No problem!
Also, as a troubleshooting measure, you can use this command on the client(Windows) to see if everything is working before attempting to use or join a remote domain:
Resolve-DnsName _ldap._tcp.dc._msdcs.mynet.contoso.com -Type SRV
In conjunction with the wildcard configuration, the ZDE(ziti-edge-tunnel) will tunnel SRV queries to the terminating end of the connection. The above command should test that & return the list of controllers that you’d use to join the AD domain. If that doesn’t work, domain services are likely to not work. Most of the time this due to a mis-configuration of the logical components or the egressing side isn’t capable of finding the DNS record requested.