That's where I ran into it a bit back - IIRC, the machine has to be authenticated as a DNS server in AD, via the IP address, but that's about the only thing I can think of that's a major gotcha.