regarding the network flows for FRS and DFS service are required only between domain controller to ensure the sysvol and Ad replication.
Please don't forget to mark helpful reply as answer