If a DNS server exists that cannot resolve all host names, it might return a list of authoritative DNS servers instead of a DNS A record that contains an IP address. To avoid problems with this type of DNS server configuration, configure the ProxySG Appliance to recursively query authoritative DNS servers.

To enable DNS recursion:

• Go to Configuration -> Network -> DNS -> Groups.
• Put a check mark next to Enable DNS Recursion.

Now, when this type of response is sent from a DNS server, the appliance will follow the recursive DNS string to resolve the address.  User requests will then flow as expected.  If this resolves the issue but ends up causing minor browsing delays, consider configuring a public DNS server as the  primary resolver and set internal DNS server to be authoritative for internal domains.  

Steps to do this are as follows:

• Go to Configuration > Network > DNS > Groups.
• Select the primary DNS server entry and click Edit.
• Define the top DNS server listed as a public address, (such as Google's 8.8.8.8)
• On the second line in the Servers field, enter an internal DNS server
• In the Domains box on the right, add an asterisk (*) as the domain for the public DNS server.
• internal DNS server, add internal domains (e.g., my.example.com, example.com) 
• Click OK and Apply.

This will ensure that the organization's DNS server is only queried for requests that incorporate the internal domain names.  All other queries will be sent to the public DNS server for name resolution.