Create exceptions with Cloud SWG DNS Proxy and the '' Pseudo-Domain"
search cancel

Create exceptions with Cloud SWG DNS Proxy and the '' Pseudo-Domain"


Article ID: 366895


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Users are unable to do a DNS PTR lookup when using Symantec Agents with Cloud SWG DNS proxy enabled.


Cloud SWG with DNS Proxy.

Symantec Agents : Enterprise Agent, WSS Agent, SEP Agent Tunnel Mode.


The default setting of DNS proxy doesn't automatically bypass private domains/IP because it lacks knowledge of these domains/IP.

Maintaining internal reverse DNS servers is not a common practice for many.


To exempt reverse DNS lookups effectively, it's essential to utilize the appropriate "" address. See Private network under additional information

For instance, exempting "" will directly route any reverse DNS request for addresses within the 172.28.x.x range, bypassing the DNS proxy altogether.

This approach ensures that internal reverse DNS queries are handled efficiently and without unnecessary proxying, optimizing network performance and reliability.

In the Cloud SWG Portal > Connectivity > DNS Exemptions > Add

You will need to add the require  "" internal address.

Note: You will need to do this if you are maintaining internal reverse DNS servers. As a result, these domains are often treated as DNS zone files internally, resulting in exemptions for everything under them.

Additional Information