diff --git a/src/cmap/auth/gssapi.ts b/src/cmap/auth/gssapi.ts
index 62c91af4e3c..d8087d85835 100644
--- a/src/cmap/auth/gssapi.ts
+++ b/src/cmap/auth/gssapi.ts
@@ -13,7 +13,7 @@ import { Callback, ns } from '../../utils';
 import { AuthContext, AuthProvider } from './auth_provider';
 
 /** @public */
-export const CanonicalizationProperties = Object.freeze({
+export const CanonicalizationValues = Object.freeze({
   on: true,
   off: false,
   none: 'none',
@@ -22,13 +22,13 @@ export const CanonicalizationProperties = Object.freeze({
 } as const);
 
 /** @public */
-export type CanonicalizationProperties =
-  typeof CanonicalizationProperties[keyof typeof CanonicalizationProperties];
+export type CanonicalizationValues =
+  typeof CanonicalizationValues[keyof typeof CanonicalizationValues];
 
 type MechanismProperties = {
   /** @deprecated use `CANONICALIZE_HOST_NAME` instead */
   gssapiCanonicalizeHostName?: boolean;
-  CANONICALIZE_HOST_NAME?: CanonicalizationProperties;
+  CANONICALIZE_HOST_NAME?: CanonicalizationValues;
   SERVICE_HOST?: string;
   SERVICE_NAME?: string;
   SERVICE_REALM?: string;
@@ -193,14 +193,14 @@ function performGssapiCanonicalizeHostName(
   callback: Callback<string>
 ): void {
   const mode = mechanismProperties.CANONICALIZE_HOST_NAME;
-  if (!mode || mode === CanonicalizationProperties.none) {
+  if (!mode || mode === CanonicalizationValues.none) {
     return callback(undefined, host);
   }
 
   // If forward and reverse or true
   if (
-    mode === CanonicalizationProperties.on ||
-    mode === CanonicalizationProperties.forwardAndReverse
+    mode === CanonicalizationValues.on ||
+    mode === CanonicalizationValues.forwardAndReverse
   ) {
     // Perform the lookup of the ip address.
     dns.lookup(host, (error, address) => {
diff --git a/src/cmap/auth/mongo_credentials.ts b/src/cmap/auth/mongo_credentials.ts
index a2d19f3d3f5..4670585dacf 100644
--- a/src/cmap/auth/mongo_credentials.ts
+++ b/src/cmap/auth/mongo_credentials.ts
@@ -2,7 +2,7 @@
 import type { Document } from '../../bson';
 import { MongoAPIError, MongoMissingCredentialsError } from '../../error';
 import { emitWarningOnce } from '../../utils';
-import { CanonicalizationProperties } from './gssapi';
+import { CanonicalizationValues } from './gssapi';
 import { AUTH_MECHS_AUTH_SRC_EXTERNAL, AuthMechanism } from './providers';
 
 // https://github.com/mongodb/specifications/blob/master/source/auth/auth.rst
@@ -31,7 +31,7 @@ export interface AuthMechanismProperties extends Document {
   SERVICE_HOST?: string;
   SERVICE_NAME?: string;
   SERVICE_REALM?: string;
-  CANONICALIZE_HOST_NAME?: CanonicalizationProperties;
+  CANONICALIZE_HOST_NAME?: CanonicalizationValues;
   AWS_SESSION_TOKEN?: string;
 }
 
@@ -170,7 +170,7 @@ export class MongoCredentials {
     }
 
     const canonicalization = this.mechanismProperties.CANONICALIZE_HOST_NAME ?? false;
-    if (!Object.values(CanonicalizationProperties).includes(canonicalization)) {
+    if (!Object.values(CanonicalizationValues).includes(canonicalization)) {
       throw new MongoAPIError(`Invalid CANONICALIZE_HOST_NAME value: ${canonicalization}`);
     }
   }
diff --git a/src/index.ts b/src/index.ts
index 411a36763c7..9de37f4771c 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -176,7 +176,7 @@ export type {
   ResumeToken,
   UpdateDescription
 } from './change_stream';
-export type { CanonicalizationProperties } from './cmap/auth/gssapi';
+export type { CanonicalizationValues } from './cmap/auth/gssapi';
 export type {
   AuthMechanismProperties,
   MongoCredentials,
diff --git a/test/manual/kerberos.test.js b/test/manual/kerberos.test.js
index 9e022e617dd..1ca83950cad 100644
--- a/test/manual/kerberos.test.js
+++ b/test/manual/kerberos.test.js
@@ -88,34 +88,39 @@ describe('Kerberos', function () {
       }
     });
 
-    context('when the value is true', function () {
-      it('successfully authenticates', function (done) {
-        const client = new MongoClient(
-          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:true&maxPoolSize=1`
-        );
-        client.connect(function (err, client) {
-          if (err) return done(err);
-          expect(dns.resolveCname).to.be.calledOnce;
-          verifyKerberosAuthentication(client, done);
+    for (const option of [true, 'forward']) {
+      context(`when the value is ${option}`, function () {
+        it('authenticates with a forward cname lookup', function (done) {
+          const client = new MongoClient(
+            `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:${option}&maxPoolSize=1`
+          );
+          client.connect(function (err, client) {
+            if (err) return done(err);
+            expect(dns.resolveCname).to.be.calledOnce;
+            verifyKerberosAuthentication(client, done);
+          });
         });
       });
-    });
+    }
 
-    context('when the value is forward', function () {
-      it('successfully authenticates', function (done) {
-        const client = new MongoClient(
-          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:forward&maxPoolSize=1`
-        );
-        client.connect(function (err, client) {
-          if (err) return done(err);
-          expect(dns.resolveCname).to.be.calledOnce;
-          verifyKerberosAuthentication(client, done);
+    for (const option of [false, 'none']) {
+      context(`when the value is ${option}`, function () {
+        it('authenticates with no dns lookups', function (done) {
+          const client = new MongoClient(
+            `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:${option}&maxPoolSize=1`
+          );
+          client.connect(function (err, client) {
+            if (err) return done(err);
+            expect(dns.resolveCname).to.not.be.called;
+            expect(dns.lookup).to.not.be.called;
+            verifyKerberosAuthentication(client, done);
+          });
         });
       });
-    });
+    }
 
     context('when the value is forwardAndReverse', function () {
-      it('successfully authenticates', function (done) {
+      it('authenticates with a forward dns lookup and a reverse ptr lookup', function (done) {
         const client = new MongoClient(
           `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:forwardAndReverse&maxPoolSize=1`
         );
@@ -127,34 +132,6 @@ describe('Kerberos', function () {
         });
       });
     });
-
-    context('when the value is false', function () {
-      it('successfully authenticates', function (done) {
-        const client = new MongoClient(
-          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:false&maxPoolSize=1`
-        );
-        client.connect(function (err, client) {
-          if (err) return done(err);
-          expect(dns.resolveCname).to.not.be.calledOnce;
-          expect(dns.lookup).to.not.be.calledOnce;
-          verifyKerberosAuthentication(client, done);
-        });
-      });
-    });
-
-    context('when the value is none', function () {
-      it('successfully authenticates', function (done) {
-        const client = new MongoClient(
-          `${krb5Uri}&authMechanismProperties=SERVICE_NAME:mongodb,CANONICALIZE_HOST_NAME:none&maxPoolSize=1`
-        );
-        client.connect(function (err, client) {
-          if (err) return done(err);
-          expect(dns.resolveCname).to.not.be.calledOnce;
-          expect(dns.lookup).to.not.be.calledOnce;
-          verifyKerberosAuthentication(client, done);
-        });
-      });
-    });
   });
 
   // Unskip this test when a proper setup is available - see NODE-3060