Under no circumstances does a DC initiate communication.
Authentication Services does not require anything on DC's. There are no pushes from the DC or running services.
There's nothing 'listening' on the UNIX/Linux client side.
All communication between Authentication Services and a DC is 100% initiated by the UNIX/Linux client side.