When accessing a site (example: https://www.moea.gov.tw/) through the Web Security Service,  the exception page returns a "dns_server_failure" error.

 

dns_server_failure

The Web Security Service DNS servers are configured to use DNSSEC. If the domain (in our example: www.moea.gov.tw) fails when using DNSSEC or the service is misconfigured then the Web Security Service will process the event as a failure returning an error.

For Unified Agent clients and Explicit Proxy:

Within the ThreatPulse portal, access Services > Network > Bypassed Site > Bypassed Domains and add the affected domain (in our example: gov.tw) as a bypassed domain. 

The workaround for the rest of the access methods is to talk to the person responsible for the DNS setup for the affected site so they can configure the service properly.