DNS health check fail even if DNS server was tested able to resolve to www.bluecoat.com when querying from PC
DNS health check continue to fail even when a different DNS server (e.g google DNS 22.214.171.124) was configured
The root cause is that a Juniper device in path between the ProxySG and DNS server stripping Queries and Answer headers of DNS response packet from DNS server causing ProxySG to treat DNS response as malform
Below is an example of a standard DNS query response.
Below are 3 possible solutions
1. Solution is to bypass DNS traffic from Juniper device
2. Reroute DNS traffic so that it does not pass through the Juniper device
3. Report incident to Juniper