Dom Nik I am seeing the issue with DNS cache as well. I haven't opened a case because I just don't have the time right now, but there is definitely something not right. I have firewall rules that only allow certain WAN destinations based on FQDN. Throughout the day users are saying they can't get to a page. When I look into it, the firewall dropped the cache for the sites and has to re-create it.
thanks for your reply. As I'm a Home User, I can provide you more information/log files etc.
Please let me know, how I can help.
My use case are iOS/macOS Apps which do Certificate Pinning for https connections. I created FW rules with FQDN hosts to allow the access without https scanning for them.
For example, a very common banking app in Germany is "Outbank" (available on iOS and macOS) which tries to phone home to "*.stoegerit.com" and tries to contact all configured banking services with https as well afterwards. The current behavior is as follows:
- Do a FW reboot, FQDN cache is empty
- Open the app - https requests are triggered but will fail
- FW creates the needed FQDN cache entries during first call of the app
- App works 1-2 times afterwards, while the FW chooses the right FW rules with the FQDNs
- After some time the App fails again, while the FW has forgotten the FQDNs for these domains
