We have users in office who use Zscaler via GRE tunnel. DNS Control is setup to allow DNS resolution.
If a user (or a malware) issues a DNS request explicitly targeting an internet DNS Server, we would like that to be redirected to Zscaler.
So “nslookup www.amazon.com 22.214.171.124” should not go to 126.96.36.199. Instead we want to redirect it to Zscaler for resolution.
We tried using a DNS Control policy with Action=Redirect and redirect server as one of the Global ZEN VIP: 188.8.131.52 but that fails.
Please advise how to redirect to Zscaler in such cases.