On Thu, 7 Apr 2016 11:02:28 +0200 Reindl Harald wrote: > Am 07.04.2016 um 10:48 schrieb Matus UHLAR - fantomas: > >> [harry@rh:~]$ nslookup mirrors.updates.spamassassin.org > >> b.auth-ns.sonic.net. > >> Server: b.auth-ns.sonic.net. > >> Address: 184.173.92.18#53 > >> > >> *** Can't find mirrors.updates.spamassassin.org: No answer > > > > Please, get rid of nslookup. One of its main problems is that it > > produces invalid output in many cases, this is one of them. > > > > "dig any mirrors.updates.spamassassin.org. @b.auth-ns.sonic.net." > > produces OK output > > mirrors.updates.spamassassin.org. 3600 IN TXT > "http://spamassassin.apache.org/updates/MIRRORED.BY > > well, that's somehow crazy, normally one makes dns round-robin for a > hostname and then load that file from one of the mirrors because all > the mirrors don't help much when "spamassassin.apache.org" is down
spamassassin.apache.org has 2 ip addresses on 2 continents and MIRRORED.BY can be cached by sa-update for 7 days. Having the file on the actual mirrors would place unnecessary restrictions on how these third-party http servers are configured. There does however appear to be a minor problem here. The http headers for MIRRORED.BY have a last-modified date, but no explicit expiry information. The relevant RFC allows an http proxy to cache the file for up to 365 days before a get-if-modified request is needed. Most caches set a lower limit, and if curl is used, it requests the proxy go to the origin server, but there is scope for getting a very stale file.
