Re: sudo slow on DNS lookup, with invalid resolv.conf entries
> sudo(8) says:
>
> sudo supports a plugin architecture for security policies and
> input/output logging. Third parties can develop and distribute their
> own policy and I/O logging plugins to work seamlessly with the sudo
> front end. The default security policy is sudoers, which is configured
> via the file /etc/sudoers, or via LDAP.
>
> And LDAP means TCP, and TCP usually mean DNS requests.
>
> So it's unusual (sudo does not exhibit such behavior here), but
> possible.
>
Agree there are situations where sudo does TCP. Disagree with that
occurring in my simplistic setup. sudo should not hang for X seconds if my
DNS servers are incorrect.
> A stray nameserver in resolv.conf, which can happen if resolvconf is
> used carelessly. Even more weird things are always possible with
> NetworkManager.
Am too old, I like /etc/resolv.conf being just a file. Am avoiding to turn
this into a systemd talk.
>> resolv.conf is not a symlink to systemd, just a plain file. I explicitly
>> removed the symlink and created a normal file.
>
> And of course one can never disregard a misconfigured VPN script.
>
>
>
>> > Specifically I'm interested with:
>> >
>> > grep hosts /etc/nsswitch.conf
>> >
>> > grep localhost /etc/hosts
>> >
>> > Reco
>> >
>>
>> Did not touched these, are the default from stretch:
>>
>> root@localhost:~# grep hosts /etc/nsswitch.conf
>> hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
>> root@localhost:~# grep localhost /etc/hosts
>> 127.0.0.1 localhost
>> 127.0.1.1 localhost
>> ::1 localhost ip6-localhost ip6-loopback
>
> Curious. Can you reproduce the behaviour if sudo is run as root?
> I propose to simplify things a bit (needs to be run as root):
>
strace was already run as root (did "sudo su" as root to prove the point),
otherwise strace would fail with "effective uid is not 0".
x9p
Reply to: