2.2.6.2.4 DNS_RPC_TRUST_POINT

  • Article

The DNS_RPC_TRUST_POINT structure contains information about a trust point or a node in the TrustAnchors zone ([RFC5011]).

 typedef struct _DnssrvRpcTrustPoint {
   DWORD dwRpcStructureVersion;
   DWORD dwReserved0;
   [string] char* pszTrustPointName;
   TRUSTPOINT_STATE eTrustPointState;
   __int64 i64LastActiveRefreshTime;
   __int64 i64NextActiveRefreshTime;
   __int64 i64LastSuccessfulActiveRefreshTime;
   DWORD dwLastActiveRefreshResult;
   DWORD dwReserved;
 } DNS_RPC_TRUST_POINT,
  *PDNS_RPC_TRUST_POINT;

dwRpcStructureVersion: The structure version number; it MUST be set to 0x00000001.

dwReserved0: MUST be set to zero when sent and MUST be ignored on receipt.

pszTrustPointName: The FQDN of the trust point or node in the TrustAnchors zone represented by this structure. This MUST be a non-empty, non-NULL string.

eTrustPointState: A TRUSTPOINT_STATE enumeration value (section 2.2.1.1.3) containing the current trust point state. This MUST be set to one of the following values. For the TRUSTANCHOR_STATE enumeration values see section 2.2.1.1.4.

Value

Meaning

TRUSTPOINT_STATE_INITIALIZED

0x00000000

This structure represents a node in the TrustAnchors zone that does not contain any trust anchors. This node is not a trust point.

TRUSTPOINT_STATE_DSPENDING

0x00000001

This trust point contains only DS trust anchors (trust anchors in the TRUSTANCHOR_STATE_DSPENDING or TRUSTANCHOR_STATE_DSINVALID state), rendering it unusable for DNSSEC proofs.

TRUSTPOINT_STATE_ACTIVE

0x00000002

This trust point contains at least one trust anchor in the TRUSTANCHOR_STATE_VALID or TRUSTANCHOR_STATE_MISSING state.

TRUSTPOINT_STATE_DELETE_PENDING

0x00000003

This trust point contains only trust anchors in the TRUSTANCHOR_STATE_REVOKED state.

i64LastActiveRefreshTime: The time of the last active refresh. This is set to zero to indicate that no active refresh has occurred. This is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 Coordinated Universal Time (UTC).

i64NextActiveRefreshTime: The scheduled time of the next active refresh, or zero to indicate that no active refresh is scheduled. This is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC).

i64LastSuccessfulActiveRefreshTime: The time of the last successful active refresh, or zero to indicate that no active refresh has occurred. This is a 64-bit value representing the number of 100-nanosecond intervals since January 1, 1601 (UTC). A successful active refresh is defined as an active refresh resulting in retrieval of one or more DNSKEY records for the trust point and, if this trust point has trust anchors in the TRUSTANCHOR_STATE_VALID state, signifies that one or more of the retrieved DNSKEY records was validated by DNSSEC.

dwLastActiveRefreshResult: The result of the last active refresh, either ERROR_SUCCESS or a nonzero value to indicate that an error has occurred.

dwReserved: MUST be set to zero when sent and MUST be ignored on receipt.