Zscaler Launches New Innovations to Improve Best-In-Class DNS Control

The DNS control features built into the Zscaler Zero Trust Exchange are critical to our fulfillment of that mission. As a cloud-native proxy, the Zscaler Zero Trust Exchange delivers scalable inspection, advanced threat protection, and DNS resolution at more than 150 edge locations for optimal performance and security around the globe.

Today, Zscaler is excited to announce new innovations that further this promise. We’ve made enhancements to the security, availability, flexibility, and performance of our DNS control module, including:

  • DNS encryption of plaintext traffic into DNS-over-HTTPS (DoH) for better privacy and security
  • Availability improvements with enhanced failover capabilities that automatically redirect traffic to a secondary resolver if the primary fails
  • DNS security enhancements including improved DNS tunnel protection to prevent data exfiltration, and enhanced DGA detection to block any command and control malware activities
  • Protective DNS enablement, encrypting and sending all government agency traffic to protective DNS (PDNS) resolvers in alignment with mandates from the NSA, CISA, and the National Cyber Security Centre
  • Better user experience with configurable DNS ECS to provide the best localized resolution based on the country, and to ensure users experience webpages with their local language, content, and currency
  • Enhanced error handling and reporting to provide more control and visibility

Read our DNS Release Blog for more information


To learn more about the top DNS threats facing organizations today (and what to do about them), check out the paper “Decoding Modern DNS Threats