Can we proxy DNS request through ZCC and apply policy on returned values?

We basically want ZPA to send only RFC 1918 to a ZPA wildcard domain? Names, not Ip/Networks? Customer doesn’t have a way, aka subdomain, to distinguish public Internet vs internal if they use a wildcard domain to discover apps. If they send everything to ZPA, it will break their public facing websites. Creating a bypass segment won’t work either as they don’t even know the URL’s that need to be excluded from ZPA other than if it’s based on private IP’s.

In other words, we want ZCC to proxy DNS requests and if the response IP is within 1918 space we forward to ZPA or else let the external sites go direct. How can I enable this solution?

1 Like