As an administrator, I would like to understand if the Web security Service accepts DNS queries via its different access methods.
Web Security Service
For most environments, only ports 80, 443, and 8080 are routed to WSS. All other traffic is left at their respective ports and goes through the normal gateway.
Traffic that comes from other ports, such as DNS requests on port 53, will not receive responses and will be dropped by WSS.
Interesting note: for explicit proxy configuration (and explicit-derived pac file configuration) DNS resolution is not needed on the client because the browser sends the http request directly to the proxy using the connect method. This removes the need for DNS resolution which is useful in "closed" network.
The WSS Agent also has features to allow computers to operate from closed network since the WSS Agent 8.1 release (Closed Network documentation link).