Product documentation
Citrix Secure Private Access™
2507-Current Release 2503 2411 2408 2407 2405 2402
View PDF

Route DNS queries to application-specific resource locations

December 16, 2025
Contributed by: 
C

Administrators can route DNS queries for specific applications directly to their dedicated resource locations. This enables more accurate DNS resolution, intelligent traffic management, and a better user experience. Previously, all DNS queries were routed by default to the geographically nearest available DNS server, regardless of where the application is hosted. This required DNS servers across all resource locations to be synchronized, which is not always achievable.

System requirements

Citrix Secure Access client:

  • macOS - V25.08.1.1 and later (Citrix Downloads), V25.08.1 and later (App Store).
  • Windows - 25.7.1.11 or later.

Feature enablement

The application-specific DNS routing feature is disabled by default. To get the feature enabled for your organization, contact Citrix Support.

Configure routing for DNS queries

After the feature is enabled, you can route DNS queries using one of the following two options:

  • First Available resource location: Retain the legacy behavior where all queries are routed to the geographically closest resource location. Make sure that all DNS servers in all resource locations are synchronized if you choose to use this option.

  • Resource location where application resides: Route to the application specific resource location: you might direct DNS queries to the application’s dedicated resource location based on its host name.

Perform the following steps to configure DNS routing:

  1. Navigate to Settings > DNS > DNS Resolution.

  2. Click Add.

    DNS routing

  3. Select one of the following options:

    • First Available resource location
    • Resource location where application resides
  4. Click Save.

Secure Private Access supports a robust DNS routing fallback mechanism to ensure service continuity. If an application-specific resource location cannot be identified for a given DNS query, the request automatically falls back to a designated fallback route.

Note:

Routing for unmapped or unpublished domains can only be configured if you have set the primary routing choice as Resource location where application resides.

You can configure the fallback mechanism to one of the following options:

  • First available resource location: The nearest geographical resource location.
  • Select resource locations: One of the locations from a list of configured resource locations defined by the administrator.

Configure fallback routing for DNS queries:

  1. Navigate to Settings > DNS > DNS Resolution.

  2. Click Add.

    DNS fallback routing

  3. In Primary routing choice, select Resource location where application resides.

  4. In Fallback routing choice, select one of the following options:

    • First available resource location
    • Select resource locations

    If you select the option Select resource locations, then select the desired resource locations from the list. You can select more than one resource locations.

  5. Click Save.
Route DNS queries to application-specific resource locations
December 16, 2025
Contributed by: 
C
December 16, 2025
Contributed by: 
C

In this article

Site feedback | Your privacy choices footer linkYour Privacy Choices | Privacy and legal terms | Cookie preferences | Consent settings | docs.cloud.com
© 1999- Cloud Software Group, Inc. All rights reserved.