This configuration parameter specifies whether you want to permit the agent to look up service principal names (SPN) using DNS. In most cases, you should set this parameter to false to ensure the security of the system. You should only set this configuration parameter to true if you can safely rely on DNS for security and want to use programs that use the Centrify Kerberos libraries to access a computer using an IP address or localhost.

For example:

krb5.permit.dns.spn.lookups: false

If this parameter is not defined in the configuration file, its default value is false.