Hm, curious behavior on my Windows box: nslookup is indeed always applying all the search suffixes whenever I do a lookup, but if I just use the normal resolution process (for example running `ping www.google.com` etc), then the value of `HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\AppendToMultiLabelName` is respected, which defaults to 0 since Vista.
So this shouldn't really be an issue for most people, but highlights once again that you should never ever use a domain in your infrastructure that you do not own or at the very least use one of the suffixes from https://www.rfc-editor.org/rfc/rfc6762#appendix-G
That matches my observation on Windows 11. Looking at wireshark while doing the resolution I see the following: Normal queries never use the the suffix. nslookup does, which the resolver answers with NXDOMAIN
Fritz box allows you to capture traffic towards the ISP too and there I never see such a suffix query in either case. So I assume the fritz resolver directly responds to those.
That does not really match the behavior described in the OP but I would be very surprised if the behavior described there wouldn't have lead to a big outcry much earlier.
Can we be absolutely sure the "normal resolution mode" is always used? I'm happy to accept that impact might be not as severe as stated, but to me it's very scary that a simple nslookup for google.com returns the IP address of fritz.box.
So this shouldn't really be an issue for most people, but highlights once again that you should never ever use a domain in your infrastructure that you do not own or at the very least use one of the suffixes from https://www.rfc-editor.org/rfc/rfc6762#appendix-G