Hello, > In the support FAQ for Clamav it states: > ----------------------------------------------------------------------------- > What does WARNING: DNS record is older than 3 hours mean? [snip] > The 4th field of the first line should be less than 3 . 3600 behind > the output of the second line. If not, you have a caching DNS server > somewhere misbehaving. > ----------------------------------------------------------------------------- > > So I go to the command line and do a: > > # host -t txt current.cvd.clamav.net; perl -e 'printf "%d\n", time;' > > And get: > > current.cvd.clamav.net text "0.91.1:44:3779:1185489181:1" > 1185490600 > > Well the 4th field is a lot more than "3"!
the faq says that it should be less than 1185490600-(3*3600) = 1185479800. Indeed this was not the case, as 1185489181 is greater than 1185479800. This happened because one of our slave DNS server was not fetching the zone from our backup master dns and our primary master dns was down. The other slave DNS were fetching the zone correctly, so only a minority (1/7th) of our users received this warning. freshclam falls back to http mode whenever a DNS starts behaving incorrectly, so no harm was done. Everybody was receiving CVD updates as usual. Best regards -- Luca Gibelli (luca _at_ clamav.net) - ClamAV, a GPL anti-virus toolkit [Tel] +1 706 7054022 [Fax] +1 706 5345792 [IM] nervous/jabber.linux.it PGP key id 5EFC5582 @ key server || http://www.clamav.net/gpg/luca.gpg _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
