pfSense

Tested on the client machine with 23.09.1 installed, the ticket for reference #2297130372

target IP 82.xx.xx.137

I see the action on Jan 18

Jan 18 15:46:03 PFSENSE filterdns[12332]: merge_config: configuration reload
Jan 18 15:46:03 PFSENSE filterdns[12332]:     Adding Action: pf table: Redacted host: 82.xx.xx.137

I'm certain it's in the config for Jan 25

01. 1/25/24 09:40:36    v23.3    admin@172.xx.xx.2 (Local Database)
    Edited a firewall alias.

        <alias>
            <name>Redacted</name>
            <type>host</type>
            <address>82.xx.xx.137 81.xx.xx.230 80.xx.xx.135 185.xx.xx.223 212.xx.xx.41 176.xx.xx.252 93.x.xx.102 80.xx.xx.30 82.xx.xx.168 176.xx.xx.19 88.xx.xx.155 109.xx.xx.168 78.xx.xx.34 37.xx.xx.25 90.xx.xx.125 xxx.freeddns.org xx.ddnsfree.com 86.xx.xx.93 78.xx.xx.56 90.xx.xx.122 78.xx.xx.47 82.xx.xx.14 145.xx.xx.57 81.xx.xx.180 145.xx.xx.66 77.xx.xx.62 163.xx.xx.119 90.xx.xx.44 194.xx.xx.2 82.xx.xx.168 176.xx.xx.26 147.xx.xx.94 164.xx.xx.9 xx.freeddns.org xx.mywire.org 92.xx.xx.85</address>
            <descr></descr>

But it disappears from the log

Jan 25 18:23:04 PFSENSE filterdns[12332]: merge_config: configuration reload

It was fixed when the client changed this IP to 82.xx.xx.138 saved alias and swapped it back to 82.xx.xx.137

Jan 25 18:27:05 PFSENSE filterdns[12332]: merge_config: configuration reload
Jan 25 18:27:05 PFSENSE filterdns[12332]:     Adding Action: pf table: Redacted host: 82.xx.xx.137

The same was happens with the FQDN record on the second device.
The position of record in the list doesn't matter. It's not repeatable on demand which makes difficult future troubleshooting