diff --git a/CONFIGURATION.md b/CONFIGURATION.md
index 1856ced41..749342c28 100644
--- a/CONFIGURATION.md
+++ b/CONFIGURATION.md
@@ -155,7 +155,7 @@ delivery.report.only.error | P | true, false | false
dr_cb | P | | | low | Delivery report callback (set with rd_kafka_conf_set_dr_cb())
*Type: see dedicated API*
dr_msg_cb | P | | | low | Delivery report callback (set with rd_kafka_conf_set_dr_msg_cb())
*Type: see dedicated API*
sticky.partitioning.linger.ms | P | 0 .. 900000 | 10 | low | Delay in milliseconds to wait to assign new sticky partitions for each topic. By default, set to double the time of linger.ms. To disable sticky behavior, set to 0. This behavior affects messages with the key NULL in all cases, and messages with key lengths of zero when the consistent_random partitioner is in use. These messages would otherwise be assigned randomly. A higher value allows for more effective batching of these messages.
*Type: integer*
-client.dns.lookup | * | use_all_dns_ips, resolve_canonical_bootstrap_servers_only | use_all_dns_ips | low | Controls how the client uses DNS lookups. By default, when the lookup returns multiple IP addresses for a hostname, they will all be attempted for connection before the connection is considered failed. This applies to both bootstrap and advertised servers. If the value is set to `resolve_canonical_bootstrap_servers_only`, each entry will be resolved and expanded into a list of canonical names. NOTE: Default here is different from the Java client's default behavior, which connects only to the first IP address returned for a hostname.
*Type: enum value*
+client.dns.lookup | * | use_all_dns_ips, resolve_canonical_bootstrap_servers_only | use_all_dns_ips | low | Controls how the client uses DNS lookups. By default, when the lookup returns multiple IP addresses for a hostname, they will all be attempted for connection before the connection is considered failed. This applies to both bootstrap and advertised servers. If the value is set to `resolve_canonical_bootstrap_servers_only`, each entry will be resolved and expanded into a list of canonical names. **WARNING**: `resolve_canonical_bootstrap_servers_only` must only be used with `GSSAPI` (Kerberos) as `sasl.mechanism`, as it's the only purpose of this configuration value. **NOTE**: Default here is different from the Java client's default behavior, which connects only to the first IP address returned for a hostname.
*Type: enum value*
## Topic configuration properties
diff --git a/src/rdkafka_conf.c b/src/rdkafka_conf.c
index 6e21aab77..00013992d 100644
--- a/src/rdkafka_conf.c
+++ b/src/rdkafka_conf.c
@@ -1475,9 +1475,13 @@ static const struct rd_kafka_property rd_kafka_properties[] = {
"for connection before the connection is considered failed. This applies "
"to both bootstrap and advertised servers. If the value is set to "
"`resolve_canonical_bootstrap_servers_only`, each entry will be resolved "
- "and expanded into a list of canonical names. NOTE: Default here is "
- "different from the Java client's default behavior, which connects only "
- "to the first IP address returned for a hostname. ",
+ "and expanded into a list of canonical names. "
+ "**WARNING**: `resolve_canonical_bootstrap_servers_only` "
+ "must only be used with `GSSAPI` (Kerberos) as `sasl.mechanism`, "
+ "as it's the only purpose of this configuration value. "
+ "**NOTE**: Default here is different from the Java client's default "
+ "behavior, which connects only to the first IP address returned for a "
+ "hostname. ",
.vdef = RD_KAFKA_USE_ALL_DNS_IPS,
.s2i = {{RD_KAFKA_USE_ALL_DNS_IPS, "use_all_dns_ips"},
{RD_KAFKA_RESOLVE_CANONICAL_BOOTSTRAP_SERVERS_ONLY,