Team,
Good morning.
Is there a reason I'm getting DNS Leakage? Did I forget something in my configuration
See screenshots below.
Thanks.
+1Hi SECPROCEO,
Thank you for sharing this. This issue is something we have noticed too and have been chasing this for a while. We use another paid DNS service for our internal servers and other devices to which no Netskope client is deployed. A few months ago, our DNS administrator informed us that our internal DNS provider notified us we were oversubscribed and wanted to charge us a hefty bill for the additional usage. When we investigated this we found several PCs which had the Netskope client installed and also in a configuration with the DNS Traffic Steering to “All DNS Traffic” leaking some DNS traffic. Not all the DNS traffic is being intercepted by Netskope as it should be.
I opened up two high-priority tickets with Netskope Support, case 00571932 on 10/7/25 which was auto-closed and then another case 00585083 on 11/19/25, which too was auto closed. Both times were closed due to me taking a while to respond, as I guess I was not able to capture logs in time with users, but that's a different story. It was tricky to determine which user to capture logs from since it was not consistently reproducible.
Anyways, I came across this issue while opening up a third ticket. I believe I do have the logs that Netskope support wants (with Log Level set to Debug and Inner/Outer Packet captures) which hopefully leads to a resolution and helps resolve your issue as well. :)
Thanks again
Jon Lerma
I found the issue.
There are two different Netskope DNS subscriptions.
The configuration above just monitors DNS traffic. You have to get the (DNSaaS) security subscription to encrypt queries.
More information here:
https://docs.netskope.com/en/dns-as-a-service-dnsaas
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
