I have used for quite some time domain names in the firewall address lists.
Lately I have started monitoring my devices with syslog and I am seeing that every second the RouterOS device is sending a DNS query for all the domains in the address lists.
I assumed that the device will do that a bit smarter ie only when the ttl of the record is reached it will run a dns query.
Has anyone else have seen this? Maybe anyone have seen any documentation regrading the behavior of the address lists dns resolution?