Yes… i’m trying solve the issue of kerberos critical like in this post (Critical: Check kerberos authenticated DNS update (on DC Master))
First command
# extended LDIF
#
# LDAPv3
# base <zoneName=ccm.local,cn=dns,dc=ccm,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: dn
#
# ccm.local, dns, ccm.local
dn: zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# CCMDC01, ccm.local, dns, ccm.local
dn: relativeDomainName=CCMDC01,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# feldc01, ccm.local, dns, ccm.local
dn: relativeDomainName=feldc01,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _gc._tcp, ccm.local, dns, ccm.local
dn: relativeDomainName=_gc._tcp,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# gc._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=gc._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _kpasswd._tcp, ccm.local, dns, ccm.local
dn: relativeDomainName=_kpasswd._tcp,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _kpasswd._udp, ccm.local, dns, ccm.local
dn: relativeDomainName=_kpasswd._udp,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _kerberos._tcp, ccm.local, dns, ccm.local
dn: relativeDomainName=_kerberos._tcp,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _kerberos._udp, ccm.local, dns, ccm.local
dn: relativeDomainName=_kerberos._udp,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# DomainDnsZones, ccm.local, dns, ccm.local
dn: relativeDomainName=DomainDnsZones,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# ForestDnsZones, ccm.local, dns, ccm.local
dn: relativeDomainName=ForestDnsZones,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.dc._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.dc._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.gc._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.gc._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _kerberos._tcp.dc._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=_kerberos._tcp.dc._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.DomainDnsZones, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.DomainDnsZones,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.ForestDnsZones, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.ForestDnsZones,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _gc._tcp.Default-First-Site-Name._sites, ccm.local, dns, ccm.local
dn: relativeDomainName=_gc._tcp.Default-First-Site-Name._sites,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.Default-First-Site-Name._sites, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# 5150540b-6efc-4159-abb7-f4452288f2e2._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=5150540b-6efc-4159-abb7-f4452288f2e2._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _kerberos._tcp.Default-First-Site-Name._sites, ccm.local, dns, ccm.local
dn: relativeDomainName=_kerberos._tcp.Default-First-Site-Name._sites,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# _ldap._tcp.17435187-b154-4c14-a46f-69ab309d1823.domains._msdcs, ccm.local, dns, ccm.local
dn: relativeDomainName=_ldap._tcp.17435187-b154-4c14-a46f-69ab309d1823.domains._msdcs,zoneName=ccm.local,cn=dns,dc=ccm,dc=local
# search result
search: 3
result: 0 Success
# numResponses: 28
# numEntries: 27
Second
univention-s4search --cross-ncs dc=@ dn
# record 1
dn: DC=@,DC=ccm.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ccm,DC=local
# record 2
dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=ccm,DC=local
# record 3
dn: DC=@,DC=_msdcs.ccm.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=ccm,DC=local
# record 4
dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=ccm,DC=local
# record 5
dn: DC=@,DC=motasc.gogest.pt,CN=MicrosoftDNS,CN=System,DC=ccm,DC=local
# record 6
dn: DC=@,DC=esxi.local,CN=MicrosoftDNS,CN=System,DC=ccm,DC=local
# record 7
dn: DC=@,DC=vcenter6.esxi.local,CN=MicrosoftDNS,CN=System,DC=ccm,DC=local
# record 8
dn: DC=@,DC=120.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=ccm,DC=local
# record 9
dn: DC=@,DC=100.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=ccm,DC=local
# record 10
dn: DC=@,DC=unifi.int.mota-sc.com,CN=MicrosoftDNS,CN=System,DC=ccm,DC=local
# returned 10 records
# 10 entries
# 0 referrals
In system diagnostic right now besides the samba replication and rejects i have kerberos critical warning
Errors occured while running `kinit` or `nsupdate`.
`nsupdate` check for domain ccm.local failed (CCMDC01.ccm.local).
`nsupdate` check for domain ccm.local failed (CCMDC01).