icon-zpa.svg
Secure Private Access (ZPA)

Adding DNS Search Domains

As necessary, DNS search domains can be added as suffixes to application names to create fully qualified domain names (FQDNs). This is analogous to the DNS search suffixes in a DHCP scope for adding suffixes to non-FQDN (i.e., shortname) hosts. The DNS search domains are processed in sequence on the Zscaler Client Connector. For a complete list of ranges and limits for DNS suffixes, see About Ranges & Limitations.

Defining DNS search domains for applications is not required. However, when you configure an application segment, the FQDNs or wildcard discovery domains you enter must match your DNS search domains.

Zscaler recommends you are aware of the following when adding DNS search domains within Microtenants:

  • DNS search domains are unique per customer.

  • When configuring Microtenants, DNS search domains that are added in the default tenant are inherited across Microtenants.

To add DNS search domains:

  1. Go to Resource Management > Application Management > Application Segments or Browser Access or Segment Groups.
  2. Click DNS Search Domains.

The DNS Search Domains window appears.

  1. In the DNS Search Domains window, enter the FQDN.

A trailing dot (.) is not supported when adding DNS search domains. For example, the domain example.safemarch.com. is not valid.

  1. (Optional) If you need Zscaler Client Connector to resolve invalid domains as NXDOMAIN (non-existent domain), select Domain Validation in Zscaler Client Connector. To learn more, see Domain Validation in Zscaler Client Connector for ZPA Applications.

This setting is only applied if your users are running Zscaler Client Connector 1.5.1 or later.

Click Add More to enter additional DNS search domains. If you need to remove a domain, hover over the field and click the Remove icon (Remove icon within the ZPA Admin Portal).

Add and Remove Buttons in DNS Search Domains Window within ZPA Admin Portal

  1. Click Save.
Related Articles
About ApplicationsConfiguring Defined Application SegmentsEditing Defined Application SegmentsAbout AI-Powered Recommendations for Application SegmentsConfiguring AI-Powered RecommendationsMerging AI-Powered RecommendationsSharing Defined Application SegmentsConfiguring AI-Powered Recommendations SettingsValidating a Client HostnameAdding DNS Search DomainsSetting Application Segment Configuration WarningsAbout AppProtection ApplicationsAbout Privileged Remote Access Applications About Application DiscoveryAbout Application AccessUnderstanding Double EncryptionUnderstanding Health ReportingDefining a Dynamically Discovered ApplicationConfiguring Bypass SettingsDisabling Access to ApplicationsUnderstanding Source IP Anchoring DirectUsing Application Segment MultimatchAbout Application Segment ImportUsing Application Segment ImportMerging Imported Application Segments