Hi, On Wed, Dec 17, 2025 at 11:17:33PM +0700, Max Nikulin wrote: > Is it possible to disable host name queries in sudo?
The sudo web site and bugzilla bug tracker appears to be down right now but it is a known and reported bug in sudo that it still wants to resolve your host name even when every rule has "ALL" in the "host" part. So no, it is not currently possible to disable this. Linux uses the gethostname() libc function which then uses the uname() system call, which returns a nodename from kernel memory. That setting is set by the sethostname() system call usually during boot based on contents of /etc/hostname or /etc/hosts. If it is not set, it can be temporarily set using the "hostname" command but it would end up unset again at next boot. sudo is then taking that nodename and trying to resolve it to an IP address. I think that is any IP address at all, not necessarily one currently bound to any network interface on the host. Anyway, on a properly set up Debian the system's nodename should be in /etc/hosts with an IP address and /etc/nsswitch.conf should list "files" as the method for the "hosts" table somewhere before "dns", so looking up one's own host name should not generate any network traffic. On some setups there will also be other NSS modules like "myhostname" that will answer that question, and of course there are NSS modules other than "dns" that will do network queries. So short story is that to avoid network traffic from sudo, make sure /etc/hosts has your nodename and that "files" comes before "dns" or other NSS modules that may use the network. Or switch to a "sudo" alternative. I had hoped that sudo-rs would not support host-based rules but it still seems to. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting > I'd be interested to hear any (even two word) reviews of their sofas… Provides seating. — Andy Davidson
