Hi all,
I'm changing our internet access infrastructure and have hit upon a bit on an issue. For security reasons, we do not allow our internal clients to resolve external addresses at all, servers that need to do this can (via a caching proxy that has a forwarder for any internal addresses).
However, we use zscaler now and need to also use zscaler for 'road warriors' (users with company laptops outside the corporate network. To do this we will be making use of a pac file, which is hosted at zscaler. This means when internal they need to access this file as well.
in short pac.zscaler.net must be resolvable at all times, but no other external addresses must be available to resolve when internal.
What I have done is created a new primary zone on our AD servers for 'pac.zscaler.net' and added a blank A record with the IP address as the server... however zscaler provides about 20 ip addresses for their PAC file location.
Can I add 20 different ip addresses to the primary zone 'pac.zscaler.com' on my internal network? if so, how will clients pick the IP address to resolve to? Round robin?
Thanks for any help!