DNS Security delivers enterprise-grade DNS control and filtering with rapid resolution for unbeatable performance and availability with the industry’s most comprehensive cloud native security service edge (SSE) platform.

Why It Matters

Sophisticated DNS-based attacks bypass legacy security tools

The Domain Name System (DNS) is integral to how we use the internet, but as a decades-old service, it’s being tested in the modern digital world. Surging traffic from hybrid and remote work, cloud applications, and IoT/OT devices greatly impacts DNS performance and availability—and DNS is a popular vector for threat actors to exploit. Commonly found in firewall allowlists, DNS and now DNS over HTTP/S (DoH) can easily mask DNS attacks. Without monitoring and protection at scale, adversaries can deliver threats and exfiltrate data undetected.

Benefits

Optimize DNS performance while improving security

Lightning-fast DNS resolution and consistent high availability

Deliver unbeatable and secure DNS resolution through Zscaler Trusted Resolvers while providing high availability, hyper-specific location-based content for all users and devices. Give your users the best experience with DNS gateway to third-party resolvers.

DNS security and filtering across all stages of the kill chain

Leave no stone unturned: proxy all DNS traffic to Zscaler for inspection at scale and inline DNS tunnel protection. Detect and stop data exfiltration, stop sneaky DNS attacks hiding in DNS over HTTPS (DoH), and ensure compliance with domain and IP address categorization.

Complete visibility over all DNS traffic

Investigate all DNS transactions with confidence through context-rich data and forensically complete logs. Establish zero trust network access (ZTNA) with context, strict user authentication, and continual policy checks while terminating malicious connections with adaptive, real-time policy enforcement.

HOW IT WORKS

How Zscaler DNS Security works

Zscaler Trusted DNS Resolvers

Zscaler Trusted Resolvers (ZTR) speed up DNS resolution and improve user experience by bringing resolvers closer to the user at more than 150 edge locations.

DNS Gateway

DNS Gateway translates all plaintext DNS requests to DNS over HTTPS (DoH) for privacy and security. It also directs DoH traffic to Protective DNS (PDNS) resolvers that analyze and block requests to malicious domains.

Granular Filtering

DNS Security features granular filtering rules for DNS queries sent over any protocol and customizable actions designed to prevent or thwart DNS-based attacks.

DNS Tunnel Detection

Zscaler’s advanced detection engine finds and stops DNS tunnels used to control malware and exfiltrate data.

DNS Deployment Architecture

Use Cases

Outsmart adversaries while improving user experience

No matter where your users connect, give them first-rate, highly available DNS resolution and location-based content through ECS injection.

Defend against DNS attacks and data exfiltration

Detect threats early and throughout the attack kill chain, providing inline protection against advanced DNS tunneling and data exfiltration techniques.

100% cloud-delivered DNS Security has no hardware or software to manage, letting your administrators focus on more critical tasks while reducing infrastructure costs.

Improve incident response and remediation

Forensically complete logs and contextually rich data enhance incident response (IR), forensics, and threat hunting.

Comply with industry standards and zero trust

The segmentation-centric, identity- and access-focused framework allows you to increase agility and resilience, enabling business initiatives such as digital transformation and cloud adoption.