Why is Firewalla making strange DNS requests?

There are two possibilities:

1. Firewalla has a DNS cache built-in. If you turn on features like Family Mode or Ad Block, your DNS queries may appear to be all from Firewalla. It is simply making DNS requests on behalf of your clients.
2. When Firewalla blocks categories, it will need to resolve domain names to find the corresponding IP addresses. For example, if you want to block gambling sites (let's say gambling.com), Firewalla will make a DNS request for the IP address(es) of gambling.com and then insert the IP in the data path for the blocking rule. In certain cases, Firewalla may also cache a shortlist of popular sites for each category. If you choose to block a category, Firewalla will start to find the IP address(es) of each of these sites by making seemingly counterintuitive queries to DNS servers as well. 
   • For example myfirewalla[.]com, it is not owned by firewalla and can be dangerous.  Firewalla will use DNS to resolve this to the IP address and block it automatically using IP block.