← Back to team overview

debcrafters-packages team mailing list archive

  1. debcrafters-packages team
  2. Mailing list archive
  3. Message #06450

[Bug 2121898] [NEW] sudo hangs when hostname resolution fails due to FQDN lookup being enabled by default (--with-fqdn)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

sudo on Ubuntu (tested on 24.04) is compiled with the --with-fqdn flag,
which causes it to perform FQDN resolution on the machine's own hostname
before executing any command (even when there is no Defaults fqdn line
in /etc/sudoers).

This can lead to noticeable hangs (30–60 seconds or more) if hostname
resolution fails. For example:

If the system hostname is changed via hostnamectl or GNOME Settings, but
/etc/hosts is not updated accordingly (a common and silent
misconfiguration).

If /etc/nsswitch.conf falls through to DNS and DNS is blocked (e.g. by a
VPN kill-switch).

If systemd-resolved has no cached answer and cannot reach upstream
nameservers.

In this scenario, sudo hangs until name resolution times out, then
eventually proceeds. This behavior is surprising, and introduces an
unnecessary point of failure in a critical tool that is expected to work
even when the network is down.

Notably, upstream sudo does not enable FQDN resolution by default — this
is a Debian/Ubuntu-specific build option (--with-fqdn). Other
distributions like Fedora and Arch do not compile sudo this way, and do
not exhibit this behavior unless Defaults fqdn is explicitly configured.


---
System Information:
- Ubuntu version: 24.04.2 LTS
- sudo version: 1.9.15p5-3ubuntu5.24.04.1

---

For a detailed write-up and reproduction scenario see:
https://anagogistis.com/posts/vpn-sudo-hang/

** Affects: sudo (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of
Debcrafters packages, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/2121898

Title:
  sudo hangs when hostname resolution fails due to FQDN lookup being
  enabled by default (--with-fqdn)

Status in sudo package in Ubuntu:
  New

Bug description:
  sudo on Ubuntu (tested on 24.04) is compiled with the --with-fqdn
  flag, which causes it to perform FQDN resolution on the machine's own
  hostname before executing any command (even when there is no Defaults
  fqdn line in /etc/sudoers).

  This can lead to noticeable hangs (30–60 seconds or more) if hostname
  resolution fails. For example:

  If the system hostname is changed via hostnamectl or GNOME Settings,
  but /etc/hosts is not updated accordingly (a common and silent
  misconfiguration).

  If /etc/nsswitch.conf falls through to DNS and DNS is blocked (e.g. by
  a VPN kill-switch).

  If systemd-resolved has no cached answer and cannot reach upstream
  nameservers.

  In this scenario, sudo hangs until name resolution times out, then
  eventually proceeds. This behavior is surprising, and introduces an
  unnecessary point of failure in a critical tool that is expected to
  work even when the network is down.

  Notably, upstream sudo does not enable FQDN resolution by default —
  this is a Debian/Ubuntu-specific build option (--with-fqdn). Other
  distributions like Fedora and Arch do not compile sudo this way, and
  do not exhibit this behavior unless Defaults fqdn is explicitly
  configured.

  
  ---
  System Information:
  - Ubuntu version: 24.04.2 LTS
  - sudo version: 1.9.15p5-3ubuntu5.24.04.1

  ---

  For a detailed write-up and reproduction scenario see:
  https://anagogistis.com/posts/vpn-sudo-hang/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2121898/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next