I have a confusing problem. I have two centos 5,5 boxes. Both have
sudo.i386 1.7.2p1-9.el5_5
installed
I am using the same sudoers file, but the one on box A keeps trying to do DNS
lookups
while the one on box B does not. How do I disable this DNS lookup?
Do you have fqdn in sudoers?
No, thats the crazy part. I don't have that enabled and it still does
the
DNS lookup. I tried turning it on to see what would happen and the
only thing different was it spit out:
$ sudo vi /etc/resolv.conf
sudo: unable to resolve host Z7070.netwolves.com
Vim: Caught deadly signal TERM
Vim: Finished.
Terminated
I finally killed it from another terminal cause it was taking so long.
Without the:
Defaults fqdn
it hangs for a long time, this is when I don't have connection to the
net,
if I have connection there is just a slight pause while tries to do the
DNS
lookup.
man sudoers:
"Beware that turning on fqdn requires sudo to make DNS
lookups which may make sudo unusable if DNS stops
working"
JD
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
--
Stephen*Clark
NetWolves
Sr.*Software*Engineer*III
Phone:*813-579-3200
Fax:*813-882-0209
Email:*steve.clark@netwolves.com
http://www.netwolves.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-10-2010, 01:53 PM
John Hodrien
sudo doing DNS lookup
On Fri, 10 Dec 2010, Steve Clark wrote:
> it hangs for a long time, this is when I don't have connection to the net,
> if I have connection there is just a slight pause while tries to do the DNS
> lookup.
What makes you sure it's a DNS lookup that causes the long hang when there's
no network connection?
jh
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-10-2010, 02:07 PM
Scott Robbins
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 02:53:19PM +0000, John Hodrien wrote:
> On Fri, 10 Dec 2010, Steve Clark wrote:
>
> > it hangs for a long time, this is when I don't have connection to the net,
> > if I have connection there is just a slight pause while tries to do the DNS
> > lookup.
>
> What makes you sure it's a DNS lookup that causes the long hang when there's
> no network connection?
>
Just to eliminate other possibilities--are either of these
authenticating against an LDAP server?
Xander: Generally speaking, when scary things get scared, not
good.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-10-2010, 02:10 PM
John Doe
sudo doing DNS lookup
From: Steve Clark <sclark@netwolves.com>
> Without the:
> Defaults fqdn
> it hangs for a long time, this is when I don't have connection to the net,
> if I have connection there is just a slight pause while tries to do the DNS
> lookup.
Did you compare the following files between both servers?
/etc/hosts
/etc/resolv.conf
/etc/nsswitch.conf
JD
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-10-2010, 02:11 PM
John Hodrien
sudo doing DNS lookup
On Fri, 10 Dec 2010, Scott Robbins wrote:
> Just to eliminate other possibilities--are either of these
> authenticating against an LDAP server?
That was entirely the line I was probing. nsswitch.conf would be telling.
jh
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-10-2010, 02:40 PM
Tom H
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
>
> I have a confusing problem. I have two centos 5,5 boxes. Both have
> sudo.i386******************************* 1.7.2p1-9.el5_5
> installed
>
> I am using the same sudoers file, but the one on box A keeps trying to do
> DNS lookups while the one on box B does not. How do I disable this DNS
> lookup?
Do both hosts have their hostnames in "/etc/hosts"?
Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-10-2010, 06:23 PM
Steve Clark
sudo doing DNS lookup
On 12/10/2010 10:40 AM, Tom H wrote:
On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
I have a confusing problem. I have two centos 5,5 boxes. Both have
sudo.i386******************************* 1.7.2p1-9.el5_5
installed
I am using the same sudoers file, but the one on box A keeps trying to do
DNS lookups while the one on box B does not. How do I disable this DNS
lookup?
Do both hosts have their hostnames in "/etc/hosts"?
Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
strace shows the* DNS lookup.
I have resolved the problem as far why they behaved differently.
Someone had put an entry in /etc/resolv.conf when normally we run our
own nameserver at 127.0.0.1.
Putting a hostname and address in the /etc/hosts also fixed the problem.
But I still don't understand why it wants to do a DNS lookup when I
don't
have
Defaults fqdn
in the sudoers file.
Again here is part of an strace of sudo cat /etc/rc.local;
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-10-2010, 06:45 PM
Tom H
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 2:23 PM, Steve Clark <sclark@netwolves.com> wrote:
> On 12/10/2010 10:40 AM, Tom H wrote:
> On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
>>>
>>> I have a confusing problem. I have two centos 5,5 boxes. Both have
>>> sudo.i386******************************* 1.7.2p1-9.el5_5
>>> installed
>>>
>>> I am using the same sudoers file, but the one on box A keeps trying to do
>>> DNS lookups while the one on box B does not. How do I disable this DNS
>>> lookup?
>>
>> Do both hosts have their hostnames in "/etc/hosts"?
>>
>> Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"?
>
> I have resolved the problem as far why they behaved differently.
> Someone had put an entry in /etc/resolv.conf when normally we run our
> own nameserver at 127.0.0.1.
> Putting a hostname and address in the /etc/hosts also fixed the problem.
>
> But I still don't understand why it wants to do a DNS lookup when I don't
> have
> Defaults fqdn
> in the sudoers file.
A WAG: Since sudo rights are assigned on a box by box basis (unless
you use "ALL"), sudo has to check on which box you are running it.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
12-11-2010, 04:18 AM
Nico Kadel-Garcia
sudo doing DNS lookup
On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
> Hi,
>
> I have a confusing problem. I have two centos 5,5 boxes. Both have
> sudo.i386******************************* 1.7.2p1-9.el5_5
> installed
>
> I am using the same sudoers file, but the one on box A keeps trying to do
> DNS lookups
> while the one on box B does not. How do I disable this DNS lookup?
>
> Thanks for any info.
It's probably looking up the hostname of the host you're on, to match
against host informaiton in sudoers entries. Do you have your hostname
and IP address in /etc/hosts on each machine? And do you have fully
qualified hostnames, matching the entries in /etc/hosts?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
sudo doing DNS lookup
