sudo doing DNS lookup
On 12/10/2010 09:04 AM, John Doe wrote:
From: Steve Clark <sclark@netwolves.com> I have a confusing problem. I have two centos 5,5 boxes. Both have sudo.i386 1.7.2p1-9.el5_5 installed I am using the same sudoers file, but the one on box A keeps trying to do DNS lookups while the one on box B does not. How do I disable this DNS lookup? Do you have fqdn in sudoers? No, thats the crazy part. I don't have that enabled and it still does the DNS lookup. I tried turning it on to see what would happen and the only thing different was it spit out: $ sudo vi /etc/resolv.conf sudo: unable to resolve host Z7070.netwolves.com Vim: Caught deadly signal TERM Vim: Finished. Terminated I finally killed it from another terminal cause it was taking so long. Without the: Defaults fqdn it hangs for a long time, this is when I don't have connection to the net, if I have connection there is just a slight pause while tries to do the DNS lookup. man sudoers: "Beware that turning on fqdn requires sudo to make DNS lookups which may make sudo unusable if DNS stops working" JD _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Stephen*Clark NetWolves Sr.*Software*Engineer*III Phone:*813-579-3200 Fax:*813-882-0209 Email:*steve.clark@netwolves.com http://www.netwolves.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
On Fri, 10 Dec 2010, Steve Clark wrote:
> it hangs for a long time, this is when I don't have connection to the net, > if I have connection there is just a slight pause while tries to do the DNS > lookup. What makes you sure it's a DNS lookup that causes the long hang when there's no network connection? jh _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 02:53:19PM +0000, John Hodrien wrote:
> On Fri, 10 Dec 2010, Steve Clark wrote: > > > it hangs for a long time, this is when I don't have connection to the net, > > if I have connection there is just a slight pause while tries to do the DNS > > lookup. > > What makes you sure it's a DNS lookup that causes the long hang when there's > no network connection? > Just to eliminate other possibilities--are either of these authenticating against an LDAP server? -- Scott Robbins PGP keyID EB3467D6 ( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 ) gpg --keyserver pgp.mit.edu --recv-keys EB3467D6 Xander: Generally speaking, when scary things get scared, not good. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
From: Steve Clark <sclark@netwolves.com>
> Without the: > Defaults fqdn > it hangs for a long time, this is when I don't have connection to the net, > if I have connection there is just a slight pause while tries to do the DNS > lookup. Did you compare the following files between both servers? /etc/hosts /etc/resolv.conf /etc/nsswitch.conf JD _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
On Fri, 10 Dec 2010, Scott Robbins wrote:
> Just to eliminate other possibilities--are either of these > authenticating against an LDAP server? That was entirely the line I was probing. nsswitch.conf would be telling. jh _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
> > I have a confusing problem. I have two centos 5,5 boxes. Both have > sudo.i386******************************* 1.7.2p1-9.el5_5 > installed > > I am using the same sudoers file, but the one on box A keeps trying to do > DNS lookups while the one on box B does not. How do I disable this DNS > lookup? Do both hosts have their hostnames in "/etc/hosts"? Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
On 12/10/2010 10:40 AM, Tom H wrote:
On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote: I have a confusing problem. I have two centos 5,5 boxes. Both have sudo.i386******************************* 1.7.2p1-9.el5_5 installed I am using the same sudoers file, but the one on box A keeps trying to do DNS lookups while the one on box B does not. How do I disable this DNS lookup? Do both hosts have their hostnames in "/etc/hosts"? Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos strace shows the* DNS lookup. I have resolved the problem as far why they behaved differently. Someone had put an entry in /etc/resolv.conf when normally we run our own nameserver at 127.0.0.1. Putting a hostname and address in the /etc/hosts also fixed the problem. But I still don't understand why it wants to do a DNS lookup when I don't have Defaults fqdn in the sudoers file. Again here is part of an strace of sudo cat /etc/rc.local; ... socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0 fcntl64(4, F_GETFL)******************** = 0x2 (flags O_RDWR) fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)* = 0 gettimeofday({1292009049, 862615}, NULL) = 0 poll([{fd=4, events=POLLOUT}], 1, 0)*** = 1 ([{fd=4, revents=POLLOUT}]) send(4, "206r1��1������5Z7070 netwolves3com"..., 37, MSG_NOSIGNAL) = 37 poll([{fd=4, events=POLLIN}], 1, 5000)* = 1 ([{fd=4, revents=POLLIN}]) ioctl(4, FIONREAD, [86])*************** = 0 recvfrom(4, "206r205203�1���1��5Z7070 netwolves3com"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 86 close(4)******************************* = 0 socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4 connect(4, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, 28) = 0 fcntl64(4, F_GETFL)******************** = 0x2 (flags O_RDWR) fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)* = 0 gettimeofday({1292009049, 864056}, NULL) = 0 poll([{fd=4, events=POLLOUT}], 1, 0)*** = 1 ([{fd=4, revents=POLLOUT}]) send(4, "3243051��1������5Z7070 netwolves3com"..., 51, MSG_NOSIGNAL) = 51 poll([{fd=4, events=POLLIN}], 1, 5000)* = 1 ([{fd=4, revents=POLLIN}]) ioctl(4, FIONREAD, [100])************** = 0 recvfrom(4, "324305205203�1���1��5Z7070 netwolves3com"..., 1024, 0, {sa_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr("127.0.0.1")}, [16]) = 100 close(4)******************************* = 0 readlink("/proc/self/exe", "/usr/bin/sudo"..., 4095) = 13 -- Stephen*Clark NetWolves Sr.*Software*Engineer*III Phone:*813-579-3200 Fax:*813-882-0209 Email:*steve.clark@netwolves.com http://www.netwolves.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 2:23 PM, Steve Clark <sclark@netwolves.com> wrote:
> On 12/10/2010 10:40 AM, Tom H wrote: > On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote: >>> >>> I have a confusing problem. I have two centos 5,5 boxes. Both have >>> sudo.i386******************************* 1.7.2p1-9.el5_5 >>> installed >>> >>> I am using the same sudoers file, but the one on box A keeps trying to do >>> DNS lookups while the one on box B does not. How do I disable this DNS >>> lookup? >> >> Do both hosts have their hostnames in "/etc/hosts"? >> >> Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"? > > I have resolved the problem as far why they behaved differently. > Someone had put an entry in /etc/resolv.conf when normally we run our > own nameserver at 127.0.0.1. > Putting a hostname and address in the /etc/hosts also fixed the problem. > > But I still don't understand why it wants to do a DNS lookup when I don't > have > Defaults fqdn > in the sudoers file. A WAG: Since sudo rights are assigned on a box by box basis (unless you use "ALL"), sudo has to check on which box you are running it. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
> Hi, > > I have a confusing problem. I have two centos 5,5 boxes. Both have > sudo.i386******************************* 1.7.2p1-9.el5_5 > installed > > I am using the same sudoers file, but the one on box A keeps trying to do > DNS lookups > while the one on box B does not. How do I disable this DNS lookup? > > Thanks for any info. It's probably looking up the hostname of the host you're on, to match against host informaiton in sudoers entries. Do you have your hostname and IP address in /etc/hosts on each machine? And do you have fully qualified hostnames, matching the entries in /etc/hosts? _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos |
| All times are GMT. The time now is 11:05 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.