If you have an existing remote network deployment, you can continue to use the DNS resolution methods that you already have in place, or you can use Prisma Access to proxy the DNS request. Proxying the DNS requests allows you to send DNS requests for public domains to one server and send DNS request for internal domains to another server.

The following figure shows a DNS request to a deployment where an internal DNS server is used to process requests for both internal and external domains. The remote network IP address is 35.1.1.1 and the EBGP Router IP address is 172.1.1.1. In this case, Prisma Access does not proxy the requests and, if the internal DNS server does not use NAT, the source IP of the DNS request is 10.1.1.1 (the IP address of Client 1’s device in the remote network site).

If Prisma Access proxies the DNS request, the source IP addresses of the proxied DNS requests changes to the EBGP Router Address for internal requests and the Service IP Addressof the remote network connection for external requests, as shown in the following figure.