> Thanks, I missed that. Being placed unter "internal variables" and > "debug" seems to have tricked me in ignoring this part. > > There should at least be a sentence "search" to indicate that one has > to read the ndots-part to get a real search-path. > > > So it looks like to achieve what you suggest the ndots default > > should be adjusted according to the local policy during the installation > > process, right? > > There is still the problem of an insecure default. Perhaps reassigning > a clone to the installer might be the best solution. >
I'm not sure yet if there is any secure default that makes sense for people with just one domain name (majority). Change the debian installer to start educating people about what happens if some.localdomain syntax is used unless ndots is adjusted? Disallow search at all by default, so that even for a local domain one should always give an FQDN, whereas if someone wants the search logic, this should be done via a special config. tool that gives the warnings? Modify all the packages and runtime scripts (like dhcp client stuff) that changes the resolv.conf file to emit a commented warning there as well to educate users that want to change the file manually? v -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
