Re: sudo slow on DNS lookup, with invalid resolv.conf entries

To: debian-user@lists.debian.org
Subject: Re: sudo slow on DNS lookup, with invalid resolv.conf entries
From: Reco <recoverym4n@gmail.com>
Date: Fri, 15 Sep 2017 22:58:00 +0300
Message-id: <[🔎] 20170915195758.mqbs2h5xvhi6omv7@p5k.home>
In-reply-to: <[🔎] f2566d3008361d2d65b362db988f1bf8.squirrel@127.0.0.1>
References: <[🔎] c305125a7fc0d1adf79aa6f6779bb510.squirrel@127.0.0.1> <[🔎] 20170915165545.g4i2azymxb7m4npe@p5k.home> <[🔎] f2566d3008361d2d65b362db988f1bf8.squirrel@127.0.0.1>

On Fri, Sep 15, 2017 at 04:28:31PM -0300, x9p wrote:
> 
> >         Hi.
> 
> Hi.
> 
> >
> > While DNS lookups for localhost are unusual any reasonable configured
> > DNS should have no trouble resolving it. Especially since there are OSes
> > that try to resolve *everything* by default via including localhost (AIX
> > comes to mind).
> >
> 
> Understand, but disagree with sudo doing DNS lookups. Will fill a bug with
> them.

sudo(8) says:

     sudo supports a plugin architecture for security policies and
input/output logging.  Third parties can develop and distribute their
own policy and I/O logging plugins to work seamlessly with the sudo
front end.  The default security policy is sudoers, which is configured
via the file /etc/sudoers, or via LDAP.

And LDAP means TCP, and TCP usually mean DNS requests.

So it's unusual (sudo does not exhibit such behavior here), but
possible.


> > While you mentioned misconfigured resolv.conf I believe your problem
> > lies somewhat deeper than this.
> 
> Actually it is deeper. I did not pay that much attention to the strace I
> did before.
> 
> https://pastebin.com/j0rw5Kgn
> 
> 10.1.2.9 is the DNS of the company I work for, turned out I had not
> connected to the VPN yet by the time i issued the sudo command.

A stray nameserver in resolv.conf, which can happen if resolvconf is
used carelessly. Even more weird things are always possible with
NetworkManager.

> resolv.conf is not a symlink to systemd, just a plain file. I explicitly
> removed the symlink and created a normal file.

And of course one can never disregard a misconfigured VPN script.



> > Specifically I'm interested with:
> >
> > grep hosts /etc/nsswitch.conf
> >
> > grep localhost /etc/hosts
> >
> > Reco
> >
> 
> Did not touched these, are the default from stretch:
> 
> root@localhost:~# grep hosts /etc/nsswitch.conf
> hosts:          files mdns4_minimal [NOTFOUND=return] dns myhostname
> root@localhost:~# grep localhost /etc/hosts
> 127.0.0.1       localhost
> 127.0.1.1       localhost
> ::1     localhost ip6-localhost ip6-loopback

Curious. Can you reproduce the behaviour if sudo is run as root?
I propose to simplify things a bit (needs to be run as root):

strace -o /tmp/sudo -econnect,open sudo -i

Reco

Reply to:

Follow-Ups:
- Re: sudo slow on DNS lookup, with invalid resolv.conf entries
  - From: "x9p" <debian-user@x9pneu.com>

References:
- sudo slow on DNS lookup, with invalid resolv.conf entries
  - From: "x9p" <debian-user@x9pneu.com>
- Re: sudo slow on DNS lookup, with invalid resolv.conf entries
  - From: Reco <recoverym4n@gmail.com>
- Re: sudo slow on DNS lookup, with invalid resolv.conf entries
  - From: "x9p" <debian-user@x9pneu.com>

Prev by Date: Re: apt problem
Next by Date: Re: apt problem
Previous by thread: Re: sudo slow on DNS lookup, with invalid resolv.conf entries
Next by thread: Re: sudo slow on DNS lookup, with invalid resolv.conf entries
Index(es):
- Date
- Thread