The access log format contains the "x-dns-cs-dns" and "x-dns-rs-a-records" field names and it does not get populated with DNS-related values.

All the "x-dns..." fields will only be populated if the users are pointing their DNS to the proxy and the proxy intercepts DNS traffic under the proxy services. However, the closest that we have to getting DNS-related information in the access log are "r-ip" and "r-dns" where "r-ip" is the server IP and "r-dns" is the server hostname.

Below is an example of the access log:

#Fields: r-dns r-ip date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes rs-bytes x-virus-id x-bluecoat-application-name x-bluecoat-application-operation x-bluecoat-application-groups cs-threat-risk x-bluecoat-transaction-uuid x-icap-reqmod-header(X-ICAP-Metadata) x-icap-respmod-header(X-ICAP-Metadata) s-supplier-name s-supplier-ip s-supplier-country s-supplier-failures

www.example.com <Server IP address> 2024-08-05 07:51:01 2 <Client_IP> - - - OBSERVED "Technology/Internet;TestCategoryABC" - 200 TCP_ACCELERATED CONNECT - tcp www.example.com 443 / - - "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0" <Proxy IP address> 39 217 0 - "none" "none" "none" 1 f454a9c809b1f5c5-000000000000bc0b-0000000066b08464 - - - - "None" -