When proxy is configured to use an internal/local DNS server that does not have forwarding enabled, the DNS Health Check will fail.
The ProxySG is configured to use an internal/local DNS server that does not have forwarding enabled nor any DNS records for the public domains.
The ProxySG DNS Health check sends a DNS query to the configured DNS server for symantec.com or bluecoat.com, depending on the SGOS version.
If the configured DNS server is an internal DNS server with no forwarding configured nor public records, it will respond with "Host not found" for symantec.com or blue.com, which results in a Health Check failure on the Proxy and thus making this DNS server unusable.
To address this issue, configure the DNS Server's Health Check on the Proxy to perform a DNS Health Check on a known Fully Qualified Domain Name (FQDN) in the DNS query.
To configure the health check through the Management Console GUI:
In the Host section select: "Use defined Host"
Enter a known FQDN (i.e. Domain.local, company.com) that matches your Active Directory DNS Domain name or use a specified host (server1.company.com), or an FQDN which the DNS server has a DNS record.
4. Click OK and Apply the Changes.
This will allow the Proxy to query a domain or host that the internal DNS server can resolve thus preventing the service from changing to a failed state.