On 2026-04-10 John Lange wrote:
My guess would be that zscaler is proxying DNS traffic for many of its customers causing the traffic to appear to originate from the same locations even though it may be many individual customers making the queries. They have many proxies spread around the world and customers can choose which exit points they want their traffic to proxied from.
But from what I've read about zscaler they intercept DNS traffic to their own servers which run security filters on it and thus should also be a caching recursive resolver? That would not behave like we're seeing, unless something was wrong. But if zscaler is just a a glorified for-pay tor, then that's another thing altogether. And if they allow bad actors as customers, well then they'll end up just as bad as tor? We're making inquiries... but so far no response. A long-distance call may end up being required; of course you'll only be able to reach some clueless sales person... If this is a bad actor using their servers as proxies just hitting our DNS a whackton, even if zscaler is aware it may be hard for them to track down and fix. Oh ya, in my last email I said "triple cost", but I forget to write: In Real Money.