client.dns.lookup property options for client

If you are using DNS aliases, you need to configure the right value for the client.dns.lookup property for your setup.

The client.dns.lookup property is needed when DNS aliases are used. There can be problems with any security protocol if the client.dns.lookup property is not set properly.

The client.dns.lookup property can take the following values:

client.dns.lookup=default
In this case, the client connects to the first broker it gets from the DNS response, even if that broker is down. If you only provided a single DNS alias as bootstrap server for the client, the client might be blocked because the mentioned hostname is resolved for multiple brokers where the first broker (to which the client connected) is actually stopped.
client.dns.lookup=use_all_dns_ips
This setup takes care of retrying all the possible IP addresses behind a hostname if the first does not succeed. This setup is also good when brokers have multiple IP addresses and it is possible that those addresses change (especially in Kubernetes environments). This configuration does not handle the case when the hostname used by the client is not a real FQDN for a host. To avoid man-in-the-middle attacks, the client gets SSL handshake exceptions when using SSL and SASL authentication exceptions when using SASL. Since Kafka version 2.6, this is the default.
client.dns.lookup=resolve_canonical_bootstrap_servers_only
This setup ensures a behavior similar to use_all_dns_ips, but it also handles the SSL and SASL problem. With this configuration, the client resolves the DNS alias into a list of brokers it maps to and after the bootstrap phase, this behaves the same as use_all_dns_ips.
tip
Cloudera recommends that you set the resolve_canonical_bootstrap_servers_only value because this option provides the most fault tolerance.