I'm using DNSMASQ with IPSETs to enable wildcard firewall rules. I reference the DNSMASQ IPSET with External (Advanced) alias firewall rules.
There seems to be a delay affecting the firewall rule ability to recognize newly resolved IP addresses. Once the DNS query gets answered, the client immediately tries to connect to the destination but the firewall rule rejects the IP. It seems that OPNsense has not yet recognized the updated DNSMASQ IP address resolved for the IPSET.
After a short while it works again, but this is becoming a problem for us.
Is this an expected behavior? Or am I doing something wrong?