Here’s a post of mine explaining how to re-create the Kerberos keytab used for DNS updates:
Follow the steps after “However, if those steps don’t work either”.