Secure Internet and SaaS Access (ZIA)
About DNS Application Groups
Watch a video about DNS Application Groups
Through DNS Application Groups, you can create groups based on DNS tunneling traffic as well as other web applications. By allowing or blocking traffic at the DNS level, you gain greater granular control and can create new Firewall policies applied specifically to these groups. To learn more, see Detecting and Controlling DNS Tunnels.
DNS application groups provide the following benefits and enable you to:
- Group legitimate DNS tunnels, commonly blocked DNS tunnels, unrecognized DNS tunnels, and DNS network applications (not to be confused with DPI-based network applications) to manage them collectively in the DNS Control policy.
- Enforce condition-based actions on DNS traffic using the DNS Control policy to protect your network traffic against DNS tunneling.
- Investigate and analyze the DNS tunnels detected in your network using Zscaler DNS logs.
About the DNS Application Group Page
On the DNS Application Group page (Administration > Network Applications), you can do the following:
- Add a DNS application group.
- View a list of all DNS Application Groups. For each group, you can view the following:
- Name: The of your DNS application group. You can sort this column.
- Applications: The DNS tunnel categories, and web applications included in your group.
- Description: The description of the group, if available. You can sort this column.
- Edit a DNS application group.
- Modify the table and its columns.
- Search for a DNS application group.
- Go to the Network Applications page.
- Go to the Network Application Groups page.
