DNS Security

Superior DNS filtering and security with fast resolution for today’s digital world

DNS Security delivers enterprise-grade DNS control and filtering with rapid resolution for unbeatable performance and availability with the industry’s most comprehensive cloud native security service edge (SSE) platform.

Why It Matters

Sophisticated DNS-based attacks bypass legacy security tools

The Domain Name System (DNS) is integral to how we use the internet, but as a decades-old service, it’s being tested in the modern digital world. Surging traffic from hybrid and remote work, cloud applications, and IoT/OT devices greatly impacts DNS performance and availability—and DNS is a popular vector for threat actors to exploit. Commonly found in firewall allowlists, DNS and now DNS over HTTP/S (DoH) can easily mask DNS attacks. Without monitoring and protection at scale, adversaries can deliver threats and exfiltrate data undetected.


Sophisticated DNS-based attacks bypass legacy security tools
Benefits
Optimize DNS performance while improving security
Performance
Lightning-fast DNS resolution and consistent high availability
Deliver unbeatable and secure DNS resolution through Zscaler Trusted Resolvers while providing high availability, hyper-specific location-based content for all users and devices. Give your users the best experience with DNS gateway to third-party resolvers.
Security
DNS security and filtering across all stages of the kill chain
Leave no stone unturned: proxy all DNS traffic to Zscaler for inspection at scale and inline DNS tunnel protection. Detect and stop data exfiltration, stop sneaky DNS attacks hiding in DNS over HTTPS (DoH), and ensure compliance with domain and IP address categorization.
Visibility
Complete visibility over all DNS traffic
Investigate all DNS transactions with confidence through context-rich data and forensically complete logs. Establish zero trust network access (ZTNA) with context, strict user authentication, and continual policy checks while terminating malicious connections with adaptive, real-time policy enforcement.
HOW IT WORKS
How Zscaler DNS Security works
Zscaler Trusted DNS Resolvers
Zscaler Trusted DNS Resolvers
Zscaler Trusted Resolvers (ZTR) speed up DNS resolution and improve user experience by bringing resolvers closer to the user at more than 150 edge locations.
DNS Gateway
DNS Gateway
DNS Gateway translates all plaintext DNS requests to DNS over HTTPS (DoH) for privacy and security. It also directs DoH traffic to Protective DNS (PDNS) resolvers that analyze and block requests to malicious domains.
Granular Filtering
Granular Filtering
DNS Security features granular filtering rules for DNS queries sent over any protocol and customizable actions designed to prevent or thwart DNS-based attacks.
DNS Tunnel Detection
DNS Tunnel Detection
Zscaler’s advanced detection engine finds and stops DNS tunnels used to control malware and exfiltrate data.

DNS Deployment Architecture

DNS Deployment Architecture
Use Cases

Outsmart adversaries while improving user experience

Reliable access and resolution quality

No matter where your users connect, give them first-rate, highly available DNS resolution and location-based content through ECS injection.


Defend against DNS attacks and data exfiltration

Detect threats early and throughout the attack kill chain, providing inline protection against advanced DNS tunneling and data exfiltration techniques.


Reduce total cost of ownership (TCO)

100% cloud-delivered DNS Security has no hardware or software to manage, letting your administrators focus on more critical tasks while reducing infrastructure costs.


Improve incident response and remediation

Forensically complete logs and contextually rich data enhance incident response (IR), forensics, and threat hunting.


Comply with industry standards and zero trust

The segmentation-centric, identity- and access-focused framework allows you to increase agility and resilience, enabling business initiatives such as digital transformation and cloud adoption.


Take the next step

Let our experts show you how you can prevent modern DNS attacks with Zscaler DNS Control.