Zscaler, ZAPP, Local Breakouts and DNS

So I am currently having a discussion with an enterprise customer about moving to local breakouts for all internet traffic and one of the topics that popped up is DNS. They currently do it for traffic that is explicitly proxied (the Zscaler node resolves DNS) but would ideally like to send all traffic via the Zscaler service.

We arrived on the topic of DNS Server locations and the main stumbling point was that the geolocation/localization information provided by DNS would only work completely if we had a DNS server at every location that had a local breakout to the internet.

Their current DNS setup is basically hub and spoke with DNS servers sitting at centralized locations and branches eventually resolving via one of these. deployment of dns servers at each location would be a lot of additional effort.

So i was looking to see how others have approached this.

Hi Mark,

You can use PAC files for the clients, in addition to a GRE tunnel, to let the DNS resolution happend at the Zen node. In this scenario the clients send the whole request to a ZEN Node. And e.g. with the Microsoft-Recommended Office 365 One Click Configuration activated Zscaler overrides the destination IP of Office 365 traffic with the closest CDN destination for the Office 365 application…, see https://help.zscaler.com/zia/about-microsoft-one-click-options.

Best Regards,
Patrick

We have a similar challenge with our local breakout. We are using a DNS forwarder at each site to handle our split-DNS configurations. Internal name resolution gets sent back to the hub DNS while everything else gets sent to Zscaler.