diff --git a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py
index acb96b9153..6a6575add0 100644
--- a/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py
+++ b/services/univention-s4-connector/conffiles/etc/univention/s4connector/s4/mapping.py
@@ -626,7 +626,7 @@ s4_mapping = {
 		scope='sub',
 		con_search_filter='(|(objectClass=dnsNode)(objectClass=dnsZone))',
 		dn_mapping_function=[univention.s4connector.s4.dns.dns_dn_mapping],
-		ignore_filter=ignore_filter_from_attr('dc', 'connector/s4/mapping/dns/ignorelist'),
+		ignore_filter=ignore_filter_from_attr(['dc', 'relativeDomainName'], 'connector/s4/mapping/dns/ignorelist'),
 		ignore_subtree=global_ignore_subtree,
 		con_sync_function=univention.s4connector.s4.dns.ucs2con,
 		ucs_sync_function=univention.s4connector.s4.dns.con2ucs,
diff --git a/services/univention-s4-connector/debian/univention-s4-connector.postinst b/services/univention-s4-connector/debian/univention-s4-connector.postinst
index 8efa6e03d9..52cca9735d 100644
--- a/services/univention-s4-connector/debian/univention-s4-connector.postinst
+++ b/services/univention-s4-connector/debian/univention-s4-connector.postinst
@@ -75,7 +75,7 @@ univention-config-registry set connector/s4/listener/dir?/var/lib/univention-con
 							   connector/s4/mapping/group/ignorelist?"Windows Hosts,Authenticated Users,World Authority,Everyone,Null Authority,Nobody,Enterprise Domain Controllers,Remote Interactive Logon,SChannel Authentication,Digest Authentication,Terminal Server User,NTLM Authentication,Other Organization,This Organization,Anonymous Logon,Network Service,Creator Group,Creator Owner,Local Service,Owner Rights,Interactive,Restricted,Network,Service,Dialup,System,Batch,Proxy,IUSR,Self,Console Logon" \
 							   connector/s4/mapping/group/table/Printer-Admins?"Print Operators" \
 							   connector/s4/mapping/container/ignorelist?"mail,kerberos,MicrosoftDNS" \
-							   connector/s4/mapping/dns/ignorelist?"_ldap._tcp.Default-First-Site-Name._site"
+							   connector/s4/mapping/dns/ignorelist?"_ldap._tcp.Default-First-Site-Name._site,_msdcs"
 
 if [ ! -d /var/lib/univention-connector/s4 ]; then
 	mkdir -p /var/lib/univention-connector/s4
@@ -159,10 +159,9 @@ if [ -x /etc/init.d/univention-s4-connector ] && [ -f /usr/share/univention-join
 		fi
 	fi
 
-	# Bug 43397
+	# Bug 43397 - cleanup wrong formatted connector/s4/mapping/dns/ignorelist
 	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 11.0.6-4 ; then
-      # cleanup wrong formatted `connector/s4/mapping/dns/ignorelist`
-      ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" | sed -e 's/^DC=//i' -e 's/,DC=/,/gi')
+		ucr set connector/s4/mapping/dns/ignorelist=$(echo "$connector_s4_mapping_dns_ignorelist" | sed -e 's/^DC=//i' -e 's/,DC=/,/gi')
 	fi
 
 	# Bug 44333
@@ -198,6 +197,11 @@ if [ -x /etc/init.d/univention-s4-connector ] && [ -f /usr/share/univention-join
 	if [ "$skip_final_restart" != "true" ]; then
 		/etc/init.d/univention-s4-connector restart
 	fi
+
+	# Bug 50361 - don't sync the _msdcs DNS glue record
+	if [ "$1" = "configure" -a -n "$2" ] && dpkg --compare-versions "$2" lt 13.0.2-53; then
+		ucr set connector/s4/mapping/dns/ignorelist="${connector_s4_mapping_dns_ignorelist},_msdcs"
+	fi
 fi
 
 exit 0
diff --git a/services/univention-s4-connector/modules/univention/s4connector/s4/mapping.py b/services/univention-s4-connector/modules/univention/s4connector/s4/mapping.py
index 7def916f4c..ae7b0dc5a3 100644
--- a/services/univention-s4-connector/modules/univention/s4connector/s4/mapping.py
+++ b/services/univention-s4-connector/modules/univention/s4connector/s4/mapping.py
@@ -62,7 +62,7 @@ def ignore_filter_from_tmpl(template, ucr_key, default=''):
 	return ''
 
 
-def ignore_filter_from_attr(attribute, ucr_key, default=''):
+def ignore_filter_from_attr(ldap_attributes, ucr_key, default=''):
 	"""
 	Convenience-wrapper around `ignore_filter_from_tmpl()`.
 
@@ -73,7 +73,14 @@ def ignore_filter_from_attr(attribute, ucr_key, default=''):
 	... 'one,two,three')
 	'(|(cn=one)(cn=two)(cn=three))'
 	"""
-	template = '({}={{0!e}})'.format(attribute)
+	if type(ldap_attributes) != list:
+		ldap_attributes = [ldap_attributes]
+
+	template_parts = []
+	for attribute in ldap_attributes:
+		template_parts.append('({}={{0!e}})'.format(attribute))
+	template = ''.join(template_parts)
+
 	return ignore_filter_from_tmpl(template, ucr_key, default)