ZScaler Client Connector on Linux and systemd-resolved

I’m using ZScaler Client Connection on Fedora Core 33, which has switched from the traditional /etc/resolve.conf configuration to using systemd-resolved. With this install, the DNS configuration for ZPA does not get updated properly, and I have to manually use “resolvectl” on Linux to set the domain name and DNS server for ZPA to work properly.

Is there any configuration that can be done to make this work properly, or any way to file a feature request to get systemd-resolved support added to ZCC for Linux?

I agree ZSS’ support for systemd-resolved could be improved, there are (at least) four options:

  • ZSS could maintain a systemd-resolved config file in /etc/systemd/resolved.conf.d/
  • ZSS could use resolveconf. On Arch systemd-resolved supports this via systemd-resolvconf.
  • ZSS could call resolvectl to configure the DNS servers.
  • If the system also uses systemd-networkd, then the DNS settings could be configured as a /etc/systemd/network/*.network file
  • Any other methods?

Currently I know two ways to get ZSS to work with systemd-resolved:

  • call resolvectl manually as OP pointed out
  • Don’t symlink /etc/resolv.conf, then systemd-resolved will use /etc/resolv.conf as an input as mentioned here.

I’m using the latter option, though I notice systemd starts off with the internal DNS but then switches to my ISP’s DNS server; which makes internal hostnames unresolvable. Haven’t been able to figure out a good work-around for this so far, apart from calling systemctl restart systemd-resolved.

My setup with /etc/resolve.conf as a file:

❯ cat /etc/resolv.conf
search reno.local group.mycompany.com apac.group.mycompany.com nasa.group.mycompany.com emea.group.mycompany.com mycompany.group home telenet.be
❯ resolvectl status
           Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
    resolv.conf mode: foreign
  Current DNS Server:
         DNS Servers:
Fallback DNS Servers: 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888

Note how systemd-resolved switched to (my ISP’s DNS server, coming in over DHCP). Not sure what triggered the switch.