On 2026-04-09 03:01, Trevor Cordes wrote:
Does anyone know of zscaler9 and its products? We are getting a large number of DNS lookup hits on our DNS server from zscaler9 sattelites / proxies. They appear to be a security provider who sits MITM to cleanse traffic for corps?
Yes. It is a enterprise focused web content filter service that also provides remote access and internal app fronting.
Are there users of this product in MB, or Canada? Is this a big thing or a little thing? Can anything justify large quantities of DNS queries from them from all over the world? It looks like they intercept DNS and spoof with their own stuff, but if their proxies are caching shouldn't they only produce a sane/normal amount of hits?
Yes there are users in MB and most definitely Canada. Depends on whether their resolver end-points handle TTLs correctly (wasn't always the case) or they have a bug. As to sourcing, could be someone playing with a local resolver or scraper tool that happens to be fronted by their service. Rando guess. -- Sean