KB43815 - Frequent fqdnacl process failure after upgrading to 9.0R1 - 9.0R2

This article describes an issue where the following event frequently appears in the event log after upgrading to 9.0R1: "Program fqdnacl recently failed".  

After upgrading to Pulse Connect Secure 9.0R1 or 9.0R2, the admin may notice that the following event is being generated in the event log frequently:

Critical    ERR31093    2018-07-03 08:56:11 - Pulse01 - [127.0.0.1] System()[] - Program fqdnacl recently failed.

There are two issues that can trigger a fqdnacl child process to crash:

1.  Processing DNS packets with IP options with a packet length more than 20 bytes and FQDN-based ACLs are configured. (PRS-364920)  
2.  Processing DNS response packets which are fragmented and FQDN-based ACLs are configured. (PRS-375079)

To resolve the first problem, please upgrade to the following Pulse Connect Secure versions:

• Pulse Connect Secure 9.0R3 and above

For the second problem with handling fragmentation of DNS response packets there will be a code fix in 9.1R3/9.0R5 so that these packets will be dropped rather than processed.