Bug#182886: libc6: local hostnames containing a dot get forwarded outside when doing host-lookups.

["Vassilii Khachaturov" <vassilii@tarunz.org>]

> Thanks, I missed that. Being placed unter "internal variables" and
> "debug" seems to have tricked me in ignoring this part.
> 
> There should at least be a sentence "search" to indicate that one has
> to read the ndots-part to get a real search-path.
> 
> > So it looks like to achieve what you suggest the ndots default 
> > should be adjusted according to the local policy during the installation 
> > process, right?
> 
> There is still the problem of an insecure default. Perhaps reassigning
> a clone to the installer might be the best solution. 
> 

I'm not sure yet if there is any secure default that makes sense for people
with just one domain name (majority). Change the debian installer to start
educating people about what happens if some.localdomain syntax is used
unless ndots is adjusted?
Disallow search at all by default, so that even for a local
domain one should always give an FQDN, whereas if someone wants the
search logic, this should be done via a special config. tool that gives
the warnings?
Modify all the packages and runtime scripts (like dhcp client stuff) that
changes the resolv.conf file to emit a commented warning there as well
to educate users that want to change the file manually?

v