sudo is slow (10 seconds) when hostname is not resolvable
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
systemd (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I'm seeing very slow 'sudo' times in a qemu guest when the host uses systemd-resolved.
If I change /etc/resolv.conf on the host to point directly to a dns server (8.8.8.8) then the problem goes away.
To recreate, you can download a cloud image and boot it under qemu with a command line like:
cloud-localds seed.img user-data meta-data
qemu-
-device virtio-
-netdev type=user,id=net00 \
-drive file=root.
-device virtio-
-drive file=seed.
-device virtio-
-m 768
Make sure that your hostname does not resolve (change it to 'bogus-host1').
Log into the guest and then just try sudo, you'll see something like:
# time sudo ls
sudo: unable to resolve host rooturl-trusty
real 0m10.029s
user 0m0.006s
sys 0m0.011s
Here is some information collected when I tried to debug.
==== Using resolved on host =====
## guest
$ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 10.0.2.3
search mydomain.com bar.com
ubuntu@ rooturl- trusty$ time sudo /bin/true
sudo: unable to resolve host rooturl-trusty
$ time sudo /bin/true
real 0m10.021s
user 0m0.007s
sys 0m0.004s
## host
$ grep "^[^#]" /etc/resolv.conf
nameserver 127.0.0.53
search mydomain.net lan
$ sudo tcpdump -i any udp port 53 trusty. mydomain. com. (45) trusty. mydomain. com. (45) in-addr. arpa. (39) trusty. bar.com. (40) trusty. bar.com. (40) xxxxxx. net.domain: 196+ PTR? 3.2.0.10. in-addr. arpa. (39) xxxxxx. net.domain > milhouse.45718: 196 NXDomain* 0/0/0 (39) 10.in-addr. arpa. (40) xxxxxx. net.domain: 32522+ PTR? 15.2.0. 10.in-addr. arpa. (40) xxxxxx. net.domain > milhouse.44398: 32522 NXDomain* 0/0/0 (40)
14:51:58.038103 IP localhost.55365 > localhost.domain: 36012+ A? rooturl-
14:51:58.038180 IP localhost.55365 > localhost.domain: 49842+ AAAA? rooturl-
14:51:58.038569 IP localhost.domain > localhost.55365: 36012 NXDomain 0/0/0 (45)
14:51:58.038718 IP localhost.36879 > localhost.domain: 52853+ PTR? 3.2.0.10.
14:51:58.038848 IP localhost.domain > localhost.55365: 49842 NXDomain 0/0/0 (45)
14:51:58.039125 IP localhost.54202 > localhost.domain: 32902+ A? rooturl-
14:51:58.039154 IP localhost.54202 > localhost.domain: 58975+ AAAA? rooturl-
14:51:58.039189 IP milhouse.45718 > OpenWrt.
14:51:58.039436 IP localhost.domain > localhost.54202: 32902 0/0/0 (40)
14:51:58.039606 IP localhost.domain > localhost.54202: 58975 0/0/0 (40)
14:51:58.039828 IP localhost.39909 > localhost.domain: 14117+ A? rooturl-trusty. (32)
14:51:58.039856 IP localhost.39909 > localhost.domain: 64237+ AAAA? rooturl-trusty. (32)
14:51:58.041042 IP OpenWrt.
14:51:58.137739 IP localhost.domain > localhost.36879: 52853 0/0/0 (39)
14:51:58.138622 IP localhost.37396 > localhost.domain: 9267+ PTR? 15.2.0.
14:51:58.139344 IP milhouse.44398 > OpenWrt.
14:51:58.141103 IP OpenWrt.
14:51:58.386028 IP localhost.domain > localhost.37396: 9267 0/0/0 (40)
14:51:58.633518 IP localhost.domain > localhost.39909: 14117 ServFail 0/0/0 (32)
14:52:03.043476 IP localhost.39909 > localhost.domain: 14117+ A? rooturl-trusty. (32)
14:52:03.043544 IP localhost.39909 > localhost.domain: 64237+ AAAA? rooturl-trusty. (32)
14:52:03.634060 IP localhost.domain > localhost.39909: 14117 ServFail 0/0/0 (32)
## in the guest at the time of the above, doing a tcpdump shows trusty. mydomain. com. (45) in-addr. arpa. (39)
# tcpdump -i any udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
19:51:58.039452 IP 10.0.2.15.35832 > 10.0.2.3.domain: 49842+ AAAA? rooturl-
19:51:58.040165 IP 10.0.2.15.36362 > 10.0.2.3.domain: 52853+ PTR? 3.2.0.10.
19:51:58.040220 IP 10.0.2.3.domain > 10.0.2.15.35832: 36012 NXDomain 0/0/0 (45)
19:51:58.040469 IP 10.0.2.3.domain > 10.0.2.15.35832: 49842 NXDomain 0/0/0 (45)
19:51:58.040594 IP 10.0.2.15.55332 > 10.0.2.3.domain: 3290...