Zscaler private access and Infoblox DNS RPZ

Hi Team,

I wanted to deploy ZPA for around 50 users and I have my AD domain as example.com. So my AD server is 172.16.3.5 which prim.example.com. Now we already have Infoblox DNS firewall deployed (with IP address 172.16.3.100) and AD being a authoritative DNS server forwards all recursive query to Infoblox.

Now my query is; if user moved out of office and connect to ZPA to access internal office resourced; will my recursive queries still be forwarded to on-prem Infoblox appliance? Or only queries related to *.example.com will be forwarde to 172.16.3.5.

I want all my DNS queries to be monitored from users hence wondering what changes do I need to perform?

TIA