Computer objects: dnsEntryZoneForward empty

Hi all,

we’re facing a strange behavior concerning dnsEntryZoneForward in our environment (UCS 4.4-6, samba4, samba4 DNS backend).
We added some new Windows 10 clients to the UCS domain. Each of them had 2 IP adresses (Both ethernet and wifi). Within weeks we noticed that some clients lost their DNS-forward records. That leads to the problem, that software like antivirus servers or opsi, couldn’t reach these clients anymore.

In UMC you can see the empty entries:

With udm it looks like that:


The IP was the clients adress, when it was connected via VPN. Of course that 192.168.113 subnet is not managed by our UCS servers. I’d like to know if there is a way to tell these clients not to change the zone-entries in UCS?



I wonder if our UCS DNS-Servers have to know the VPN Subnet, if a client is connected to the UCS environment in the office?