I just wanted to thank everyone who contributed to this thread and offered suggestions. It really shows what a great community we have here around IPFire.
I’ve resolved the issue, and as it turns out, DNS wasn’t the root cause after all. I know many of you suspected as much—and I agreed—but the symptoms really seemed to point in that direction, especially since the only way I could get the device to connect was by changing DNS settings. (Why that worked temporarily is still a mystery.)
The real clue came when I noticed that every time the DHCP lease expired, the device would drop off the network again. Digging into the IPS logs, I found that when the lease renewed, the system was flagging a rule: ET USER_AGENTS Go HTTP Client User-Agent. Apparently, the device tries to “phone home” with a specific user agent, and this rule was interfering.
Disabling that IPS rule solved the problem completely. It turns out that particular user agent is absolutely essential for the device’s connectivity—so much so that without it, the device won’t connect to a network at all, not even over a wired connection.
Thanks again for the help and ideas—really appreciated.