User entered a known invalid server domain in the browser expecting the "DNS unresolved hostname" exception, but instead the default policy denied exception was shown. 

When category "None" is configured to be denied the Edge SWG (ProxySG) will display the Policy Denied Exception instead of the "DNS unresolved hostname" exception. Because the invalid domains are always categorized as "None", the Proxy would evaluate the request, then match the "None" category rule then throw a deny exception page. "DNS unresolved hostname" will not be shown since the proxy has no reason to connect to the server. Hence it will not even perform DNS resolution and will never display the "DNS unresolved hostname" exception. 

In order to display the "DNS unresolved hostname" exception, the proxy must allow uncategorized URLS (allowing the "NONE" category) which allows the proxy to make a connection attempt, which performs DNS resolution. Once the DNS resolution fails the proxy presents the  "DNS unresolved hostname" exception. This is not recommended practice since proxy will be wasting resources performing the DNS lookups for domains that do not exist. Denying uncategorized domains is more efficient.