Transparent Proxy and geolocation DNS?

(Holger) #1


Our customer has a transparent Zscaler proxy. The clients do Name resolution. They use a central DNS forwarder but have local Internet access with tunnels to Zscaler. The central DNS forwarder has it’s own central Internet Access.
Do you have a solution for geolocation DNS (required by Microsoft) and transparent Zscaler proxy?
Many thanks for your feedback

(Yogi Chandiramani) #2


With version 5.5 we redo a DNS lookup for O365 content by looking at the SNI header; This allows to resolve to the closest Microsoft node based to the ZEN proxying the connection.
With 5.6 release we are broadening this capability by enabling DNS optimization by categories.

(Holger) #3


Many thanks for your feedback.
Is my understanding correct: the DNS lookup based on SNI header in 5.5 will re-write the resolved IP? Does this work with Microsoft encryption of O365 traffic?

Kind regards