To learn more, refer to rfc 7871 Client subnet in dns queries and rfc 2671 Extension mechanisms for dns (edns0). One of the approaches we’ve taken to resolve this, is by creating a whole new wireless network, and setting only external dns on it This method works, but it does require users to join this wifi network, and sometimes, they don’t join it and it breaks their access. For a full tunnel vpn to work the vpn client either has to define a second routing table (rule based routing) or define routing exemptions for the vpn endpoints
Zscaler seems to do the latter. We would like to create a firewall rule with zscaler ngfw, which would allow our internally dns servers to query zscaler dns servers, instead of google dns servers. Set the dns server to something other than zscaler shift If your internal dns server redirects to shift, then use a public dns server Zscaler dns security filters risky and malicious domains and stops the use of dns tunneling to distribute malware and steal data As part of the cloud native zscaler zero trust firewall, it provides full coverage across all ports and protocols without compromising performance.
However, optimizing dns lookup performance is crucial for ensuring fast application response times, reducing latency, and preventing potential security breaches.
WATCH
