diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py
index 62de85a..b6de1fb 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/computers/domaincontroller_master.py
@@ -659,12 +659,7 @@ def rewrite(filter, mapping):
 
 def lookup_filter(filter_s=None, lo=None):
 	filter_s = univention.admin.filter.replace_fqdn_filter(filter_s)
-	if str(filter_s).find('(dnsAlias=') != -1:
-		filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)
-		if filter_s:
-			return lookup_filter(filter_s, lo)
-		else:
-			return None
+	filter_s = univention.admin.handlers.dns.alias.lookup_alias_filter(lo, filter_s)
 	lookup_filter_obj = \
 		univention.admin.filter.conjunction('&', [
 			univention.admin.filter.expression('objectClass', 'univentionHost'),
diff --git a/management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/alias.py b/management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/alias.py
index c3b183a..4029bb2 100644
--- a/management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/alias.py
+++ b/management/univention-directory-manager-modules/modules/univention/admin/handlers/dns/alias.py
@@ -134,8 +134,7 @@ def _ldap_post_remove(self):
 		self._updateZone()
 
 
-def lookup(co, lo, filter_s, base='', superordinate=None, scope="sub", unique=False, required=False, timeout=-1, sizelimit=0):
-
+def _lookup_filter(filter_s=None, lo=None):  # don't expose as lookup_filter because the superordinate argument is missing!
 	filter = univention.admin.filter.conjunction('&', [
 		univention.admin.filter.expression('objectClass', 'dNSZone'),
 		univention.admin.filter.conjunction('!', [univention.admin.filter.expression('relativeDomainName', '@')]),
@@ -146,14 +145,19 @@ def lookup(co, lo, filter_s, base='', superordinate=None, scope="sub", unique=Fa
 		univention.admin.filter.expression('cNAMERecord', '*')
 	])
 
-	if superordinate:
-		filter.expressions.append(univention.admin.filter.expression('zoneName', superordinate.mapping.mapValue('zone', superordinate['zone'])))
-
 	if filter_s:
 		filter_p = univention.admin.filter.parse(filter_s)
 		univention.admin.filter.walk(filter_p, univention.admin.mapping.mapRewrite, arg=mapping)
 		filter.expressions.append(filter_p)
 
+	return filter
+
+
+def lookup(co, lo, filter_s, base='', superordinate=None, scope="sub", unique=False, required=False, timeout=-1, sizelimit=0):
+	filter = _lookup_filter(filter_s)
+	if superordinate:
+		filter.expressions.append(univention.admin.filter.expression('zoneName', superordinate.mapping.mapValue('zone', superordinate['zone'])))
+
 	res = []
 	for dn, attrs in lo.search(unicode(filter), base, scope, [], unique, required, timeout, sizelimit):
 		res.append((object(co, lo, None, dn=dn, superordinate=superordinate, attributes=attrs)))
@@ -166,29 +170,15 @@ def identify(dn, attr, canonical=0):
 
 
 def lookup_alias_filter(lo, filter_s):
-	_re = re.compile('(.*)\(dnsAlias=([^=,]+)\)(.*)')
-	match = _re.match(str(filter_s))
-	filterlist = []
-	if match:
-		filter_p = univention.admin.filter.parse('name=%s' % match.group(2))
-		univention.admin.filter.walk(filter_p, univention.admin.mapping.mapRewrite, arg=mapping)  # map property to ldap attribute
-		alias_filter = univention.admin.filter.conjunction('&', [		# from dns/alias.lookup
-			univention.admin.filter.expression('objectClass', 'dNSZone'),
-			univention.admin.filter.conjunction('!', [univention.admin.filter.expression('relativeDomainName', '@')]),
-			univention.admin.filter.conjunction('!', [univention.admin.filter.expression('zoneName', '*.in-addr.arpa')]),
-			univention.admin.filter.expression('CNAMERecord', '*')
-		])
-		alias_filter.expressions.append(filter_p)
+	alias_pattern = re.compile('(?:^|\()dnsAlias=([^)]+)($|\))', flags=re.I)
+
+	def _replace_alias_filter(match):
+		alias_filter = _lookup_filter('name=%s' % match.group(1), lo)
 		alias_filter_s = unicode(alias_filter)
-		alias_base = unicode(lo.base)					# std dns container might be a better choice
-		for dn, attrs in lo.search(base=alias_base, scope='sub', filter=alias_filter_s, attr=['cNAMERecord']):
-			cname = attrs['cNAMERecord'][0]
-			cn_filter = filter_format('(cn=%s)', [cname.split('.', 1)[0]])
-			if cn_filter not in filterlist:
-				filterlist.append(cn_filter)
-		if len(filterlist) > 0:
-			return match.group(1) + '(|' + string.join(filterlist, '') + ')' + match.group(3)
-		else:
-			return ''
-	else:
-		return filter_s
+		alias_base = unicode(lo.base)  # standard dns container might be a better choice
+
+		unmatchable_filter = '(&(cn=NOT)(!(cn=NOT)))'  # if no computers for aliases found, return an impossible filter!
+		alias_replaced = ''.join(set(filter_format('(cn=%s)', [attrs['cNAMERecord'][0].split('.', 1)[0]]) for dn, attrs in lo.search(base=alias_base, scope='sub', filter=alias_filter_s, attr=['cNAMERecord'])))
+		return '(|%s)' % (alias_replaced,) if alias_replaced else unmatchable_filter
+
+	return alias_pattern.sub(_replace_alias_filter, str(filter_s))