Cool 👍🏼👍🏼 — Sent from my iPhone
> On Sep 20, 2021, at 20:17, Paul Kosinski <clamav-us...@iment.com> wrote: > > On Mon, 20 Sep 2021 17:17:34 +0000 > "Joel Esler (jesler)" <jes...@cisco.com> wrote: > >>>> On Sep 20, 2021, at 13:08, Paul Kosinski via clamav-users >>>> <clamav-users@lists.clamav.net> wrote: >>> >>> These two IPs are Anycast addresses, and have been unchanged for well over >>> 2 years. (Anycast addresses don't have to change even if the physical >>> servers change, that's their point!) They are: >>> >>> 104.16.218.84 >>> 104.16.219.84 >> That’s what they are for you. Cloudflare routes you to the closest pop to >> your network. Your mileage may vary > > =================== > > I thought the IP addresses, being Anycast, were what are routed to the > closest POP. > > No matter, when I resolve "database.clamav.net" via various DNS servers, > using TCP to bypass the default local DNS server (as our firewall blocks > outbound UDP port 53 otherwise), I always get these same two IP addresses as > results (see below) > > Given that the servers at 1.1.1.1, 8.8.8.8 and 9.9.9.9 are "public", and > likely Anycast, while 71.243.0.12 is local Verizon/FIOS, I suppose that the > Authoritative server and the public (Anycast) servers could conceivably be > distributing different IP addresses depending on who is querying. (BIND/named > has become incredibly complicated these days.) But since the two IP addresses > are themselves Anycast, what would be the point? > > In any case, does anyone, anywhere, get IP addresses other than > > 104.16.218.84 > 104.16.219.84 > > when resolving "database.clamav.net"? > > ------------------------------------------------------------ > > $ dig +tcp +all @1.1.1.1 database.clamav.net > > ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all > @1.1.1.1 database.clamav.net > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5920 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;database.clamav.net. IN A > > ;; ANSWER SECTION: > database.clamav.net. 31 IN CNAME > database.clamav.net.cdn.cloudflare.net. > database.clamav.net.cdn.cloudflare.net. 271 IN A 104.16.219.84 > database.clamav.net.cdn.cloudflare.net. 271 IN A 104.16.218.84 > > ;; Query time: 11 msec > ;; SERVER: 1.1.1.1#53(1.1.1.1) > ;; WHEN: Mon Sep 20 15:28:17 2021 > ;; MSG SIZE rcvd: 118 > > --------------- > > $ dig +tcp +all @8.8.8.8 database.clamav.net > > ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all > @8.8.8.8 database.clamav.net > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49012 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;database.clamav.net. IN A > > ;; ANSWER SECTION: > database.clamav.net. 19 IN CNAME > database.clamav.net.cdn.cloudflare.net. > database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.218.84 > database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.219.84 > > ;; Query time: 31 msec > ;; SERVER: 8.8.8.8#53(8.8.8.8) > ;; WHEN: Mon Sep 20 15:21:13 2021 > ;; MSG SIZE rcvd: 118 > > --------------- > > $ dig +tcp +all @9.9.9.9 database.clamav.net > > ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all > @9.9.9.9 database.clamav.net > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29165 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;database.clamav.net. IN A > > ;; ANSWER SECTION: > database.clamav.net. 60 IN CNAME > database.clamav.net.cdn.cloudflare.net. > database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.218.84 > database.clamav.net.cdn.cloudflare.net. 300 IN A 104.16.219.84 > > ;; Query time: 91 msec > ;; SERVER: 9.9.9.9#53(9.9.9.9) > ;; WHEN: Mon Sep 20 15:30:17 2021 > ;; MSG SIZE rcvd: 118 > > --------------- > > $ dig +tcp +all @71.243.0.12 database.clamav.net > > ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +nocomments +nostats +nocmd +tcp +all > @71.243.0.12 database.clamav.net > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12056 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;database.clamav.net. IN A > > ;; ANSWER SECTION: > database.clamav.net. 60 IN CNAME > database.clamav.net.cdn.cloudflare.net. > database.clamav.net.cdn.cloudflare.net. 144 IN A 104.16.218.84 > database.clamav.net.cdn.cloudflare.net. 144 IN A 104.16.219.84 > > ;; Query time: 16 msec > ;; SERVER: 71.243.0.12#53(71.243.0.12) > ;; WHEN: Mon Sep 20 15:21:39 2021 > ;; MSG SIZE rcvd: 118 > > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml