Can you use the fqdn of the Active Directory Domain instead of specifying the FQDN of all the individual domain controllers you have in your domain.
For example use the config below:
It would make sense to create a SAN certificate (only for LDAPs) where you specify the dc’s in the SAN extension attribute of the certificate. And it should work I guess. The advantage here, is that you don’t need to specify the static domain controllers fqdn. Can Duo Proxy make use of this? Or is it really a requirement to specify the DC’s separately.