mongokerberos' s keytab DNS check verifies the DNS name of service principals against the KDC host name instead of the service's host name. We want to verify that the host name in service keytab entries resolves to the same host name as the provided service.