Hi @smutel,
It sounds like there is an NXDOMAIN response being cached somewhere which results in the corporate DNS not picking up on new services when they come online.
Consul should be returning an NXDOMAIN response when it receives a query for a service which no longer exists. The authority section of that response will also contain an SOA record which has a TTL field that specifies how long to cache the negative response (defined by dns_config.soa.min_ttl). By default this value is zero.
Have you changed this in Consul to a higher value (which would explain the caching)? If not, can you verify that the BIND servers are seeing a TTL of 0 in the response from dnsmasq? If they’re seeing a different value, then you may want to dig into where that is coming from.