Users get a 'DNS_PROBE_FINISHED_NXDOMAIN' error message when they browse the Internet, however, the page does load successfully if you try it several times.
This issue only happens when connected through the WSS Agent (WSSA).
This site can't be reached: DNS_PROBE_FINISHED_NXDOMAIN
Cloud Secure Web Gateway (Cloud SWG, formerly WSS)
If the computer prefers IPv6 over IPv4 and if the "Allow IPv6 traffic" option is disabled in the Cloud SWG Portal, then this issue can occur.
NOTE: For stronger security with WSSA, it is recommended that "Allow IPv6 traffic" be DISABLED.
If the computer prefers IPv6, then DNS queries are first attempted with AAAA (IPv6) DNS requests...instead of A (IPv4) DNS queries. And if "Allow IPv6 traffic" is disabled (recommended), then IPv6 DNS queries are blocked...which results in the "NXDOMAIN" error. This is expected behavior.
There are a few potential solutions to this issue. And it may require a combination of these to fully resolve the issue: