Event details

Dive deep into Zero Trust DNS, a new security feature that enables enterprise IT administrators to natively enforce domain-name-based network access controls on their Windows endpoints. Learn how to ...
Heather_Poulsen
Updated Mar 17, 2026
Technical Takeoff
C00kieMonster's avatar
C00kieMonster
Brass Contributor
Mar 04, 2026

Any issues or conflicts with Zscaler (ZIA, ZPA, and GRE tunnels), NAT64, DNS64, and/or IPv6-only networks?

  • AditiPatange's avatar
    AditiPatange
    Icon for Microsoft rankMicrosoft
    Mar 23, 2026

    Thanks for the question!

    ZTDNS operates at the Windows Filtering Platform layer and enforces policy at connection time, before any application traffic is established. Because of this, it’s generally complementary to solutions like SSE like Zscaler as long as they support encrypted DNS and use the system resolver. Traffic to allowed destinations can be routed through GRE tunnels or proxies if the gateway is also resolved by the trusted resolver.

    ZTDNS is also compatible with IPv6‑only environments, including NAT64/DNS64 deployments.