FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-10-2010, 01:35 PM
Steve Clark
 
Default sudo doing DNS lookup

On 12/10/2010 09:04 AM, John Doe wrote:

From: Steve Clark <sclark@netwolves.com>


I have a confusing problem. I have two centos 5,5 boxes. Both have
sudo.i386 1.7.2p1-9.el5_5


installed


I am using the same sudoers file, but the one on box A keeps trying to do DNS
lookups
while the one on box B does not. How do I disable this DNS lookup?



Do you have fqdn in sudoers?



No, thats the crazy part. I don't have that enabled and it still does
the

DNS lookup. I tried turning it on to see what would happen and the

only thing different was it spit out:

$ sudo vi /etc/resolv.conf

sudo: unable to resolve host Z7070.netwolves.com

Vim: Caught deadly signal TERM



Vim: Finished.

Terminated



I finally killed it from another terminal cause it was taking so long.



Without the:

Defaults fqdn

it hangs for a long time, this is when I don't have connection to the
net,

if I have connection there is just a slight pause while tries to do the
DNS

lookup.






man sudoers:
"Beware that turning on fqdn requires sudo to make DNS
lookups which may make sudo unusable if DNS stops
working"

JD



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos







--

Stephen*Clark

NetWolves

Sr.*Software*Engineer*III

Phone:*813-579-3200

Fax:*813-882-0209

Email:*steve.clark@netwolves.com

http://www.netwolves.com




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2010, 01:53 PM
John Hodrien
 
Default sudo doing DNS lookup

On Fri, 10 Dec 2010, Steve Clark wrote:

> it hangs for a long time, this is when I don't have connection to the net,
> if I have connection there is just a slight pause while tries to do the DNS
> lookup.

What makes you sure it's a DNS lookup that causes the long hang when there's
no network connection?

jh
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2010, 02:07 PM
Scott Robbins
 
Default sudo doing DNS lookup

On Fri, Dec 10, 2010 at 02:53:19PM +0000, John Hodrien wrote:
> On Fri, 10 Dec 2010, Steve Clark wrote:
>

> > it hangs for a long time, this is when I don't have connection to the net,
> > if I have connection there is just a slight pause while tries to do the DNS
> > lookup.
>
> What makes you sure it's a DNS lookup that causes the long hang when there's
> no network connection?
>

Just to eliminate other possibilities--are either of these
authenticating against an LDAP server?

--
Scott Robbins
PGP keyID EB3467D6
( 1B48 077D 66F6 9DB0 FDC2 A409 FA54 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6

Xander: Generally speaking, when scary things get scared, not
good.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2010, 02:10 PM
John Doe
 
Default sudo doing DNS lookup

From: Steve Clark <sclark@netwolves.com>
> Without the:
> Defaults fqdn
> it hangs for a long time, this is when I don't have connection to the net,
> if I have connection there is just a slight pause while tries to do the DNS
> lookup.

Did you compare the following files between both servers?
/etc/hosts
/etc/resolv.conf
/etc/nsswitch.conf

JD



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2010, 02:11 PM
John Hodrien
 
Default sudo doing DNS lookup

On Fri, 10 Dec 2010, Scott Robbins wrote:

> Just to eliminate other possibilities--are either of these
> authenticating against an LDAP server?

That was entirely the line I was probing. nsswitch.conf would be telling.

jh
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2010, 02:40 PM
Tom H
 
Default sudo doing DNS lookup

On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
>
> I have a confusing problem. I have two centos 5,5 boxes. Both have
> sudo.i386******************************* 1.7.2p1-9.el5_5
> installed
>
> I am using the same sudoers file, but the one on box A keeps trying to do
> DNS lookups while the one on box B does not. How do I disable this DNS
> lookup?

Do both hosts have their hostnames in "/etc/hosts"?

Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2010, 06:23 PM
Steve Clark
 
Default sudo doing DNS lookup

On 12/10/2010 10:40 AM, Tom H wrote:

On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:



I have a confusing problem. I have two centos 5,5 boxes. Both have
sudo.i386******************************* 1.7.2p1-9.el5_5
installed

I am using the same sudoers file, but the one on box A keeps trying to do
DNS lookups while the one on box B does not. How do I disable this DNS
lookup?








Do both hosts have their hostnames in "/etc/hosts"?

Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos





strace shows the* DNS lookup.



I have resolved the problem as far why they behaved differently.

Someone had put an entry in /etc/resolv.conf when normally we run our

own nameserver at 127.0.0.1.

Putting a hostname and address in the /etc/hosts also fixed the problem.




But I still don't understand why it wants to do a DNS lookup when I
don't

have

Defaults fqdn

in the sudoers file.



Again here is part of an strace of sudo cat /etc/rc.local;



...

socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4

connect(4, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, 28) = 0

fcntl64(4, F_GETFL)******************** = 0x2 (flags O_RDWR)

fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)* = 0

gettimeofday({1292009049, 862615}, NULL) = 0

poll([{fd=4, events=POLLOUT}], 1, 0)*** = 1 ([{fd=4, revents=POLLOUT}])

send(4, "206r115Z7070 netwolves3com"..., 37,
MSG_NOSIGNAL) = 37

poll([{fd=4, events=POLLIN}], 1, 5000)* = 1 ([{fd=4, revents=POLLIN}])

ioctl(4, FIONREAD, [86])*************** = 0

recvfrom(4, "206r205203115Z7070 netwolves3com"...,
1024, 0, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 86

close(4)******************************* = 0

socket(PF_INET, SOCK_DGRAM, IPPROTO_IP) = 4

connect(4, {sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, 28) = 0

fcntl64(4, F_GETFL)******************** = 0x2 (flags O_RDWR)

fcntl64(4, F_SETFL, O_RDWR|O_NONBLOCK)* = 0

gettimeofday({1292009049, 864056}, NULL) = 0

poll([{fd=4, events=POLLOUT}], 1, 0)*** = 1 ([{fd=4, revents=POLLOUT}])

send(4, "324305115Z7070 netwolves3com"..., 51,
MSG_NOSIGNAL) = 51

poll([{fd=4, events=POLLIN}], 1, 5000)* = 1 ([{fd=4, revents=POLLIN}])

ioctl(4, FIONREAD, [100])************** = 0

recvfrom(4,
"324305205203115Z7070 netwolves3com"..., 1024, 0,
{sa_family=AF_INET, sin_port=htons(53),
sin_addr=inet_addr("127.0.0.1")}, [16]) = 100

close(4)******************************* = 0

readlink("/proc/self/exe", "/usr/bin/sudo"..., 4095) = 13















--

Stephen*Clark

NetWolves

Sr.*Software*Engineer*III

Phone:*813-579-3200

Fax:*813-882-0209

Email:*steve.clark@netwolves.com

http://www.netwolves.com




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-10-2010, 06:45 PM
Tom H
 
Default sudo doing DNS lookup

On Fri, Dec 10, 2010 at 2:23 PM, Steve Clark <sclark@netwolves.com> wrote:
> On 12/10/2010 10:40 AM, Tom H wrote:
> On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
>>>
>>> I have a confusing problem. I have two centos 5,5 boxes. Both have
>>> sudo.i386******************************* 1.7.2p1-9.el5_5
>>> installed
>>>
>>> I am using the same sudoers file, but the one on box A keeps trying to do
>>> DNS lookups while the one on box B does not. How do I disable this DNS
>>> lookup?
>>
>> Do both hosts have their hostnames in "/etc/hosts"?
>>
>> Do both hosts have "hosts: files dns" in "/etc/nsswitch.conf"?
>
> I have resolved the problem as far why they behaved differently.
> Someone had put an entry in /etc/resolv.conf when normally we run our
> own nameserver at 127.0.0.1.
> Putting a hostname and address in the /etc/hosts also fixed the problem.
>
> But I still don't understand why it wants to do a DNS lookup when I don't
> have
> Defaults fqdn
> in the sudoers file.

A WAG: Since sudo rights are assigned on a box by box basis (unless
you use "ALL"), sudo has to check on which box you are running it.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-11-2010, 04:18 AM
Nico Kadel-Garcia
 
Default sudo doing DNS lookup

On Fri, Dec 10, 2010 at 8:43 AM, Steve Clark <sclark@netwolves.com> wrote:
> Hi,
>
> I have a confusing problem. I have two centos 5,5 boxes. Both have
> sudo.i386******************************* 1.7.2p1-9.el5_5
> installed
>
> I am using the same sudoers file, but the one on box A keeps trying to do
> DNS lookups
> while the one on box B does not. How do I disable this DNS lookup?
>
> Thanks for any info.

It's probably looking up the hostname of the host you're on, to match
against host informaiton in sudoers entries. Do you have your hostname
and IP address in /etc/hosts on each machine? And do you have fully
qualified hostnames, matching the entries in /etc/hosts?
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 12:57 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org