Make DNS work for you—not for bad actors
Uncover and stop hidden threats
that deliver malware, steal data, and disrupt operations
Ensure unbeatable performance
and availability with rapid DNS resolution
Maintain complete visibility
over DNS traffic, including detailed, context-rich logs
The Problem
Legacy firewalls let attacks like DNS tunneling and DNS spoofing go undetected
Surges in traffic from remote work, cloud applications, and IoT/OT devices have driven an exponential increase in DNS resolutions—creating too many requests for traditional firewalls to screen effectively. These firewalls can't inspect DNS or DNS over HTTPS (DoH) traffic for threats without slowing it to a crawl. Instead, they allow it, giving attackers a new way to carry out stealthy DNS spoofing, DDoS attacks, phishing, and more.
Stop DNS-based attacks with monitoring and protection at scale
Zscaler DNS Security filters risky and malicious domains and stops the use of DNS tunneling to distribute malware and steal data. As part of the cloud native Zscaler Zero Trust Firewall, it provides full coverage across all ports and protocols without compromising performance.
Best-in-class filtering and AI-powered DoH inspection
Inspect all DNS traffic and enforce inline DNS tunnel protection. Detect and stop data theft, stop attacks hiding in DoH, and comply with domain and IP address categorization.
Complete visibility over all DNS traffic
Investigate DNS transactions with confidence through context-rich data and forensically complete logs. Support zero trust with context, strict authentication, continual policy checks, and adaptive real-time enforcement.
Lightning-fast, secure DNS resolution and high availability
Support productivity and reliable access to location-based content for all users and devices. Ensure a great user experience with DNS gateway to third-party resolvers.
Empower and secure your workforce and operations
Gain robust protection
against attacks such as DNS spoofing, DNS tunneling, phishing, malware distribution, DDoS, and more.
Ensure a great user experience
with requests resolved at the edge, and content delivered by the optimal CDN in local language and currency.
Simplify regulatory compliance
with various mandates and practices for data retention and logging, as well as evolving standards like Protective DNS (PDNS).
Reduce total cost of ownership (TCO)
with no hardware or software to manage. 100% cloud-delivered DNS Security lets admins focus on impactful tasks over maintenance.
Solution Details
Strengthen DNS security and optimize performance
Granular Filtering
Prevent or thwart DNS-based attacks with customizable actions and granular filtering rules for DNS queries sent over any protocol.
AI-Powered Inspection
Find and stop hidden attacks. Unlimited inline traffic inspection, machine learning, and native TLS/SSL decryption prevent stealthy threats and terminate malicious connections.
Trusted DNS Resolvers
Speed up DNS resolution and improve the user experience. Zscaler Trusted Resolvers (ZTR) are delivered as close to the user as possible from more than 150 edge locations.
DNS Gateway
Translate plaintext DNS requests to DoH for privacy and security. Direct DoH traffic to PDNS resolvers that analyze and block requests to malicious domains.
DNS Tunnel Detection
Find and stop DNS tunnels used to control malware and exfiltrate data with an advanced detection engine.
Flexible Failover and Error Handling
Ensure users maintain reliable, high-speed access with automatic failover options and configurable error handling to support high availability.
Outsmart adversaries while improving user experience
Detect threats early and throughout the attack life cycle. Provide inline protection against advanced DNS tunneling and data exfiltration techniques.
Enhance incident response, investigation, and threat hunting with forensically complete logs and contextually rich data.
Increase business agility and resilience to support digital transformation and cloud adoption with a segmentation-centric, identity- and access-focused framework.
Give your users first-rate, highly available DNS resolution and location-based content through EDNS Client Subnet (ECS) injection, no matter where they connect.
Experience the power of the Zscaler Zero Trust Exchange
A comprehensive platform to secure, simplify, and transform your business
01 Risk Management
Reduce risk, and detect and contain breaches, with actionable insights from a unified platform
02 Cyberthreat Protection
Protect users, devices, and workloads against compromise and lateral threat movement
03 Data Protection
Leverage full TLS/SSL inspection at scale for complete data protection across the SSE platform
04 Zero Trust for Branch and Cloud
Connect users, devices, and workloads between and within the branch, cloud, and data center
Request a demo
Let our experts show you how you can prevent DNS-based attacks with powerful DNS security and control.