The ProxySG appliance event log reports that the primary DNS server continually fails appliance health checks.  

By default, the appliance checks the DNS hostname resolution of www.bluecoat.com every 10 seconds. If your DNS server is unable to resolve www.bluecoat.com to an IP address, that health check fails and reports a health check failure to the appliance. If your DNS server doesn't resolve external names but you want to keep the DNS server in your appliance configuration to resolve internal addresses, you can try to disable the DNS health check as follows: 

1. Select Configuration > Health Checks > General.
2. Select the health check you want to disable and click Edit.
3. On the Edit dialog, select Disabled - Health and click OK.
4. Click Apply to save your changes.

 Refer to KB3022 for more information.

Note: Before disabling the health check, it may be prudent to verify if your appliance can in fact reach your internal DNS server.  You can test this via the appliance CLI (telnet, SSH, or serial console) and issue a ping to the server. If the ping fails, check your network's routing configuration to verify the appropriate 'next hop' router that will send the traffic to your DNS server. Then, configure a static route on the appliance as follows:

1. Select Configuration > Network > Routing.
2. Click the Routing tab.
3. Beside Install Static Routing Table, select Text Editor and click Install. 
4. On the Edit and Install the Static Routing Table dialog, specify the route as follows:
   <DNS Server IP> <subnet mask> <routing gateway>
5. Click Install to save the routing change.  
6. Test the connection to the DNS server again.