We have an enterprise product that uses VPN on-demand capabilities for a set of enterprise domains. If users disable the VPN from settings->VPN, the next time VPN comes up is only when they visit an enterprise website. However, due to safaris' DNS cache refresh, when users are trying to visit non-enterprise sites Safari is trying to update the cache and triggering the VPN to come up.
We would like to know if there is a way to avoid this and not bring up the VPN when user is not actually hitting those domains.
Also, when and for what domains Safari refresh the DNS cache?