When forwarding DNS traffic to ZIA, how does Zscaler handle DNSSEC and DNSSEC validation?
- Does the Zscaler Trusted Resolver validate DNSSEC? If so, does it honor the CD Flag to disable DNSSEC validation?
- Are there any configurable options regarding negative trust anchors for bogus domains? Are negative trust anchors global or per-tenant?
In case they are global, is there a list of negative trust anchors we can consult?
Does Zscaler add custom negative trust anchors based on individual requests?
- Is there a way to disable DNSSEC for specific users?