It looks like we only use the fallback realm (which would include TXT 
records) if we make a query to the client principal realm and get an 
error.  If we can't even make the query to the client realm, we give up.  

We do have a hostrealm pluggable interface starting in 1.12, so in theory 
you could write a hostrealm module which supplies the service principal 
realm as an authoritative realm, perhaps using wildcard matching.  
Deploying such a module to all of the clients may not be attractive, 
depending on your environment.