DNS Data Types and Filters

You work with DNS data types and filters to define the DNS traffic information that you want to view in a dashboard or report widget or when analyzing charts in Analytics > DNS Insights.

When you add or edit a widget in a dashboard or report and select DNS in the Widget Settings dialog, you select a data type to view from the Data Type menu and apply filters that you choose from the Add Filter menu.

Screenshot of Data Type and Filters menus for Zscaler New Widget window

In the Analytics > DNS Insights page, you select a data type to view from the menu above the chart and apply filters that you choose from the Add Filter menu on the left pane.

Screenshot of Data Type and Filters menus for Zscaler DNS Insights

Following are the DNS types and their associated filters. Click a data type to learn more about it and its associated filters.

Displays data about the action that the service took on your organization's traffic. You can view either the number of sessions or bytes. You can apply the following filters:

  • Action: Use this filter to view data about traffic that the service either allowed or blocked due to the firewall policy.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • IP Domain Category: Use this filter to limit the data to the traffic associated with the URL category of the requested domain.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

 

Displays data on the traffic associated with a specific client IP address. You can apply the following filters:

  • Action: Use this filter to view data about traffic that the service either allowed or blocked due to the DNS policy.
  • Client IP: Use this filter to view data about traffic associated with a specific client IP address.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • DNS Request Type: Use this filter to limit the data to the traffic associated with a specific type of DNS request. Choose the request type from the list.
  • DNS Response: Use this filter to limit the data to the traffic associated with a specific DNS response.
  • IP Domain Category: Use this filter to limit the data to the traffic associated with the URL category of the requested domain.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • Request Duration: Use this filter to limit the data to the traffic associated with the specified request duration.
  • Requested Domain: Use this filter to limit the data to the traffic associated with the domain for which DNS resolution was requested.
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server IP: Use this filter to limit the data to traffic associated with a specific server IP address.
  • Server Port: se this filter to limit the data to traffic associated with a specific server port.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

 

Displays data on the traffic associated with a specific department. You can apply the filters listed below.

  • Action: Use this filter to view data about traffic that the service either allowed or blocked due to the firewall policy.
  • Client IP: Use this filter to view data about traffic associated with a specific client IP address.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • DNS Request Type: Use this filter to limit the data to the traffic associated with a specific type of DNS request. Choose the request type from the list.
  • DNS Response: Use this filter to limit the data to the traffic associated with a specific DNS response.
  • IP Domain Category: Use this filter to limit the data to the traffic associated with the URL category of the requested domain.
  • Request Duration: Use this filter to limit the data to the traffic associated with the specified request duration.
  • Requested Domain: Use this filter to limit the data to the traffic associated with the domain for which DNS resolution was requested
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server IP: Use this filter to limit the data to traffic associated with a specific server IP address.
  • Server Port: se this filter to limit the data to traffic associated with a specific server port.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

 

  • Action: Use this filter to view data about traffic that the service either allowed or blocked due to the firewall policy.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • IP Domain Category: Use this filter to limit the data to the traffic associated with the URL category of the requested domain.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

 

Displays data about a location's DNS traffic. You can apply the filters listed below.

  • Action: Use this filter to view data about traffic that the service either allowed or blocked due to the firewall policy.
  • Client IP: Use this filter to view data about traffic associated with a specific client IP address.,
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • DNS Request Type: Use this filter to limit the data to the traffic associated with a specific type of DNS request. Choose the request type from the list.
  • DNS Response: Use this filter to limit the data to the traffic associated with a specific DNS response.
  • IP Domain Category: Use this filter to limit the data to the traffic associated with the URL category of the requested domain.
  • Request Duration: Use this filter to limit the data to the traffic associated with the specified request duration.
  • Requested Domain: Use this filter to limit the data to the traffic associated with the domain for which DNS resolution was requested
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server IP: Use this filter to limit the data to traffic associated with a specific server IP address.
  • Server Port: se this filter to limit the data to traffic associated with a specific server port.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

 

Displays data about traffic associated with specific rules in the DNS Control policy.

  • Action: Use this filter to limit the data to traffic that was either allowed or blocked due to the DNS policy.
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • Location: Use this filter to limit the data to a location's traffic. Choose a location from the list of Internet gateway locations specified in the Locations page. The list includes Road Warrior, the default location for transactions that did not originate from a predefined location. This filter lists 200 results at a time. Use the Search function to find a specific location.
  • Rule Name: Use this filter to limit the data to specific rules in the DNS policy. Choose the rules from the list
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.

 

Displays data about traffic associated with a specific user. You can apply the filters listed below.

  • Action: Use this filter to view data about traffic that the service either allowed or blocked due to the firewall policy.
  • Client IP: Use this filter to view data about traffic associated with a specific client IP address.,
  • Department: Use this filter to limit the data to the traffic of a specific department. It lists 200 results at a time. Use the Search function to find a specific department.
  • DNS Request Type: Use this filter to limit the data to the traffic associated with a specific type of DNS request. Choose the request type from the list.
  • DNS Response: Use this filter to limit the data to the traffic associated with a specific DNS response.
  • IP Domain Category: Use this filter to limit the data to the traffic associated with the URL category of the requested domain.
  • Request Duration: Use this filter to limit the data to the traffic associated with the specified request duration.
  • Requested Domain: Use this filter to limit the data to the traffic associated with the domain for which DNS resolution was requested
  • Rule Name: Use this filter to limit the data to specific rules in the firewall policy. Choose the rules from the list.
  • Server IP: Use this filter to limit the data to traffic associated with a specific server IP address.
  • Server Port: se this filter to limit the data to traffic associated with a specific server port.
  • User: Use this filter to limit the data to the traffic of specific users. Choose the user names from the list.
    If applicable, enable Exclude Location to limit data to only users. By default, user-related widgets include locations and users.