After you initialize KDC in Workspace ONE Access, you must create public DNS records to allow the Kerberos clients to find the KDC when the built-in Kerberos authentication feature is enabled.
The KDC realm name is used as part of the DNS name for the Workspace ONE Access appliance entries that are used to discover the KDC service. Two DNS records are required for each Workspace ONE Access site and two address entries.
::ffff:175c:e147on the DNS server. You can use an IPv4 to IPv6 conversion tool, such as one available from Neustar.UltraTools, to convert IPv4 to IPv6 address notation.
DNS Record Entries for KDC
In this example DNS record, the realm is
EXAMPLE.COM; the Workspace ONE Access fully qualified domain name is
idm.example.com, and the Workspace ONE Access IP address
kdc.example.com. 1800 IN A 184.108.40.206
kdc.example.com. 1800 IN AAAA ::ffff:220.127.116.11
_kerberos._tcp.idm.EXAMPLE.COM IN SRV 10 0 88 kdc.example.com.
_kerberos._udp.idm.EXAMPLE.COM IN SRV 10 0 88 kdc.example.com.