The ProxySG appliance doesn't send a UDP port 53 response to client by PCAP.

Please check whether reflect_client_IP is enabled.

- The DNS response is transfered to the TCP proxy service if the response data is over 512 bytes. 
- The DNS server sends the TCP DNS response to the client directly by reflect_client_IP config.
- The client PC will respond with RST packet.

You can disable reflect_client_IP with the below CPLpolicy.
---------------------------------------
<dns-proxy>
    Reflect_ip(no)
---------------------------------------