If you have an existing remote network deployment, you can continue to use the DNS resolution methods that you already have in place, or you can use

Prisma Access

to proxy the DNS request. Proxying the DNS requests allows you to send DNS requests for public domains to one server and send DNS request for internal domains to another server.

The following figure shows a DNS request to a deployment where an internal DNS server is used to process requests for both internal and external domains. The remote network IP address is 35.1.1.1 and the

EBGP Router

IP address is 172.1.1.1. In this case,

Prisma Access

does not proxy the requests and, if the internal DNS server does not use NAT, the source IP of the DNS request is 10.1.1.1 (the IP address of Client 1’s device in the remote network site).

If

Prisma Access

proxies the DNS request, the source IP addresses of the proxied DNS requests changes to the

EBGP Router Address

for internal requests and the Service IP Address of the remote network connection for external requests, as shown in the following figure.