To learn more, refer to rfc 7871 Zscaler’s dns feature allows users to manage dns records, set up dns filters, and perform dns lookups within their zscaler network Client subnet in dns queries and rfc 2671
Brad Mondo & Sophia Lacorte (@bradsophiafans) • Instagram photos and videos
Extension mechanisms for dns (edns0).
One of the approaches we’ve taken to resolve this, is by creating a whole new wireless network, and setting only external dns on it
This method works, but it does require users to join this wifi network, and sometimes, they don’t join it and it breaks their access. For a full tunnel vpn to work the vpn client either has to define a second routing table (rule based routing) or define routing exemptions for the vpn endpoints Zscaler seems to do the latter. We would like to create a firewall rule with zscaler ngfw, which would allow our internally dns servers to query zscaler dns servers, instead of google dns servers.
Set the dns server to something other than zscaler shift If your internal dns server redirects to shift, then use a public dns server Zscaler dns security filters risky and malicious domains and stops the use of dns tunneling to distribute malware and steal data As part of the cloud native zscaler zero trust firewall, it provides full coverage across all ports and protocols without compromising performance.
