Hi.
As mentioned in the article CEC Juniper Community, the SRX will do a DNS request to resolve the IP address for a DNS Host entry in a security policy. It will then keep this IP address for the DNS Host in the security policy until TTL expires.
We are currently seeing issues with this and I wonder if there is some way to see the TTL that the SRX has for a specific DNS Host in a security policy. As the article above mentions, you can see the record but not the TTL.
------------------------------
Best regards
Vidar Stokke
------------------------------