diff --git a/intel/entity.go b/intel/entity.go
index 0394d96c..c1685377 100644
--- a/intel/entity.go
+++ b/intel/entity.go
@@ -60,6 +60,7 @@ type Entity struct { //nolint:maligned
 	IP net.IP
 
 	// IPScope holds the network scope of the IP.
+	// For DNS requests, this signifies in which scope the DNS request was resolved.
 	IPScope netutils.IPScope
 
 	// Country holds the country the IP address (ASN) is
diff --git a/nameserver/nameserver.go b/nameserver/nameserver.go
index a13e98cd..19251007 100644
--- a/nameserver/nameserver.go
+++ b/nameserver/nameserver.go
@@ -22,7 +22,7 @@ import (
 var hostname string
 
 func handleRequestAsWorker(w dns.ResponseWriter, query *dns.Msg) {
-	err := module.RunWorker("dns request", func(ctx context.Context) error {
+	err := module.RunWorker("handle dns request", func(ctx context.Context) error {
 		return handleRequest(ctx, w, query)
 	})
 	if err != nil {
@@ -187,6 +187,13 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 		if rrCache != nil {
 			conn.DNSContext = rrCache.ToDNSRequestContext()
 			conn.Resolver = rrCache.Resolver
+			conn.Entity.IPScope = rrCache.Resolver.IPScope
+		} else {
+			// Get resolvers for this query to determine the resolving scope.
+			resolvers, _, _ := resolver.GetResolversInScope(ctx, q)
+			if len(resolvers) > 0 {
+				conn.Entity.IPScope = resolvers[0].Info.IPScope
+			}
 		}
 
 		switch conn.Verdict.Active {
@@ -297,11 +304,14 @@ func handleRequest(ctx context.Context, w dns.ResponseWriter, request *dns.Msg)
 		return reply(nsutil.ServerFailure("internal error: empty reply"))
 	case rrCache.RCode == dns.RcodeNameError:
 		// Try alternatives domain names for unofficial domain spaces.
-		rrCache = checkAlternativeCaches(ctx, q)
-		if rrCache == nil {
+		altRRCache := checkAlternativeCaches(ctx, q)
+		if altRRCache != nil {
+			rrCache = altRRCache
+		} else {
 			// Return now if NXDomain.
 			return reply(nsutil.NxDomain("no answer found (NXDomain)"))
 		}
+
 	}
 
 	// Check with firewall again after resolving.
diff --git a/network/connection.go b/network/connection.go
index f19422d8..1d9edd11 100644
--- a/network/connection.go
+++ b/network/connection.go
@@ -325,8 +325,9 @@ func NewConnectionFromDNSRequest(ctx context.Context, fqdn string, cnames []stri
 		Scope: fqdn,
 		PID:   proc.Pid,
 		Entity: &intel.Entity{
-			Domain: fqdn,
-			CNAME:  cnames,
+			Domain:  fqdn,
+			CNAME:   cnames,
+			IPScope: netutils.Global, // Assign a global IP scope as default.
 		},
 		process:        proc,
 		ProcessContext: getProcessContext(ctx, proc),
@@ -367,8 +368,9 @@ func NewConnectionFromExternalDNSRequest(ctx context.Context, fqdn string, cname
 		Scope:    fqdn,
 		PID:      process.NetworkHostProcessID,
 		Entity: &intel.Entity{
-			Domain: fqdn,
-			CNAME:  cnames,
+			Domain:  fqdn,
+			CNAME:   cnames,
+			IPScope: netutils.Global, // Assign a global IP scope as default.
 		},
 		process:        remoteHost,
 		ProcessContext: getProcessContext(ctx, remoteHost),