What version are the NSAgents? We dealt with these issues but way back around R105/106. We had to do a global JAMF disable of IPv6 at one point.

Were using latest 109, this issue appeared to be a problem in 108 as well when we deployed NS in org. 

Our org is predominantly Macintosh (thousands and thousands) and we haven't seen any of these issues since R105/106. Is anything in the logs?

Stuff like this:
2023/10/18 10:48:21.862277 stAgentNE p434 t53767 critical nsDNSProcessor.cpp:149 dnsProcessor Failed to get DNS resolver values
2023/10/18 10:48:21.993231 stAgentNE p434 t16007 info networkMonitor.cpp:358 networkMonitor New Network Change event received
2023/10/18 10:48:21.994177 stAgentNE p434 t16007 info networkMonitor.cpp:337 networkMonitor Best route interface new ip 0.0.0.0

Netskope support is blaming the dongles, but there are no issues with NS is disabled. 

You don't happen to also use a VPN software like Global Protect/Any Connect do you?

We use a version of openVPN (Pritunl). But we have at least 2 users that don't use it and are still having same issue.   The VPN client is bypassed per NS recommendations. 

Curious, are you still actively shutting off ipv6 via JAMF on your fleet?

@mdmeow12123 am only disabling IPv6 on specific clients when DNS failures occur. It seems to only affect those clients using a public IPv6 address (starts with 2001:xxxx) and with some ISP's or some Android phone hotspots. For these reasons, we have not disabled IPv6 for everyone. Also, this was only reported for our Windows clients. 

Why did you ask if they were using a VPN such as GlobalProtect/AnyConnect?  Is there something that is conflicting between the two?