SRX deny logs show that Android device is doing abusive shit with DNS, like I expected. Loads of deny logs showing the device banging out to Google DNS instead of using the DNS DHCP gave it.
I should have put these rules in place a very long time ago.
(protip: if you also have pi-hole, make sure that's allowed to use external DNS, or "pihole -up" might fail)
@yakkoj I found that my android device was ignoring the DHCP DNS. I had to set it statically in my phone.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!