I am not sure if this still a problem, but have you looked at creating a FlexConfig to not inspect DNS traffic? If this what you are after?https://www.cisco.com/c/en/us/td/docs/security/firepower/623/fdm/fptd-fdm-config-guide-623/fptd-fdm-advanced.ht...