Re: sudo slow on DNS lookup, with invalid resolv.conf entries
On Fri, Sep 15, 2017 at 04:28:31PM -0300, x9p wrote:
>
> > Hi.
>
> Hi.
>
> >
> > While DNS lookups for localhost are unusual any reasonable configured
> > DNS should have no trouble resolving it. Especially since there are OSes
> > that try to resolve *everything* by default via including localhost (AIX
> > comes to mind).
> >
>
> Understand, but disagree with sudo doing DNS lookups. Will fill a bug with
> them.
sudo(8) says:
sudo supports a plugin architecture for security policies and
input/output logging. Third parties can develop and distribute their
own policy and I/O logging plugins to work seamlessly with the sudo
front end. The default security policy is sudoers, which is configured
via the file /etc/sudoers, or via LDAP.
And LDAP means TCP, and TCP usually mean DNS requests.
So it's unusual (sudo does not exhibit such behavior here), but
possible.
> > While you mentioned misconfigured resolv.conf I believe your problem
> > lies somewhat deeper than this.
>
> Actually it is deeper. I did not pay that much attention to the strace I
> did before.
>
> https://pastebin.com/j0rw5Kgn
>
> 10.1.2.9 is the DNS of the company I work for, turned out I had not
> connected to the VPN yet by the time i issued the sudo command.
A stray nameserver in resolv.conf, which can happen if resolvconf is
used carelessly. Even more weird things are always possible with
NetworkManager.
> resolv.conf is not a symlink to systemd, just a plain file. I explicitly
> removed the symlink and created a normal file.
And of course one can never disregard a misconfigured VPN script.
> > Specifically I'm interested with:
> >
> > grep hosts /etc/nsswitch.conf
> >
> > grep localhost /etc/hosts
> >
> > Reco
> >
>
> Did not touched these, are the default from stretch:
>
> root@localhost:~# grep hosts /etc/nsswitch.conf
> hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
> root@localhost:~# grep localhost /etc/hosts
> 127.0.0.1 localhost
> 127.0.1.1 localhost
> ::1 localhost ip6-localhost ip6-loopback
Curious. Can you reproduce the behaviour if sudo is run as root?
I propose to simplify things a bit (needs to be run as root):
strace -o /tmp/sudo -econnect,open sudo -i
Reco
Reply to: