JDK-6552334 called for enabling DNS in Kerberos by default, but it was only meant for the dns_lookup_kdc option. The code change mistakenly changed default values for both dns_lookup_kdc and dns_lookup_realm. This should be fixed.
MIT krb5 has dns_lookup_kdc being true and dns_lookup_realm false by default . In more recent versions they no longer document this option at all but the default value is still false.