3.5.4.3.11 DsrUpdateReadOnlyServerDnsRecords (Opnum 48)
The DsrUpdateReadOnlyServerDnsRecords method SHOULD<171> allow an RODC to send a control command to a normal (writable) DC for site-specific and CName types of DNS records update. For registration, site-specific records are for the site in which RODC resides. For the types of DNS records, see [MS-ADTS] section 6.3.2.
-
NTSTATUS DsrUpdateReadOnlyServerDnsRecords( [in, unique, string] LOGONSRV_HANDLE ServerName, [in, string] wchar_t* ComputerName, [in] PNETLOGON_AUTHENTICATOR Authenticator, [out] PNETLOGON_AUTHENTICATOR ReturnAuthenticator, [in, unique, string] wchar_t* SiteName, [in] ULONG DnsTtl, [in, out] PNL_DNS_NAME_INFO_ARRAY DnsNames );
ServerName: The custom binding handle (as defined in section 3.5.4.1) that represents the connection to the normal (writable) DC.
ComputerName: A null-terminated Unicode string that contains the client computer NetBIOS name.
Authenticator: A pointer to a NETLOGON_AUTHENTICATOR structure (as specified in section 2.2.1.1.5) that contains the client authenticator that will be used to authenticate the client.
ReturnAuthenticator: A pointer to a NETLOGON_AUTHENTICATOR structure that contains the server return authenticator.
SiteName: A pointer to a null-terminated Unicode string that contains the site name where the RODC resides.
DnsTtl: The Time-To-Live (TTL) value, in seconds, for DNS records.
DnsNames: A pointer to an NL_DNS_NAME_INFO_ARRAY (section 2.2.1.2.6) structure that contains an array of NL_DNS_NAME_INFO structures.
Return Values: The method returns 0x00000000 (NO_ERROR) on success; otherwise, it returns a nonzero error code.
On receiving this call, the server performs the following steps:
Verifies that the server is a normal (writable) DC; otherwise, the server MUST return STATUS_NOT_SUPPORTED.<172>
Verifies that the caller (ComputerName) is an RODC; otherwise, the server MUST return STATUS_NOT_SUPPORTED.
Verifies that the Authenticator passed, and compute the ReturnAuthenticator, as specified in section 3.1.4.5. If the Authenticator verification fails, the server MUST return STATUS_ACCESS_DENIED.
Validates the requested DNS name type. Only site-specific and CName types are supported. For an unsupported DNS name type, sets the DNS name status to STATUS_NOT_SUPPORTED.
Validates the site name for site-specific DNS name registration. Sets DNS name status to STATUS_ACCESS_DENIED for an invalid site name.
Validates Ndnc domain name for the registration of NlDnsNdncDomainName DnsDomainInfoType. Sets DNS name status to STATUS_ACCESS_DENIED for an invalid Ndnc domain name.
This method SHOULD be called only by a machine that has established a secure channel with the server.