I have disable DNS trap feature because I have no use internal DNS.
When I verify the log I see some request not block in the same protection name.
Keep in mind Anti-Bot is primarily a post-infection blade.
If a machine is looking up a potentially sketchy hostname via DNS, the machine could already be infected.
By default, we do classification in the background.
In the cases where there was a Prevent, the DNS name was in the gateway's local cache.
In the case where it was Detect, it wasn't immediately in the cache.
More discussion about this topic here: Threat Prevention dns trap and resource categorization
Retrieving data ...