DNS traffic may be blocked at client when Endpoint Protection is installed
Article ID: 162178
DNS traffic may be blocked at client when Symantec Endpoint Protection (SEP) is installed. There is a built-in SEP firewall rule "Enable Smart DNS" that should allow DNS traffic automatically without the need for explicit rules; even though this feature is enabled DNS traffic is sometimes seen as blocked in logs by the "Block all other traffic" rule.
The SEP Smart DNS feature sometimes does not correctly recognize and allow DNS traffic if the packets are using DNS compression. This has been fixed in SEP 12.1 RU6.
Upgrade to SEP 12.1 RU6.
If an upgrade is not possible then as a work-around create a firewall rule that explicitly allows DNS traffic. Disabling Smart DNS is not necessary for the work-around, and leaving it enabled is best in case clients are upgraded to RU6 and the explicit rule is removed.
Note that Smart DNS will never block anything; it is an “allow” mechanism only, and anything it doesn’t allow is handled by other firewall rules.