3.5.4.3.11 DsrUpdateReadOnlyServerDnsRecords (Opnum 48)

The DsrUpdateReadOnlyServerDnsRecords method SHOULD<171> allow an RODC to send a control command to a normal (writable) DC for site-specific and CName types of DNS records update. For registration, site-specific records are for the site in which RODC resides. For the types of DNS records, see [MS-ADTS] section 6.3.2.

 NTSTATUS DsrUpdateReadOnlyServerDnsRecords(
   [in, unique, string] LOGONSRV_HANDLE ServerName,
   [in, string] wchar_t* ComputerName,
   [in] PNETLOGON_AUTHENTICATOR Authenticator,
   [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator,
   [in, unique, string] wchar_t* SiteName,
   [in] ULONG DnsTtl,
   [in, out] PNL_DNS_NAME_INFO_ARRAY DnsNames
 );

ServerName: The custom binding handle (as defined in section 3.5.4.1) that represents the connection to the normal (writable) DC.

ComputerName: A null-terminated Unicode string that contains the client computer NetBIOS name.

Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure (as specified in section 2.2.1.1.5) that contains the client authenticator that will be used to authenticate the client.

ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server return authenticator.

SiteName: A pointer to a null-terminated Unicode string that contains the site name where the RODC resides.

DnsTtl: The Time-To-Live (TTL) value, in seconds, for DNS records.

DnsNames: A pointer to an NL_DNS_NAME_INFO_ARRAY (section 2.2.1.2.6) structure that contains an array of NL_DNS_NAME_INFO structures.

Return Values: The method returns 0x00000000 (NO_ERROR) on success; otherwise, it returns a nonzero error code.

On receiving this call, the server performs the following steps:

  • Verifies that the server is a normal (writable) DC; otherwise, the server MUST return STATUS_NOT_SUPPORTED.<172>

  • Verifies that the caller (ComputerName) is an RODC; otherwise, the server MUST return STATUS_NOT_SUPPORTED.

  • Verifies that the Authenticator passed, and compute the ReturnAuthenticator, as specified in section 3.1.4.5. If the Authenticator verification fails, the server MUST return STATUS_ACCESS_DENIED.

  • Validates the requested DNS name type. Only site-specific and CName types are supported. For an unsupported DNS name type, sets the DNS name status to STATUS_NOT_SUPPORTED.

  • Validates the site name for site-specific DNS name registration. Sets DNS name status to STATUS_ACCESS_DENIED for an invalid site name.

  • Validates Ndnc domain name for the registration of NlDnsNdncDomainName DnsDomainInfoType. Sets DNS name status to STATUS_ACCESS_DENIED for an invalid Ndnc domain name.

This method SHOULD be called only by a machine that has established a secure channel with the server.