Zscaler DNS resolution

(Venkat) #1

Trying to get info and check other options

When I try to resolve the DNS for any internal applications while on off trusted network with Zscaler. It is not resolving the IP address. Firstly, does dns resolution work as expected even while using ZPA for internal applications ?

If it doesnt work, are they changes required to make it work ?

#2

Hi Venkata,
Assuming you’re using the Zapp endpoint agent for ZPA access, the DNS should resolve to a CGNAT (100.64.0.0 address). Generally you don’t want to try and carry DNS from the client to your internal DNS servers via ZPA. The client resolves to CGNAT. The ZPA Connector in your data centers will do local dns resolution for the real IP of the application. The client doesn’t see that part.

(Venkat) #3

Thanks Mike for the information.

(Venkat) #4

Quick question,

Does Zscaler support reverse DNS resolution. As I have a DNS query which will resolve to 100.64 IP from its FDQN on Zscaler and what will be the scenario to overcome if there is a reverse DNS lookup with 100.64 IP as it will not resolve to the our hostname again. Any thoughts on how to resolve this situation ?

Thanks