The ProxySG appliance doesn't send a UDP port 53 response to client by PCAP.
Please check whether reflect_client_IP is enabled.
- The DNS response is transfered to the TCP proxy service if the response data is over 512 bytes.
- The DNS server sends the TCP DNS response to the client directly by reflect_client_IP config.
- The client PC will respond with RST packet.
You can disable reflect_client_IP with the below CPLpolicy.
---------------------------------------
<dns-proxy>
Reflect_ip(no)
---------------------------------------