Change back dns_lookup_kdc to the default
The specifications recommend against using TXT records to mapping
hostnames to realms. However they do not recommend against using
SRV records to lookup the KDC.
Change back to the MIT default of enabling DNS for KDC lookup.
This allows automatic configuration and failover.
A theoretical attack involving SRV records could be similarly
accomplished by a similar attack involving the A records for
the KDC hosts.