On 18/12/2025 05:55, Andy Smith wrote:
On Wed, Dec 17, 2025 at 11:17:33PM +0700, Max Nikulin wrote:Is it possible to disable host name queries in sudo?The sudo web site and bugzilla bug tracker appears to be down right now but it is a known and reported bug in sudo that it still wants to resolve your host name even when every rule has "ALL" in the "host" part. So no, it is not currently possible to disable this.
Thanks for the detailed answer. I had hope that I just overlooked a way to tell sudo to trust uname (without resolving it to IP) or perhaps even to force some name to be considered as the current machine name by dropping another file into /etc/sudoers.d. I am aware that the idea is to have the same sudoers file on multiple machines with different privileges for users. I do not need this feature and, in general, it is better to have a kind of kill switch to disable unused features.
Anyway, on a properly set up Debian the system's nodename should be in /etc/hosts with an IP address and /etc/nsswitch.conf should list "files" as the method for the "hosts" table somewhere before "dns", so looking up one's own host name should not generate any network traffic.
I am realizing that it is my responsibility to ensure proper resolver configuration. Perhaps I would not notice the issue if I had nss-resolve(5) in that VM (I should test this corner case).