How a VPN kill-switch caused sudo to hang
14 points by bsandro
14 points by bsandro
Having sudo's fqdn on by default (as is the case in Ubuntu, but not Fedora, it seems) seems like madness. A root escalation program should not be doing DNS queries.
As usual it's because of what /etc/sudoers can do, which is a big pain point for sudo - there's a ton of surface area because of it. It's why people and distros are starting to look closer at alternatives.
I think regardless of the potential configurable options in sudoers, having fqdn enabled by default with a build-time option is really the wrong move.
I tested on Debian 13 (Trixie) and sudo -V still shows the --with-fqdn flag.
But I didn't get any hangs, probably because Debian doesn’t use systemd-resolved by default. So hostname resolution is faster and more reliable.
Can anyone confirm if sudo's FQDN resolution is enabled by default on other distros like Fedora or Arch?