Change DNS A record of forward-zone

So I have installed UCS and have configured it as my primary domain controller with my domain.

I have registered my own public domain name, lets call it ‘’, which I use to host my ucs and nextcloud server. I thought it would be a cool idea to also use this name for my local domain. Usually you would call your local domain something like ‘example.local’, but I didnt, I used ‘’ for my local domain. This shouldnt be a problem as long as I own this domain name.

my local ucs server behind my NAT router:

fqdn: ucs.example .com

The default dns forward zone looks like this:

root@ucs:~# udm dns/forward_zone list

DN: zoneName=example .com,cn=dns,dc=example,dc=com
contact: root@example .com.
expire: 7 days
nameserver: ucs.example .com.
refresh: 8 hours
retry: 2 hours
serial: 51
ttl: 3 hours
zone: example .com
zonettl: 3 hours

The a-record of this zone points to, which is the static ip of the local interface of my ucs.

I changed the a-record of the forward zone so it points to the ip of my nginx-reverse-proxy, but after some time the old a-record is getting re-added by some ucs automatism.

Question: is there a good reason that this a-record needs to point to the ip of my ucs ? Can i change this a-record to point to a different ip, e.g. to …which is my nginx reverse-proxy ?


usually it is not a very good idea to use the same domain name because they have each a different “master” who is the authoritative guy for this zone. Imagine, having a single zone with two authorized masters… no good.
(and indeed, using “.local” is not even better)
Best way is to use your local zone as a subzone of you official one (i.e. “”)
But yes, you will have to reinstall your UCS for this to take place…



thanks for the quick answer ! So the A record of a zone is apparently used to identify the dns by its ip, I see. Thanks.

… almost done reinstalling :slight_smile: