Created attachment 8682 [details] Patch to fix DNS update using SOA query In our network there are no NS records for our dnsdomain, but there are for the parent domain which handles the subdomain. By performing an SOA query for either the subdomain or for the desired hostname, you can find the primary nameserver to send the update request to. Attached is a patch to perform an SOA query, and if that returns no records, to fall back to the current method of checking for NS records. Also included in the patch is a change to not assume that the domain name is the same as the kerberos realm when creating the security context for updating DNS. Instead, we pass in the realm to DoDNSUpdate().