DNS is returning a round-robin response and IPs listed in the response have been re-ordered. However, the EdgeSWG continues to connect to the original IP. 

This is an intended behavior to preserve client-affinity to a particular server, even when DNS is returning a round-robin response and IPs listed in the response have been re-ordered.

Every time an entry expires in the DNS cache, it has to be refreshed from the server when a client next makes a request for the website.  When the response comes back from the DNS server the EdgeSWG checks whether.

1. The number of address entries is the same
2. The entries in the list are the same despite possible re-ordering

If both are true, the EdgeSWG leaves the entry in the DNS cache as-is and we simply reset the expiry time. By preserving the order, the client-IP hash that is used to select the address for a given client will not change.

The purpose of the feature is to try and preserve client-affinity to a particular server, and thereby avoid breaking web applications.

If preferred, the default behavior can be overridden via the following change in the CLI:

#(config)dns client-affinity disable

With the above setting applied, ordinary DNS round-robin will be used.

To learn more about this setting, reference this article: # (config) dns