#Update a keytab for the external DNS server to use 
dn: samAccountName=dns-${HOSTNAME},CN=Principals
objectClass: top
objectClass: secret
objectClass: kerberosSecret
realm: ${REALM}
servicePrincipalName: DNS/${DNSDOMAIN}
servicePrincipalName: DNS/${DNSNAME}
msDS-KeyVersionNumber: 1
privateKeytab: ${DNS_KEYTAB}
secret:: ${DNSPASS_B64}
samAccountName: dns-${HOSTNAME}