On Mon, 20 Sep 2021 17:17:34 +0000 "Joel Esler (jesler)" <jes...@cisco.com> wrote:
> > On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users > > <clamav-users@lists.clamav.net> wrote: > > > > These two IPs are Anycast addresses, and have been unchanged for well over > > 2 years. (Anycast addresses don't have to change even if the physical > > servers change, that's their point!) They are: > > > > 104.16.218.84 > > 104.16.219.84 > That’s what they are for you. Cloudflare routes you to the closest pop to > your network. Your mileage may vary =================== I thought the IP addresses, being Anycast, were what are routed to the closest POP. No matter, when I resolve "database.clamav.net" via various DNS servers, using TCP to bypass the default local DNS server (as our firewall blocks outbound UDP port 53 otherwise), I always get these same two IP addresses as results (see below) Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that the Authoritative server and the public (Anycast) servers could conceivably be distributing different IP addresses depending on who is querying. (BIND/named has become incredibly complicated these days.) But since the two IP addresses are themselves Anycast, what would be the point? In any case, does anyone, anywhere, get IP addresses other than 104.16.218.84 104.16.219.84 when resolving "database.clamav.net"? ------------------------------------------------------------ $ dig +tcp +all @1.1.1.1 database.clamav.net ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @1.1.1.1 database.clamav.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5920 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;database.clamav.net. IN A ;; ANSWER SECTION: database.clamav.net. 31 IN CNAME database.clamav.net.cdn.cloudflare.net. database.clamav.net.cdn.cloudflare.net. 271 IN A 104.16.219.84 database.clamav.net.cdn.cloudflare.net. 271 IN A 104.16.218.84 ;; Query time: 11 msec ;; SERVER: 1.1.1.1#53(1.1.1.1) ;; WHEN: Mon Sep 20 15:28:17 2021 ;; MSG SIZE rcvd: 118 --------------- $ dig +tcp +all @8.8.8.8 database.clamav.net ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @8.8.8.8 database.clamav.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49012 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;database.clamav.net. IN A ;; ANSWER SECTION: database.clamav.net. 19 IN CNAME database.clamav.net.cdn.cloudflare.net. database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.218.84 database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.219.84 ;; Query time: 31 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Mon Sep 20 15:21:13 2021 ;; MSG SIZE rcvd: 118 --------------- $ dig +tcp +all @9.9.9.9 database.clamav.net ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @9.9.9.9 database.clamav.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29165 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;database.clamav.net. IN A ;; ANSWER SECTION: database.clamav.net. 60 IN CNAME database.clamav.net.cdn.cloudflare.net. database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.218.84 database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.219.84 ;; Query time: 91 msec ;; SERVER: 9.9.9.9#53(9.9.9.9) ;; WHEN: Mon Sep 20 15:30:17 2021 ;; MSG SIZE rcvd: 118 --------------- $ dig +tcp +all @71.243.0.12 database.clamav.net ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all @71.243.0.12 database.clamav.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12056 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;database.clamav.net. IN A ;; ANSWER SECTION: database.clamav.net. 60 IN CNAME database.clamav.net.cdn.cloudflare.net. database.clamav.net.cdn.cloudflare.net. 144 IN A 104.16.218.84 database.clamav.net.cdn.cloudflare.net. 144 IN A 104.16.219.84 ;; Query time: 16 msec ;; SERVER: 71.243.0.12#53(71.243.0.12) ;; WHEN: Mon Sep 20 15:21:39 2021 ;; MSG SIZE rcvd: 118 _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
