Actually DNS domain->realm already always defaults to off:
Date: Mon, 02 Jun 2003 17:51:56 -0400
From: Jeffrey Altman <jaltman@columbia.edu>
To: krbcore@mit.edu
Subject: Default DNS REALM lookups in Kerberos 5 tree
The default behavior of DNS REALM lookups in the Kerberos 5 tree is
specified in auth/krb5/src/lib/krb5/os/locate_kdc.c
This behavior is currently to return a consistent default value
specified by the value of DEFAULT_LOOKUP_REALM regardless of whether or
not the krb5.conf file exists. The behavior I described must have been
removed by Ken Raeburn during the transition from release 1.1 to 1.2.
The behavior of using a different value for a missing configuration file
continues exist in the Windows Kerberos IV library. I suggest we leave
things as is until the krb4 merger.