[qubes-users] Qube-Firewall: How to handle changing IPs?

Hi there,

many large providers use CDNs or similar structures, which results in
the same FQDN being resolved to different IPs.
Afaik the Qube-Firewall-Settings resolve a DNS entry only once (on
add/edit) and internaly use that IP. This is a problem with my
mail-provider (web.de) as well es for Updates of Thunderbird Add-Ons.
Besides workarounds like manually refreshing the firewall settings or
temporary allowing full web access: is there a fix for these issues?

See [1]. It happens less often than one might think though.

[1] https://github.com/QubesOS/qubes-issues/issues/5225

Is there really no approach to fix this? What about a cron job which
checks for a change DNS resolve every now and then and updates the
ip-filter, for example?

Sorry, I just noticed that I missed your answer because you did not
answer me directly, but only to the list. The issue you reference to is
quite long to read and parts of it are several years old, is there
something ready for testing?

You say "less often", for my imap-server imap.web.de this semms to appen
about every second weeks I think.

I mentioned DNS pinning in the very end and posted a working solution there as well.
I personally use it since about back then.