icon-zia.svg
Secure Internet and SaaS Access (ZIA)

Understanding Zscaler Authoritative DNS Servers

Zscaler authoritative DNS servers support EDNS0 client subnet options of the EDNS0 protocol. To learn more, refer to RFC 7871: Client Subnet in DNS Queries and RFC 2671: Extension Mechanisms for DNS (EDNS0). These authoritative DNS servers can accurately identify the origin of the DNS requests by looking into the client subnet options and return precise DNS responses based on the user's location.

For example, let's consider a client from a remote location in South Africa requesting DNS resolution for gateway.zscalertwo.net using the Google public DNS (8.8.8.8). The request is routed to the nearest Google data center in Switzerland. The DNS recursive resolver in Switzerland then contacts the zscalertwo authoritative name servers located in Washington D.C. If the client request includes the client subnet options, then the authoritative DNS server in Washington D.C. identifies the client's origin. It then returns the Virtual IP address (VIP) of the Zscaler data center in Johannesburg or Capetown, whichever is the closest one to the client in South Africa.

This feature helps significantly reduce the latency between the users and Zscaler PoP by routing the users to the nearest PoP. It widely benefits the end users who use public DNS servers such as OpenDNS, Google, Infoblox, and so on.

Related Articles
Choosing Traffic Forwarding MethodsBest Practices for Traffic ForwardingHandling DNS Resolution for Various Traffic Forwarding MethodsUnderstanding Zscaler Authoritative DNS ServersAbout SubcloudsUnderstanding SubcloudsEditing a SubcloudAbout Data Center Exclusion Based on Traffic Forwarding MethodExcluding a Data Center Based on Traffic Forwarding MethodAbout Static IPSelf-Provisioning of Static IP AddressesImporting Static IP Address from a CSV FileUnderstanding Multi-Cluster Load SharingUnderstanding Proxy ModeDetermining Optimal MTU for GRE or IPSec TunnelsImplementing Zscaler in No-Default Route EnvironmentsVerifying a User's Traffic is Being Forwarded to the Zscaler ServiceAlternative Options to Caching Web TrafficTroubleshooting Users' Traffic not Going to the Nearest ZIA Public Service EdgeConfiguring Disaster RecoveryZscaler Traffic Bypasses