Resolved! application dns and action reset both
need to understand deeply reset both action by PA for dns query in threat logs
I know PA send the tcp fin to both ends.
But client who is doing dns query if it does not get reply what does it shows there ?
does the client again makes query?
or does PA
...