Compartilhar via


3.1.4.3 R_DnssrvComplexOperation (Opnum 2)

The R_DnssrvComplexOperation method is used to invoke a set of server functions specified by the caller. These functions generally return more complex structures than simple 32-bit integer values, unlike the operations accessible through R_DnssrvOperation (section 3.1.4.1). For the purpose of selecting an output structure type the server MUST consider the value of dwClientVersion (section 2.2.1.2.1) to be 0x00000000 when responding to this method.

 LONG R_DnssrvComplexOperation(
   [in]                                   handle_t                  hBindingHandle,
   [in, unique, string]                   LPCWSTR                   pwszServerName,
   [in, unique, string]                   LPCSTR                    pszZone,
   [in, unique, string]                   LPCSTR                    pszOperation,
   [in]                                   DWORD                     dwTypeIn,
   [in, switch_is(dwTypeIn)]              DNSSRV_RPC_UNION          pDataIn,
   [out]                                  PDWORD                    pdwTypeOut,
   [out, switch_is(*pdwTypeOut)]          DNSSRV_RPC_UNION*         ppDataOut
 );

hBindingHandle: An RPC binding handle to the server. Details concerning binding handles are specified in [C706] section 2.3.

pwszServerName: The client SHOULD pass a pointer to the FQDN of the target server as a null-terminated UTF-16LE character string. The server MUST ignore this value.

pszZone: The name of the zone that is being operated on. This MUST be set to NULL unless pszOperation is set to QueryDwordProperty, in which case this value MUST be set either to NULL (to indicate that DNS server Configuration information is being requested) or to the name of the zone to be queried in UTF-8 format (to indicate that a DNS Zone integer property is being requested). This value will be used by certain operations as specified in the table below.

pszOperation: The operation to perform. The value of pszOperation SHOULD<275> be one of the following:

Value

Meaning

EnumZones

Enumerate zones present on the DNS server qualifying for a specified simple zone filter value. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_DWORD and pDataIn MUST point to any combination of ZONE_REQUEST_FILTERS (section 2.2.5.1.4) values. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_ZONE_LIST and ppDataOut MUST point to a structure of one of the types specified in DNS_RPC_ZONE_LIST (section 2.2.5.2.3).

EnumZones2

Enumerate zones present on the DNS server qualifying for a specified complex zone filter value. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_ENUM_ZONES_FILTER and pDataIn MUST point to a structure of type DNS_RPC_ENUM_ZONES_FILTER (section 2.2.5.2.9). Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_ZONE_LIST and MUST ppDataOut point to a structure of one of the types specified in DNS_RPC_ZONE_LIST.

EnumDirectoryPartitions

Enumerate the Application Directory Partition Table known to the DNS server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_DWORD and pDataIn MUST be set to zero if all application directory partitions are enumerated or to 0x000000001 if the DNS domain partition and DNS forest partition are excluded from results. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_DP_LIST and ppDataOut MUST point to a structure of type DNS_RPC_DP_LIST (section 2.2.7.2.4).

DirectoryPartitionInfo

Retrieve detailed information about a specified application directory partition. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_LPSTR and pDataIn MUST point to a null-terminated UTF-8 string specifying the distinguished name of an application directory partition. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be DNSSRV_TYPEID_DP_INFO and ppDataOut MUST point to a structure of type DNS_RPC_DP_INFO (section 2.2.7.2.1).

Statistics

Retrieve statistics. On input dwTypeIn MUST be set to DNSSRV_TYPEID_DWORD and pDataIn MUST point to any combination of the DNSSRV_STATID_TYPES (section 2.2.10.1.1) values. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_BUFFER and ppDataOut MUST point to a DNS_RPC_BUFFER structure (section 2.2.1.2.2) that contains a list of variable sized DNSSRV_STATS structures (section 2.2.10.2.2).

QueryDwordProperty

Retrieve the value of a 32-bit integer property. On input, dwTypeIn MUST be set to DNSSRV_TYPEID _LPSTR and pDataIn MUST point to a null-terminated UTF-8 string specifying a zone property name listed in section 3.1.1.2.1 (if pszZone is non-NULL) or server property name listed in section 3.1.1.1.1 (if pszZone is NULL). Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_DWORD and ppDataOut MUST point to a DWORD value.

IpValidate

Validate a list of IP addresses. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_IP_VALIDATE and pDataIn MUST point to a DNS_RPC_IP_VALIDATE structure (section 2.2.3.2.4) containing a list of IP addresses to be validated and the context information for validation as specified in section 2.2.3.2.4. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_ADDRARRAY and ppDataOut MUST point to a structure of type DNS_ADDR_ARRAY (section 2.2.3.2.3) that contains IP validation results (section 2.2.3.2.1).

ModifyZoneSigningKeyDescriptor

Creates, deletes, or modifies a signing key descriptor (SKD) for the specified zone. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_SKD and pDataIn MUST point to a structure of type DNS_RPC_SKD (section 2.2.6.2.1). If GUID inside DNS_RPC_SKD is set to zero, the server MUST create a new signing key descriptor. If GUID inside DNS_RPC_SKD is set to a nonzero value and if all other fields in the structure are NULL, the server MUST delete the signing key descriptor from the zone. Otherwise, the server MUST modify the signing key descriptor for the specified zone. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_SKD and ppDataOut MUST point to a structure of type DNS_RPC_SKD (section 2.2.6.2.1).

EnumZoneSigningKeyDescriptors

Retrieves the signing key descriptor found in the zone's signing key descriptor list for the specified zone. Input parameters (dwTypeIn and pDataIn) are ignored. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_SKD_LIST and ppDataOut MUST point to a structure of type DNS_RPC_SKD_LIST (section 2.2.6.2.2).

GetZoneSigningKeyDescriptorState

Retrieves the SKD state (section 2.2.6.2.3) for the specified zone and the signing key descriptor GUID. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_LPWSTR and pDataIn MUST point to a string containing the GUID of the signing key descriptor. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_SKD_STATE and ppDataOut MUST point to a structure of type DNS_RPC_SKD_STATE (section 2.2.6.2.3).

SetZoneSigningKeyDescriptorState

Modifies the SKD state (section 2.2.6.2.3) for the specified zone and the signing key descriptor GUID. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_SKD_STATE and pDataIn MUST point to a structure of type DNS_RPC_SKD_STATE (section 2.2.6.2.3). Note that only one key pointer string inside DNS_RPC_SKD_STATE will be set per a specific operation as described below. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_SKD_STATE and ppDataOut MUST point to a structure of type DNS_RPC_SKD_STATE (section 2.2.6.2.3) containing the modified SKD state.

ValidateZoneSigningParameters

Validates the zone signing parameters and returns a structure describing the invalid signing parameters. Input parameters (dwTypeIn and pDataIn) are ignored. Unless success is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_SIGNING_VALIDATION_ERROR and ppDataOut MUST point to a structure of type DNS_RPC_SIGNING_VALIDATION_ERROR (section 2.2.6.2.8) containing invalid elements of the zone configuration.

EnumerateKeyStorageProviders

Enumerates key storage providers installed on the DNS server. On input, dwTypeIn and pDataIn are ignored. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_UNICODE_STRING_LIST and ppDataOut MUST point to a structure of type DNS_RPC_UNICODE_STRING_LIST (section 2.2.1.2.4) that contains a list of storage providers installed on the DNS server.

EnumerateTrustPoints

Retrieve a list of trust points, containing either all trust points or only those at or below a given FQDN. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_LPSTR and pDataIn MUST point either to a null pointer or to a null-terminated UTF-8 string specifying an FQDN. If pDataIn points to a null pointer, the server MUST return all of the trust points. If pDataIn is an FQDN and there is a trust point or parent of a trust point at the FQDN, the server MUST return the trust point at the FQDN (or an empty trust-point structure for the FQDN if the FQDN is not a trust point) followed by empty trust-point structures for each immediate child of the FQDN, if any. An empty trust-point structure is a structure in which eTrustPointState is TRUST_POINT_STATE_INITIALIZED and all elements other than pszTrustPointName and dwRpcStructureVersion are zero. If pDataIn is an FQDN and there is neither a trust point nor the parent of a trust point at the FQDN, the server MUST return a nonzero error. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_TRUST_POINT_LIST and ppDataOut MUST point to a structure of type DNS_RPC_TRUST_POINT_LIST (section 2.2.6.2.5).

EnumerateTrustAnchors

Retrieve a list of the trust anchors at a given FQDN. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_LPSTR and pDataIn MUST point to a null-terminated UTF-8 string specifying an FQDN. If the FQDN specified is not a trust point, the server MUST return a nonzero error. Unless an error is returned, on output the value pointed to by pdwTypeOut MUST be set to DNSSRV_TYPEID_TRUST_ANCHOR_LIST and ppDataOut MUST point to a structure of type DNS_RPC_TRUST_ANCHOR_LIST (section 2.2.6.2.7).

ExportZoneSigningSettings

Exports all the Dnssec settings of a file-backed primary zone from a server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_DWORD and pDataIn SHOULD be 1 to get KSK details in the exported DNS_RPC_ZONE_DNSSEC_SETTINGS structure; otherwise, pDataIn SHOULD be zero. Unless an error is returned, on output pdwTypeOut is set to DNSSRV_TYPEID_ZONE_SIGNING_SETTINGS and ppDataOut points to a structure of type PDNS_RPC_ZONE_DNSSEC_SETTINGS.

ImportZoneSigningSettings

Imports the Dnssec settings to a primary file-backed zone on a server and takes appropriate action based on the signing metadata imported.

On input, dwTypeIn MUST be set to DNSSRV_TYPEID_ZONE_SIGNING_SETTINGS and pDataIn SHOULD be a structure of type PDNS_RPC_ZONE_DNSSEC_SETTINGS.

If this operation is invoked on a server that hosts a primary unsigned copy of a file-backed zone and the fIsSigned Property of PDNS_RPC_ZONE_DNSSEC_SETTINGS is 1, then the server becomes a nonkey master primary server for that zone. Unless an error is returned, on output pdwTypeOut is set to DNSSRV_TYPEID_DWORD and ppDataOut points to a structure of type ImportOpResult.

EnumZoneScopes

Enumerates all the zone scopes in a zone or cache scopes in a cache zone. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_NULL and pDataIn SHOULD be NULL. The pszZone MUST be the zone name for which zone scopes are to be enumerated or it MUST be "..cache". Unless an error is returned, on output pdwTypeOut is set to DNSSRV_TYPEID_ZONE_SCOPE_ENUM and ppDataOut points to a structure of type PDNS_RPC_ENUM_ZONE_SCOPE_LIST.

ZoneStatistics

Gets the zone statistics from the server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_DWORD and pDataIn SHOULD be either DNS_RPC_ZONE_STATS_GET, which gets the current zone statistics, or DNS_RPC_ZONE_STATS_CLEAR, which clears the zone statistics after getting them. The pszZone MUST point to the zone information for which statistics are required. Unless an error is returned, on output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_ZONE_STATS and ppDataOut SHOULD point to a structure of type DNS_RPC_ZONE_STATS_V1 (section 2.2.12.2.5).

EnumServerScopes

Enumerates all the server scopes in a DNS server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_NULL and pDataIn SHOULD be NULL. Unless an error is returned, on output, pdwTypeOut SHOULD be set to DNSSRV_TYPEID_SCOPE_ENUM and ppDataOut points to a structure of type PDNS_RPC_ENUM_SCOPE_LIST.<276>

EnumerateClientSubnetRecord

Enumerates the names all the Client Subnet Records on the DNS server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_NULL and pDataIn SHOULD be NULL. Unless an error is returned, on output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_UNICODE_STRING_LIST and ppDataOut points to a structure of type PDNS_RPC_UNICODE_STRING_LIST.

GetClientSubnetRecord

Gets the details of the Client Subnet Record on the DNS server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_LPWSTR and pDataIn SHOULD be name of the Client Subnet Record. Unless an error is returned, on output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_CLIENT_SUBNET_RECORD and ppDataOut points to a structure of type PDNS_RPC_CLIENT_SUBNET_RECORD.

EnumeratePolicy

Enumerates the policies configured on the server level or zone level for a specified zone on a DNS server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_NULL and pDataIn SHOULD be NULL. Unless an error is returned, on output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_POLICY_ENUM and ppDataOut points to a structure of type PDNS_RPC_ENUMERATE_POLICY_LIST.

GetPolicy

Gets the details of a DNS Policy configured on the server level or on the zone level for a specified zone on the DNS server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_LPWSTR and pDataIn SHOULD be name of the DNS Policy. Unless an error is returned, on output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_POLICY and ppDataOut points to a structure of type PDNS_RPC_POLICY.

GetRRLInfo

Gets the details of Response Rate Limiting parameters configured on the server level on the DNS server. On input, dwTypeIn MUST be set to DNSSRV_TYPEID_NULL and pDataIn SHOULD be NULL. Unless an error is returned, on output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_RRL and ppDataOut points to a structure of type PDNS_RPC_RRL_PARAMS.

EnumVirtualizationInstances

Enumerates the virtualization instance present in DNS server. The dwTypeIn parameter MUST be set to DNSSRV_TYPEID_NULL and pDataIn MUST be set to NULL. On successful enumeration pdwTypeOut is set to DNSSRV_TYPEID_VIRTUALIZATION_INSTANCE_ENUM, and ppDataOut MUST point to a structure of type DNS_RPC_ENUM_VIRTUALIZATION_INSTANCE_LIST.

dwTypeIn: A DNS_RPC_TYPEID (section 2.2.1.1.1) value indicating the type of input data pointed to by pDataIn.

pDataIn: Input data of type DNSSRV_RPC_UNION (section 2.2.1.2.6), which contains a data structure of the type indicated by dwTypeIn.

pdwTypeOut: A pointer to a DWORD that on success returns a DNS_RPC_TYPEID (section 2.2.1.1.1) value indicating the type of output data pointed to by ppDataOut.

ppDataOut: A pointer to output data of type DNSSRV_RPC_UNION, which on success contains a data structure of the type indicated by pdwTypeOut.

Return Values: The method MUST return ERROR_SUCCESS (0x00000000) on success or a nonzero Win32 error code value if an error occurred. See [MS-ERREF] section 2.2 or section 2.2.1.1.5. All error values MUST be treated the same.

When processing this call, the server MUST do the following:

  • If the Global Server State (section 3.1.1) is not "Running", return a failure.

  • Check that the input parameters conform to the syntax requirements above, and if not, return a failure.

  • If pszZone is not NULL, verify that pszOperation is set to QueryDwordProperty, ModifyZoneSigningKeyDescriptor, EnumZoneSigningKeyDescriptors, GetZoneSigningKeyDescriptorState, SetZoneSigningKeyDescriptorState, ValidateZoneSigningParameters, EnumeratePolicy, or GetPolicy. If it is not, return a failure.

  • If pszOperation is set to QueryDwordProperty, verify that dwTypeIn is set to DNSSRV_TYPEID_LPSTR. If it is not, return a failure.

  • If pszOperation is set to ModifyZoneSigningKeyDescriptor, verify that dwTypeIn is set to DNSSRV_TYPEID_SKD. If it is not, return a failure.

  • If pszOperation is set to GetZoneSigningKeyDescriptorState, verify that dwTypeIn is set to DNSSRV_TYPEID_LPWSTR. If it is not, return a failure.

  • If pszOperation is set to SetZoneSigningKeyDescriptorState, verify that dwTypeIn is set to DNSSRV_TYPEID_SKD_STATE. If it is not, return a failure.

  • If pszZone is not NULL, search the DNS Zone Table (section 3.1.1) for the zone with a name matching the value of pszZone. If a matching zone cannot be found, return a failure.

  • Validate, as specified in section 3.1.6.1, that the client has permissions to perform the attempted operation. If pszZone is NULL then the DNS server MUST perform the Phase 2 authorization test using the DNS server Configuration Access Control List. If pszZone is not NULL then the DNS server MUST perform the Phase 2 authorization test using the Zone Access Control List for the zone specified by pszZone. Write privilege MUST be tested for the ModifyZoneSigningKeyDescriptor and SetZoneSigningKeyDescriptorState operations. Read privilege MUST be tested for all other operations. If the client does not have permission to perform the operation, the server MUST return a failure.

  • If pszZone is not NULL, and pszOperation is QueryDwordProperty, and pDataIn matches a property name listed in section 3.1.6.1, and the server supports that property, the server MUST set pdwTypeOut to DNSSRV_TYPEID_DWORD, set ppDataOut to the DWORD value of the property, and return success. If the property name is not supported, the server MUST return a nonzero error code.

  • If pszZone is not NULL, and pszOperation is ModifyZoneSigningKeyDescriptor:

    • If the GUID field of the DNS_RPC_SKD structure pointed to by pDataIn is set to zero, the server MUST create a new signing key descriptor for the specified zone and add it to the zone's signing key descriptor list. If this operation succeeds, the server MUST set pdwTypeOut to DNSSRV_TYPEID_SKD and MUST set ppDataOut to point to a structure of type DNS_RPC_SKD representing the newly created signing key descriptor, and return success. Otherwise, the server MUST return a nonzero error code.

    • If the GUID field of the DNS_RPC_SKD structure pointed to by pDataIn is nonzero, and all other fields are set to zero, the server MUST locate the specified SKD in the zone's signing key descriptor list. If the SKD is found, the server MUST delete the specified SKD from the zone's signing key descriptor list. If this operation succeeds, the server MUST set pdwTypeOut to DNSSRV_TYPEID_SKD and MUST set ppDataOut to point to a structure of type DNS_RPC_SKD representing the deleted signing key descriptor, and return success. Otherwise, the server MUST return a nonzero error code.

    • If the GUID field of the DNS_RPC_SKD structure pointed to by pDataIn is nonzero, and one or more of the other fields are nonzero, the server MUST locate the specified SKD in the zone's signing key descriptor list. If the SKD is found, the server MUST modify this SKD as follows:

      • If any of the dwDNSKEYSignatureValidityPeriod, dwDSSignatureValidityPeriod, dwStandardSignatureValidityPeriod, or dwNextRolloverAction fields of the DNS_RPC_SKD pointed to by pDataIn are nonzero, modify the appropriate field in the SKD found in the zone's signing key descriptor list.

      • If the dwRolloverPeriod field of the DNS_RPC_SKD structure pointed to by pDataIn is nonzero, modify the appropriate field of the SKD found in the zone's signing key descriptor list. If the previous value of this field in the SKD was 0xFFFFFFFF, and the new value is some other nonzero value, the server MUST also modify the signing key descriptor's associated ftNextRolloverTime to the current time plus the new dwRolloverPeriod. If the previous value of this field in the SKD was not 0xFFFFFFFF, and the new value is 0xFFFFFFFF, the server MUST also set the signing key descriptor's associated ftNextRolloverTime to zero.

      • If any other fields of the DNS_RPC_SKD pointed to by pDataIn are nonzero, ignore these fields.

    If this operation succeeds, the server MUST set pdwTypeOut to DNSSRV_TYPEID_SKD and MUST set ppDataOut to point to a structure of type DNS_RPC_SKD representing the modified signing key descriptor, and return success. Otherwise, the server MUST return a nonzero error code.

  • If pszZone is not NULL, and pszOperation is SetZoneSigningKeyDescriptorState, the server MUST locate the SKD specified by the GUID field of the DNS_RPC_SKD_STATE pointed to by pDataIn in the zone's signing key descriptor list. If the SKD is found, the server MUST modify exactly one of the signing key descriptor's pwszActiveKey, pwszStandbyKey, or pwszNextKey fields as follows:

    • If the pwszActiveKey field of the DNS_RPC_SKD_STATE structure pointed to by pDataIn is nonzero, modify the signing key descriptor's pwszActiveKey field.

    • If the pwszActiveKey field of the DNS_RPC_SKD_STATE structure pointed to by pDataIn is NULL, and the pwszStandbyKey field of this structure is nonzero, modify the signing key descriptor's pwszStandbyKey.

    • If both the pwszActiveKey and pwszStandbyKey fields of the DNS_RPC_SKD_STATE structure pointed to by pDataIn are NULL, and the pwszNextKey field of this structure is nonzero, modify the signing key descriptor's pwszNextKey.

    If this operation succeeds, the server MUST set pdwTypeOut to DNSSRV_TYPEID_SKD_STATE and MUST set ppDataOut to point to a structure of type DNS_RPC_SKD_STATE representing the modified signing key descriptor, and return success. Otherwise, the server MUST return a nonzero error code.

  • If pszZone is not NULL, and pszOperation is EnumZoneSigningKeyDescriptors, GetZoneSigningKeyDescriptorState, or ValidateZoneSigningParameters, execute the operation indicated by the value of pszOperation as previously specified against the specified zone.

  • If pszZone is NULL, execute the operation indicated by the value of pszOperation as specified above.

  • If pszZone is not NULL, and pszOperation is ExportZoneSigningSettings:

    • On input, dwTypeIn MUST be set to DNSSRV_TYPEID_DWORD.

    • To get KSK details in exported DNS_RPC_ZONE_DNSSEC_SETTINGS, pDataIn is 1; otherwise, zero.

    • Unless an error is returned, on output pdwTypeOut is set to DNSSRV_TYPEID_ZONE_SIGNING_SETTINGS and ppDataOut points to a structure of type PDNS_RPC_ZONE_DNSSEC_SETTINGS.

  • If pszZone is not NULL, and pszOperation is ImportZoneSigningSettings:

    • On input, dwTypeIn MUST be set to DNSSRV_TYPEID_ZONE_SIGNING_SETTINGS and pDataIn SHOULD be a structure of type PDNS_RPC_ZONE_DNSSEC_SETTINGS.

    • Unless an error is returned, on output pdwTypeOut is set to DNSSRV_TYPEID_DWORD and ppDataOut points to a structure of type ImportOpResult.

    • If this operation is invoked on a server hosting a file-backed unsigned zone, and if the fIsSigned property of DNS_RPC_ZONE_DNSSEC_SETTINGS is 1, then the server becomes a nonkey master primary server of that signed zone.

    • If this operation is invoked on a server hosting a file-backed signed zone, and if the fIsSigned property of DNS_RPC_ZONE_DNSSEC_SETTINGS is 1, and if there is a difference in the imported and existing settings that requires re-signing, then the zone is marked for staggered signing with the new settings.

    • If this operation is invoked on a server hosting a file-backed signed zone, and if the fIsSigned property of DNS_RPC_ZONE_DNSSEC_SETTINGS is 0, then the zone is unsigned on the target server.

  • If pszZone is not NULL, and pszOperation is EnumZoneScopes:

    • On input, dwTypeIn MUST be set to DNSSRV_TYPEID_NULL.

    • pDataIn SHOULD be NULL.

    • The pszZone MUST be the zone name for which zone scopes are to be enumerated, or it MUST be "..cache" to enumerate cache scopes.

    • Unless an error is returned, on output pdwTypeOut is set to DNSSRV_TYPEID_ZONE_SCOPE_ENUM and ppDataOut points to a structure of type PDNS_RPC_ENUM_ZONE_SCOPE_LIST.

  • If pszZone is not NULL, and pszOperation is ZoneStatistics:

    • On input, dwTypeIn MUST be set to DNSSRV_TYPEID_DWORD.

    • pDataIn SHOULD be either DNS_RPC_ZONE_STATS_GET, which gets the current Zone statistics or DNS_RPC_ZONE_STATS_CLEAR if one wants to clear the Zone Statistics after getting them.

    • The pszZone MUST point to the zone information for which statistics are required.

    • Unless an error is returned, on output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_ZONE_STATS and ppDataOut SHOULD point to a structure of type DNS_RPC_ZONE_STATS.

  • If the pszOperation is EnumerateClientSubnetRecord:

    • The pszZone is NULL. This operation is at the server level.

    • The DNS server MUST return all the Client Subnet Record names, and return success or failure depending on the result. The output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_UNICODE_STRING_LIST and ppDataOut SHOULD point to a structure of type DNS_RPC_UNICODE_STRING_LIST.

  • If the pszOperation is GetClientSubnetRecord:

    • The pszZone is NULL. This operation is at the server level.

    • pDataIn SHOULD be a NULL-terminated Unicode string, which is the name of the Client Subnet Record whose details will be retrieved.

    • If the Client Subnet Record name given in input pData does not exist, the DNS server SHOULD return DNS_ERROR_CLIENT_SUBNET_DOES_NOT_EXIST (9976).

    • The DNS server MUST return all the Client Subnet Record details and return success or failure depending on the result. The output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_CLIENT_SUBNET_RECORD and ppDataOut SHOULD point to a structure of type DNS_RPC_CLIENT_SUBNET_RECORD.

  • If pszZone is NULL and the pszOperation is EnumeratePolicy:

    • The DNS server MUST return all the DNS Policies at the server level and return success or failure depending on the result. The output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_POLICY_ENUM and ppDataOut SHOULD point to a structure of type PDNS_RPC_ENUMERATE_POLICY_LIST.

  • If pszZone is not NULL and the pszOperation is EnumeratePolicy:

    • Retrieve the zone associated with pszZone. If the zone is not found return the error DNS_ERROR_ZONE_DOES_NOT_EXIST (9601).

    • The DNS server MUST return all the DNS Policies configured for the pszZonel and return success or failure depending on the result. The output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_POLICY_ENUM and ppDataOut SHOULD point to a structure of type PDNS_RPC_ENUMERATE_POLICY_LIST.

  • If pszZone is NULL and the pszOperation is GetPolicy:

    • pDataIn SHOULD be a NULL terminated Unicode string, which is the name of the DNS Policy whose details will be retrieved.

    • If the DNS Policy given by the NULL terminated Unicode string pDataIn does not exist at the server level, the DNS server MUST return the error DNS_ERROR_POLICY_DOES_NOT_EXIST (9972).

    • The DNS server MUST return the details of the corresponding DNS Policy setting at the server level and return success or failure depending on the result. The output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_POLICY and ppDataOut SHOULD point to a structure of type PDNS_RPC_POLICY.

  • If pszZone is not NULL and the pszOperation is GetPolicy:

    • Retrieve the zone associated with pszZone. If the zone is not found return the error DNS_ERROR_ZONE_DOES_NOT_EXIST (9601).

    • pDataIn SHOULD be a NULL terminated Unicode string, which is the name of the DNS Policy on the zone whose details will be retrieved.

    • If the DNS Policy as specified in pDataIn is not found in the zone, return the error DNS_ERROR_POLICY_DOES_NOT_EXIST (9972).

    • The DNS server MUST return the details of the corresponding DNS Policy on the zone and return success or failure depending on the result. The output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_POLICY and ppDataOut SHOULD point to a structure of type PDNS_RPC_POLICY.

  • If pszZone is NULL and pszOperation is GetRRLInfo:

    • pDataIn SHOULD be NULL.

    • The DNS server MUST return the details of the Response Rate Limiting settings at the server level and return success or failure depending on the result. On success, the output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_RRL and ppDataOut SHOULD point to a structure of type PDNS_RPC_RRL_PARAMS.

  • If pszZone is NULL and pszOperation is EnumVirtualizationInstances:

    • The DNS server MUST return all the virtualization instances present in the DNS server and return success or failure. The output pdwTypeOut SHOULD be set to DNSSRV_TYPEID_VIRTUALIZATION_INSTANCE_ENUM and ppDataOut SHOULD point to a structure of type DNS_RPC_ENUM_VIRTUALIZATION_INSTANCE_LIST.