Computer objects: dnsEntryZoneForward empty

Hi all,

we’re facing a strange behavior concerning dnsEntryZoneForward in our environment (UCS 4.4-6, samba4, samba4 DNS backend).
We added some new Windows 10 clients to the UCS domain. Each of them had 2 IP adresses (Both ethernet and wifi). Within weeks we noticed that some clients lost their DNS-forward records. That leads to the problem, that software like antivirus servers or opsi, couldn’t reach these clients anymore.

In UMC you can see the empty entries:
grafik

With udm it looks like that:

dnsEntryZoneForward: zoneName=some.domain.de,cn=dns,dc=some,dc=domain,dc=de 192.168.113.12
  dnsEntryZoneReverse: zoneName=168.192.in-addr.arpa,cn=dns,dc=some,dc=domain=de 192.168.0.180
  dnsEntryZoneReverse: zoneName=168.192.in-addr.arpa,cn=dns,dc=some,dc=domain,dc=de 192.168.0.209

The IP 192.168.113.12 was the clients adress, when it was connected via VPN. Of course that 192.168.113 subnet is not managed by our UCS servers. I’d like to know if there is a way to tell these clients not to change the zone-entries in UCS?

Cheers

Sebastian

I wonder if our UCS DNS-Servers have to know the VPN Subnet, if a client is connected to the UCS environment in the office?