FQDN Expire cache by TTL look back and questions

PeterUK

Ok but there is still a problem with Expire cache by TTL enabled system where even if the TTL is 5 seconds it should be put in cache so that when the client uses the IP of that 5 seconds TTL IP it should be allowed yes? But thats not whats happening and so I have to disable Expire cache by TTL.

All I'm asking is to extend the TTL by another counter from the DNS TTL counter the USG keeps track of such the lookup happens IP get added to FQDN cache and its real TTL is 5 seconds then you just extend it by more TTL for just the FQDN cache not the DNS and if the DNS to IP is looked up again reset and extend again.

Also I'm saying is it normal for first time pulling a DNS record thats a 5 second TTL is normal? Such that Zyxel may want to look into why their DNS record for *.amazonaws.com is so low.

Thanks

Edit looking deeper

So one could say the browser is the problem but this is a problem all browsers likely share by using DNS lookups that the TTL has long Expired.

like in this instants this of:

s3-w.us-east-1.amazonaws.com

with 5 second TTL answers

was answered at Sep 18, 2025 17:04:28.344606000 GMT Summer Time

then

zyxel-channel-library.s3.amazonaws.com

with 5 second TTL answers

was answered Sep 18, 2025 17:04:30.330104000 GMT Summer Time

Now this is not 5 second apart so both should be cached but it seem the first is not causing SYN to port 443 to IP 52.217.170.65 to be blocked. However the connection to that IP was at Sep 18, 2025 17:05:03.885549000 GMT Summer Time which the TTL would have Expired anyway yet the browser still tries.

So the problem is not ideal but a fix like I said would work instead of disable Expire cache by TTL is by extending TTL option.

In fact will non H models get a Expire cache by TTL option?