Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Use DNS Prefixes for Countries and Regions to Route Web Traffic

A DNS service, known as the Global Routing Manager (GRM), routes web traffic from your network to instances of Secure Web Gateway on the Points of Presence (PoPs), which are nodes in a worldwide network that has been set up as a cloud platform for this product.

The GRM routes the traffic to the best-available PoP. If a user works from an endpoint within your network that is located in Italy, traffic is routed to the best-available PoP in Europe, rather than in Asia or North America. If this user travels to New York, traffic is routed to a PoP in New York.

To ensure web pages are delivered in appropriately localized versions, you can add country and region prefixes to the domain names that are used to configure the routing. Web traffic is then routed to the best-available PoP that supports the appropriate localization.

The GRM relies on the following information to route web traffic:

  • Geolocation of the user or endpoint

  • DNS request IP address

  • PoP availability

  • Proxy DNS name

The geolocation is needed to achieve the best performance and provide localized webpages that will improve user experience. To achieve a good approximation for the geolocation of an endpoint, the IP address of the endpoint sent with a DNS request to the GRM is important.

The IP address seen on the GRM is usually not the same as the client IP address of an HTTP request. Instead, it is the IP address of the DNS resolver that the endpoint uses.

Issues with this routing can occur if the following applies:

  • You also work with cloud DNS services such as Google DNS or OpenDNS. The geolocation reported for an endpoint might then not be the geolocation where the endpoint is actually located. These cloud DNS services use outbound IP addresses that are geolocated within the United States.
  • You run your own centralized DNS infrastructure in a particular country or region.

The issues that occur here can impact user experience through receiving webpages that are not localized appropriately. For example, a webpage is not delivered in the language that the user expected.

To avoid these issues, you can add DNS prefixes for countries and regions to the domain names that are used to configure the routing. Use of these prefixes ensures that web traffic is routed to the best-available PoP that supports the appropriate localization. This PoP is usually located in the country or region specified by the prefix.

If no PoP is available to support the appropriate localization, the preconfigured fallback is to route the traffic to the best-available PoP regardless of what was specified by the prefix. It is quite unlikely then that no PoP would be available.

Proceed as follows.

  1. Look up the prefix for a country or region in the prefix tables.

    These tables are provided on the status website for Secure Web Gateway, see DNS Prefixes.

    For example, the prefix for Japan is jp.
  2. Use the prefix in a domain name according to the following syntax:

    <prefix>.c<customer ID>

    The customer ID is the eight-digit ID that you obtained from Skyhigh Security when you purchased Secure Web Gateway or another product.

    A domain name with a prefix will then look, for example, like this:

    If you are working with the Hybrid solution for Secure Web Gateway, the syntax is:

    <prefix>.c<customer ID>

    A domain name with a prefix will then look, for example, like this:

Use a prefix, however, only if needed. Using a prefix will overrule the dynamic routing that would be performed by the GRM.

This means that users might experience latency issues when traveling, as web traffic is not necessarily routed to the best-available PoP then, but to the best-available PoP that supports the appropriate localization.

  • Was this article helpful?