Iterative setup of internal DNS to have client visibility in DNS logs

My customer has an internal Microsoft DNS running on a domain controller. The branch office with the MS DNS has an IPSEC tunnel to ZScaler. The clients in the branch office do have the MS DNS as the DNS resolver. In addition to that DNS control is configured to block malicious DNS requests. When using a forwarder from the MS DNS the logfiles in ZScaler show the IP of the local DNS. My customer wants to see the IP of the end-point that is doing the original query.

According to:

an iterative configuration results in a setup where the DNS requests come to Zscaler from the client IP address.

Does anyone know the steps how to configure this iterative configuration?