Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 533 It looks like we only use the fallback realm (which would include TXT records) if we make a query to the client principal realm and get an error. If we can't even make the query to the client realm, we give up. We do have a hostrealm pluggable interface starting in 1.12, so in theory you could write a hostrealm module which supplies the service principal realm as an authoritative realm, perhaps using wildcard matching. Deploying such a module to all of the clients may not be attractive, depending on your environment.