[clamav-users] TTL of DNS recode
Dennis Peterson
dennispe at inetnw.com
Thu Nov 24 05:21:34 UTC 2016
I should add something you probably know but others may not - your nslookup
report states at the bottom that it is an non-authorative result which is why
you see the time remaining in your NS cache. If you include the IP of an
authorative NS server you will get the configured TTL.
Example: nslookup -type=txt -debug current.cvd.clamav.net 208.201.249.238
The IP is one of the round robin addresses when doing a lookup on cvd.clamav.net.
Example: dig ns cvd.clamav.net
On 11/23/16 9:00 PM, Dennis Peterson wrote:
> You are seeing the time remaining in the cached lookup on your system.
> Subsequent queries will show the TTL falling with time.
>
> dp
>
> On 11/23/16 8:57 PM, Al Varnell wrote:
>> Thanks Dennis, for straightening me out on that.
>>
>> Strangely I get a different answer using nslookup:
>>
>>> $ nslookup -type=txt -debug current.cvd.clamav.net
>>> Server: 10.0.1.1
>>> Address: 10.0.1.1#53
>>>
>>> ------------
>>> QUESTIONS:
>>> current.cvd.clamav.net, type = TXT, class = IN
>>> ANSWERS:
>>> -> current.cvd.clamav.net
>>> text = "0.99.2:57:22592:1479958214:1:63:45271:285"
>>> ttl = 1078
>>> AUTHORITY RECORDS:
>>> ADDITIONAL RECORDS:
>>> ------------
>>> Non-authoritative answer:
>>> current.cvd.clamav.net text = "0.99.2:57:22592:1479958214:1:63:45271:285"
>>>
>>> Authoritative answers can be found from:
>>>
>>>
>> In any case, since updates occur at four hour intervals and checks are
>> normally limited to once an hour, a ttl of 30 minutes should be OK for most.
>> I can see where it might be a factor for those that find a need to check at
>> the maximum limit of four times per hour using a country coded freshclam.conf.
>>
>> -Al-
>>
>> On Wed, Nov 23, 2016 at 08:08 PM, Dennis Peterson wrote:
>>> The TTL for the TXT record at current.cvd.clamav.net is 1800 seconds. You
>>> can retrieve with curl or wget older versions of the signature by specifying
>>> the full file name, for example daily-22590.cdiff
>>>
>>> dp
>>>
>>> On 11/23/16 8:03 PM, Al Varnell wrote:
>>>> On Nov 23, 2016, at 7:10 PM, Tsutomu Oyamada wrote:
>>>>> We know CVD version information is published in DNS TXT record, this
>>>>> record's TTL values, 1800 seconds is currently is. This value is the
>>>>> same from the previous?
>>>> So I think I have the answer for this one. From my research it would seem
>>>> that TTL values are set by the DNS server you are accessing, not by the
>>>> ClamAV and is the same for all records on that server. You would have to
>>>> check with the DNS ISP to find out if it has changed or not.
>>>>
>>>> -Al-
>>>> ClamXav User
>>>>
>>>>
>>>> _______________________________________________
>>>> clamav-users mailing list
>>>> clamav-users at lists.clamav.net
>>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>>
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>>
>>> _______________________________________________
>>> clamav-users mailing list
>>> clamav-users at lists.clamav.net
>>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>>
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>> -Al-
>>
>>
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users at lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list