Why is the router repeatedly calling out to www.netgear.com?

I captured nine hours of Wide Area Network (WAN) traffic from my Orbi. (over 800mb).

Yes, my Orbi does a DNS query for "netgear.com" just a few seconds past every five minutes.

After examining some of the DNS responses, I see that the "Time to Live" reported by CloudFront is a little over 11 minutes.

So, what appears to be happening is:

• For some reason, the Orbi wants to keep the IP address for netgear.com in its DNS cache, and
• The DNS "Time to Live" is only about 11 minutes, so
• The Orbi waits until almost half of the time has gone by and updates the DNS cache.

It is a common practice to use a short "Time to Live" on DNS in order to facilitate "Fail Over" systems.  i.e. if for some reason a primary server fails and we want traffic to use a backup server quickly, then we need to have a short Time to Live.  Imagine if customer computers "know" that our server will be at a certain IP address for 24 hours.  When each customer computer's DNS cache gets down to 12 hours remaining, it will perform a DNS request, "where is...?"  If they all got our DNS location randomly, then some will renew very soon and some will not renew for almost 12 hours.  That means if our primary server goes down, some customers will continue to look for the broken server (and be out of service) for almost 12 hours.

With a Time to Live of 11 minutes, the longest a customer would be out of service is only about 5 minutes.

I do not know that this is what Netgear intends, nor why the Orbi wants to have "netgear.com" in the DNS cache in the first place, but given the DNS response, I can see why the Orbi does a DNS query so often.

I did NOT notice my Orbi contacting netgear.com, but I also quit looking at the Wireshark capture after discovering this pattern of DNS queries.