diff --git a/plugins/sudoers/defaults.c b/plugins/sudoers/defaults.c
index c63c4373d..dc395abdb 100644
--- a/plugins/sudoers/defaults.c
+++ b/plugins/sudoers/defaults.c
@@ -80,6 +80,7 @@ static struct strmap priorities[] = {
  * Defaults values to apply before others.
  */
 static const char *early_defaults[] = {
+    "fqdn",
     "runas_default",
     "sudoers_locale",
     NULL
diff --git a/plugins/sudoers/sudoers.c b/plugins/sudoers/sudoers.c
index 0c4e56b50..17d32adda 100644
--- a/plugins/sudoers/sudoers.c
+++ b/plugins/sudoers/sudoers.c
@@ -69,12 +69,12 @@
  * Prototypes
  */
 static char *find_editor(int nfiles, char **files, int *argc_out, char ***argv_out);
+static bool cb_fqdn(const union sudo_defs_val *);
 static bool cb_runas_default(const union sudo_defs_val *);
 static bool cb_sudoers_locale(const union sudo_defs_val *);
 static int set_cmnd(void);
 static int create_admin_success_flag(void);
 static bool init_vars(char * const *);
-static bool set_fqdn(void);
 static bool set_loginclass(struct passwd *);
 static bool set_runasgr(const char *, bool);
 static bool set_runaspw(const char *, bool);
@@ -238,9 +238,6 @@ sudoers_policy_init(void *info, char * const envp[])
 	    N_("problem with defaults entries"));
     }
 
-    if (def_fqdn)
-	set_fqdn();	/* deferred until after sudoers is parsed */
-
     /* Set login class if applicable. */
     if (set_loginclass(runas_pw ? runas_pw : sudo_user.pw))
 	rval = true;
@@ -746,6 +743,9 @@ init_vars(char * const envp[])
     if (!set_perms(PERM_INITIAL))
 	debug_return_bool(false);
 
+    /* Set fqdn callback. */
+    sudo_defs_table[I_FQDN].callback = cb_fqdn;
+
     /* Set runas callback. */
     sudo_defs_table[I_RUNAS_DEFAULT].callback = cb_runas_default;
 
@@ -762,6 +762,10 @@ init_vars(char * const envp[])
 	debug_return_bool(false);
     }
 
+    /* Set fully-qualified domain name if specified. */
+    if (def_fqdn)
+	cb_fqdn(NULL);
+
     debug_return_bool(true);
 }
 
@@ -1050,11 +1054,11 @@ resolve_host(const char *host, char **longp, char **shortp)
  * Sets user_host, user_shost, user_runhost and user_srunhost.
  */
 static bool
-set_fqdn(void)
+cb_fqdn(const union sudo_defs_val *unused)
 {
     bool remote;
     char *lhost, *shost;
-    debug_decl(set_fqdn, SUDOERS_DEBUG_PLUGIN)
+    debug_decl(cb_fqdn, SUDOERS_DEBUG_PLUGIN)
 
     /* If the -h flag was given we need to resolve both host and runhost. */
     remote = strcmp(user_runhost, user_host) != 0;