ZPA client not passing traffic if public DNS record exists

We’ve been seeing an intermittent issue. Our ZPA setup is very simply, one main forwarding profile, very basic wildcard application, etc.

On a few of our applications, there is a public DNS record that exists that is used by certain functions. SOMETIMES, the ZPA client will simply stop passing traffic across the ZPA network for these applications where a public IP DNS record exists for them.

If I do a “nslookup app.domain.com” I get a Zscaler 100.64.x.x IP. However, when I attempt to actually access the application, you can see from a ping or Wireshark capture, it’s attempting to reach the application on the public IP of the DNS record. And of course due to this nothing at all will show in the ZPA diagnostic logs.

And being that these applications only have specific ports open publicly, not the general access, the apps can’t connect using the public IP.

I’ve got a ticket opened with support as well but so far they don’t have an answer. Has anyone seen this? Why would the client not pass application traffic just because a public IP exists for that DNS entry? It’s not a global problem either, it’s isolated and intermittent.

Can you go to administration – App segments – DNS search and add domain.com here select the check box near to that.

Test this, may help.

2 Likes

It appears that has resolved the issue, thank you!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.