On Tue, 9 Mar 2004, Ron Snyder wrote: > Just want to pipe in with another opinion/question-- have there been more A > records added for database.clamav.net recently? Freshclam had been working > just fine for me for several weeks just started reporting the same problems > that Seve reported. When I started debugging the problem (using dig) I paid > attention to the "truncated results" notice that dig gave. > > This is caused because the amount of information was too big to fit in a udp > packet, and tcp dns packets were restricted from going through the firewall. > Once tcp packets were allowed through the firewall, freshclam started > working again.
Yep, I just ran across that myself. I would advise splitting it into multiple records and having freshclam randomly choose one of database1-N.clamav.net each one of which contains a smaller set of servers (with overlap of the "beefier" servers, to perform some poor-man's weighting), or something else like an intelligent global DNS-based load balancing solution (rather expensive :)) to prevent resolvers from needing to fall back on TCP. It's technically perfectly valid, but not advised due to widespread firewall misconfigurations. -- Tim Wilde [EMAIL PROTECTED] Systems Administrator Dynamic Network Services, Inc. http://www.dyndns.org/ ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
