On Wed, 30 Jul 2025 12:38:29 -0500 Nick Suan via clamav-users <[email protected]> wrote:
> On Wed, Jul 30, 2025, at 10:05 AM, Paul Kosinski via clamav-users wrote: > > > If I 'dig', I get: > > > > $ dig database.clamav.net > > ;database.clamav.net. IN A > > database.clamav.net. 60 IN CNAME > > database.clamav.net.cdn.cloudflare.net. > > database.clamav.net.cdn.cloudflare.net. 300 IN A 104.18.203.90 > > database.clamav.net.cdn.cloudflare.net. 300 IN A 104.17.196.15 > > > > suggesting that the IP addresses have a TTL of only 5 minutes! This > > would seem to make it impractical to update my firewall rules often > > enough. (Also, if I do repeated digs on this URL, I see the TTL > > counting down -- and then recycling! Very strange.) > > > > Yes, it's very much 5 minutes, and the reason you see it counting down is > because your local resolver is only going to cache it for that maximum of > five minutes. > Good explanation! I found it strange because I don't remember any other dig (using the exact same caching DNS resolver instance) showing a TTL count-down. But when I just now tried repeating a different dig in a short time frame I do indeed see a count-down! (But most TTLs are much longer, so they don't actually repeat before I give up digging.) _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
