I am using WSSA (WSS Agent) as my access method with Cloud SWG (formerly known as WSS), but I am unexpectedly seeing many DNS requests in my access logs or reports.  Why?

When using WSSA with Cloud SWG, we would not normally expect to see DNS requests in the access logs...because with WSSA clients the DNS resolution is handled on the client endpoint (and the DNS requests are not sent up to the Cloud SWG servers).

If browsers have DNS over HTTPS (DoH) enabled, then the DNS requests will be sent to Cloud SWG as encrypted HTTPS requests, and those DNS requests will be seen and logged by the Cloud SWG service.

You can verify the DNS over HTTPS (DoH) settings on your browser per the following settings: 

=====
(Chrome)

chrome://settings/security

"Use secure DNS"

=====
(Firefox)

Settings
->General
->Network Settings
->Settings (button)

"Enable DNS over HTTPS" (checkbox)

=====
(Edge)

Settings
->"Privacy, Search, and Services"
->Security
->"Use secure DNS..."

Enable or Disable DoH on your browser