I wanted to deploy ZPA for around 50 users and I have my AD domain as example.com. So my AD server is 172.16.3.5 which prim.example.com. Now we already have Infoblox DNS firewall deployed (with IP address 172.16.3.100) and AD being a authoritative DNS server forwards all recursive query to Infoblox.
Now my query is; if user moved out of office and connect to ZPA to access internal office resourced; will my recursive queries still be forwarded to on-prem Infoblox appliance? Or only queries related to *.example.com will be forwarde to 172.16.3.5.
I want all my DNS queries to be monitored from users hence wondering what changes do I need to perform?