5 Replies Latest reply on Dec 10, 2013 3:06 PM by sliedl

    Data for host has expired




      I've stumbled across the following audit log and was hoping someone can help me interpret it.


      Dec  6 16:16:09 2013 CST  f_acld a_server t_error p_major

      pid: 2406 ruid: 0 euid: 0 pgid: 2406 logid: 0 cmd: 'acld'

      domain: Acld edomain: Acld hostname: ns1.company.com


      =Data for host (policy>host>crl.globalsign.com) has expired. Please make sure there is no DNS problem.


      We are getting dozens of these every second on an appliance running  They all reference a DNS host object defined in the policy, but the host objects do resolve to an IP.  Any idea what the problem may be?  Thanks.



        • 1. Re: Data for host has expired



          Can you attach the output of "cf package list" from the firewall please?


          How is the firewall setup for DNS, split or transparent?


          How are you testing that crl.globalsign.com resolves, it could be that the firewall's processes themselves are not able to resolve the hostname (depending on the configuration) even if you are able to do a dig or nslookup and resolve it.



          • 2. Re: Data for host has expired

            Hi Matt,


            Below are the results from "cf package list".  The firewall is configured for split DNS and I tested the DNS resolution directly from the firewall by running a dig on the hosts.




                                                         Local Packages


                                   CommandCenter Management Version:

            What              When               Status     Description

            ================= ================== ========== =======================================================

            70100             28-Jul-09 05:30    installed  Sidewinder IPv6 Phase 1

            70101             28-Jul-09 05:30    installed  Sidewinder FIPS 140-2 Level 2

            70102             28-Jul-09 05:30    installed  Sidewinder Transparent Firewall with McAfee AV and Profiler

            70102HW01         28-Jul-09 05:30    obsolete   Sidewinder F Model Hardware Support

            70102H03          10-Feb-10 14:26    installed  Sidewinder Profiler

            70102H04          10-Feb-10 14:26    installed  Sidewinder HA DNS

            70102H05          10-Feb-10 14:26    obsolete   Sidewinder Scanner DAT file descriptor leak

            70102H08          10-Feb-10 14:26    obsolete   Sidewinder Apply P3 to BIND 9.4.3 to fix DoS

            70102H09          10-Feb-10 14:26    obsolete   Sidewinder Hardware Enhancements

            70102H11          04-Mar-10 00:49    obsolete   Sidewinder TCP fastpath fix

            70102H12          04-Mar-10 00:49    installed  Sidewinder Improve resilience against renegotiation attacks

            70102E27          18-Mar-10 08:48    installed  Sidewinder Significantly improve GUI Network Objects and Rules screens' performance.

            70102H14          15-Dec-10 06:52    installed  Sidewinder Improve IPS signature set coverage

            70102H15          15-Dec-10 06:52    installed  Sidewinder make fast path smarter

            70102H16          15-Dec-10 06:52    installed  Sidewinder TE support for CC 5.0 new packet capture feature

            70102H17          15-Dec-10 06:52    installed  Sidewinder fix traceback in config reporter

            70102HW02         15-Dec-10 06:52    obsolete   Sidewinder Rev B - New network hardware (updated em and ix drivers, new igb driver)

            70102CC4000706    11-Jan-11 09:37    installed  Sidewinder CommandCenter 70102CC4000706

            70102CC5100104    12-Jan-11 09:52    installed  Sidewinder CommandCenter 70102CC5100104

            70102E138         01-Feb-11 12:01    installed  Sidewinder Make acld no long blocking a query due to host expiration or missing

            70102H19          12-Dec-11 23:31    obsolete   Sidewinder NTPD, kernel, avupdate.pyc maintenance patch

            70102H20          12-Dec-11 23:31    installed  Sidewinder NTPD, avupdate, Kernel and Hardware Patch

            70102H21          06-Dec-11 14:14    loaded     Sidewinder Restore MBR

            70102H22          12-Dec-11 23:31    installed  Sidewinder bind maintenance patch

            • 3. Re: Data for host has expired



              Interesting. Ok, I think that the best bet would be to contact support and open a case. I can see two possible problems here:


              1) the process responsible for host objects (hostd) is not able to resolve that name, even though a dig works properly

              2) there is a problem with the hostd process thinking that the object is not resolving when it is


              Do you have any other host objects? Are they having the same issue?



              • 4. Re: Data for host has expired

                Thanks for the quick response.  I'll get a case opened. 


                We do have a rather large number of host objects defined and, although I haven't verified, it appears we are getting a message for each one.

                • 5. Re: Data for host has expired

                  You should upgrade your firewalls to 70103H08 because there are fixes for hostd in the later versions.  Also, 70102 is no longer supported.