There are some SRV and other records which you add for the AD-provided services (kerberos, gc, ldap). This allows your Windows clients to find the domain controllers for authentication via your non-Windows DNS. I think I might have followed a Microsoft or other article when doing the initial setup, but once getting those items in place I haven’t had many issues.
Saying files are encrypted when it is not true is an issue, regardless of who owns the host box. Even for a small instance that is private family or friends.