FQDN Expire cache by TTL look back and questions

PeterUK

So I have used FQDN in the past a lot and back when it was released had asked for some changes some was done others were not.

One of the changes was when FQDN TTL is 0 and gets removed from the Cache that the firewall session continues which I'm guessing hold true for FLEX H?

The other problem was BWM like on my VPN300 where when FQDN TTL is 0 and gets removed from the Cache it no longer BWM even when the session is still active. This is something I would like to be looked into if hopefully FQDN gets added to BWM.

Moving on it seems problems that where problems have been improved by by some sites like youtube and twitch where by when they give you a IP to stream of a live video you TTL the IP and when it gets to 0 the browser re-looks up the DNS for that video which adds TTL and so the the FQDN Cache gets updated.

But not all sites do this like Zyxel site to do with *.amazonaws.com links where navigating the site does not load for some time until you disable Expire cache by TTL then it works! But having done that over time there was over 500 IP's for just *.amazonaws.com which brings me to a important question is there a total limit of IP's for FQDN wildcard the FLEX H can handle?

But maybe another way to solve this then Expire cache by TTL and keep IP's forever is to set a custom TTL to remove IP's from list and reset the TTL if seem again.

Thanks

Zyxel_Melen

Hi @PeterUK

I'm checking your questions and I want to check which FQDNs did you encounter the issue in your third question? Could you list some FQDN with us?

Additionally, about the BWM support FQDN, I have created an idea post and our team is under evaluating.

PeterUK

Would that be the navigating Zyxel site? or BWM with FQDN on current models?

So I have a FQDN allow list like a lot for HTTPS access then a block rule for HTTPS.