DNS Security
Superior DNS filtering and security with fast resolution for today’s digital world
DNS Security delivers enterprise-grade filtering with rapid resolution for unbeatable performance and availability with the industry’s most comprehensive cloud native security service edge (SSE) platform.

Modern DNS attacks overwhelm legacy tools
The Domain Name System (DNS) is integral to how we use the internet, but as a decades-old service, it’s being tested in the modern digital world. Surging traffic from hybrid and remote work, cloud applications, and IoT/OT devices greatly impacts DNS performance and availability—and DNS is a popular vector for threat actors to exploit.
Commonly found in firewall allow lists, DNS and now DNS over HTTP/S (DoH) can easily mask DNS attacks. Without monitoring and protection at scale, adversaries can deliver threats and exfiltrate data undetected.
Optimize DNS performance without compromising on security

Lightning fast DNS resolution and consistently high availability
Deliver unbeatable and secure DNS resolution through Zscaler Trusted Resolvers while providing high availability, hyper-specific location-based content for all users and devices. Give your users the best experience with DNS gateway to third-party resolvers.

DNS security and filtering across all stages of the killchain
Leave no stone unturned: proxy all DNS traffic to Zscaler for inspection at scale and inline DNS tunnel protection. Detect and stop data exfiltration, stop sneaky DNS attacks hiding in DNS over HTTPS (DoH), and ensure compliance with domain and IP address categorization.

Complete visibility over all DNS traffic
Investigate all DNS transactions with confidence through context-rich data and forensically complete logs. Establish zero trust network access with context, strict user authentication, and continual policy checks while terminating malicious connections with adaptive, real-time policy enforcement.
How Zscaler DNS Security compares

Zscaler Trusted DNS Resolvers
Enable Zscaler Trusted Resolver (ZTR) to speed up DNS resolution and improve user experience by bringing resolvers closer to the user at more than 150 edge locations.

Protective DNS
Ensure compliance with various industry, regional, and federal government standards and industry best practices for data retention and logging, and evolving standards like protective DNS (PDNS).

DNS Gateway
Don’t compromise on availability and translation. DNS Security translates all DNS to DoH and directs all requests to a PDNS resolver while providing a failover to a secondary PDNS resolver.

Regionalization with ECS
Enrich end user requests with IP address information that allows resolvers to leverage authoritative DNS. Provide users with fast resolution with exact localized web and application content in their language and currency.
DNS Deployment Architecture
Outsmart adversaries while improving user experience

Reliable access and resolution quality
No matter where your users connect, give them first-rate and highly available DNS resolution and location-based content through ECS injection.

Defend against DNS attacks and data exfiltration
Detect threats early and throughout the attack kill chain, providing inline protection against advanced DNS tunneling and data exfiltration techniques.

Reduce total cost of ownership (TCO)
100% cloud-delivered DNS Security has no hardware or software to manage, letting your administrators focus on more critical tasks while reducing infrastructure costs.

Improve incident response and remediation
Forensically complete logs and contextually rich data enhance incident response (IR), forensics, and threat hunting.

Comply with industry standards and zero trust
The segmentation-centric, identity- and access-focused framework allows you to increase agility and resilience, enabling business initiatives such as digital transformation and cloud adoption.
Outsmart adversaries while improving user experience

Reliable access and resolution quality
No matter where your users connect, give them first-rate and highly available DNS resolution and location-based content through ECS injection.

Defend against DNS attacks and data exfiltration
Detect threats early and throughout the attack kill chain, providing inline protection against advanced DNS tunneling and data exfiltration techniques.

Reduce total cost of ownership (TCO)
100% cloud-delivered DNS Security has no hardware or software to manage, letting your administrators focus on more critical tasks while reducing infrastructure costs.

Improve incident response and remediation
Forensically complete logs and contextually rich data enhance incident response (IR), forensics, and threat hunting.

Comply with industry standards and zero trust
The segmentation-centric, identity- and access-focused framework allows you to increase agility and resilience, enabling business initiatives such as digital transformation and cloud adoption.
Suggested Resources
Take the next step
Experience true zero trust for yourself.