From 2ca2f7e9852a3d6e93f065c01ea4679f723688f7 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Oct 2023 10:19:38 +1100
Subject: [PATCH 1/4] Update b.root-servers.net IP addresses

This covers both root hints and the default primaries for the root
zone mirror.  The official change date is Nov 27, 2023.
---
 bin/named/config.c | 4 ++--
 lib/dns/rootns.c   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bin/named/config.c b/bin/named/config.c
index c0cbf3f183..aaa44543dc 100644
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -328,14 +328,14 @@ dnssec-policy \"insecure\" {\n\
 			    "# END TRUST ANCHORS\n\
 \n\
 primaries " DEFAULT_IANA_ROOT_ZONE_PRIMARIES " {\n\
-	2001:500:200::b;	# b.root-servers.net\n\
+	2801:1b8:10::b;		# b.root-servers.net\n\
 	2001:500:2::c;		# c.root-servers.net\n\
 	2001:500:2f::f;		# f.root-servers.net\n\
 	2001:500:12::d0d;	# g.root-servers.net\n\
 	2001:7fd::1;		# k.root-servers.net\n\
 	2620:0:2830:202::132;	# xfr.cjr.dns.icann.org\n\
 	2620:0:2d0:202::132;	# xfr.lax.dns.icann.org\n\
-	199.9.14.201;		# b.root-servers.net\n\
+	170.247.170.2;		# b.root-servers.net\n\
 	192.33.4.12;		# c.root-servers.net\n\
 	192.5.5.241;		# f.root-servers.net\n\
 	192.112.36.4;		# g.root-servers.net\n\
diff --git a/lib/dns/rootns.c b/lib/dns/rootns.c
index 3e96694e56..0ff9279278 100644
--- a/lib/dns/rootns.c
+++ b/lib/dns/rootns.c
@@ -54,8 +54,8 @@ static char root_ns[] =
 	".                       518400  IN      NS      M.ROOT-SERVERS.NET.\n"
 	"A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4\n"
 	"A.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:503:BA3E::2:30\n"
-	"B.ROOT-SERVERS.NET.     3600000 IN      A       199.9.14.201\n"
-	"B.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:200::b\n"
+	"B.ROOT-SERVERS.NET.     3600000 IN      A       170.247.170.2\n"
+	"B.ROOT-SERVERS.NET.     3600000 IN      AAAA    2801:1b8:10::b\n"
 	"C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12\n"
 	"C.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:500:2::c\n"
 	"D.ROOT-SERVERS.NET.     3600000 IN      A       199.7.91.13\n"

From b69100b747f267c6ec95fb0011941f021fc3a4f4 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 18 Oct 2023 10:45:41 +1100
Subject: [PATCH 2/4] Suppress reporting upcoming changes in root hints

To reduce the amount of log spam when root servers change their
addresses keep a table of upcoming changes by expected date and time
and suppress reporting differences for them until then.

Add initial entry for B.ROOT-SERVERS.NET, Nov 27, 2023.
---
 lib/dns/rootns.c | 49 ++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 45 insertions(+), 4 deletions(-)

diff --git a/lib/dns/rootns.c b/lib/dns/rootns.c
index 0ff9279278..26f1ef64d5 100644
--- a/lib/dns/rootns.c
+++ b/lib/dns/rootns.c
@@ -34,6 +34,9 @@
 #include <dns/rootns.h>
 #include <dns/view.h>
 
+/*
+ * Also update 'upcoming' when updating 'root_ns'.
+ */
 static char root_ns[] =
 	";\n"
 	"; Internet Root Nameservers\n"
@@ -79,6 +82,24 @@ static char root_ns[] =
 	"M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33\n"
 	"M.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:DC3::35\n";
 
+static unsigned char b_data[] = "\001b\014root-servers\003net";
+static unsigned char b_offsets[] = { 0, 2, 15, 19 };
+
+static struct upcoming {
+	const dns_name_t name;
+	dns_rdatatype_t type;
+	isc_stdtime_t time;
+} upcoming[] = { {
+			 .name = DNS_NAME_INITABSOLUTE(b_data, b_offsets),
+			 .type = dns_rdatatype_a,
+			 .time = 1701086400 /* November 27 2023, 12:00 UTC */
+		 },
+		 {
+			 .name = DNS_NAME_INITABSOLUTE(b_data, b_offsets),
+			 .type = dns_rdatatype_aaaa,
+			 .time = 1701086400 /* November 27 2023, 12:00 UTC */
+		 } };
+
 static isc_result_t
 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {
 	isc_result_t result;
@@ -335,6 +356,18 @@ inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) {
 	return (false);
 }
 
+static bool
+changing(const dns_name_t *name, dns_rdatatype_t type, isc_stdtime_t now) {
+	for (size_t i = 0; i < ARRAY_SIZE(upcoming); i++) {
+		if (upcoming[i].time > now && upcoming[i].type == type &&
+		    dns_name_equal(&upcoming[i].name, name))
+		{
+			return (true);
+		}
+	}
+	return (false);
+}
+
 /*
  * Check that the address RRsets match.
  *
@@ -366,7 +399,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
 		while (result == ISC_R_SUCCESS) {
 			dns_rdata_reset(&rdata);
 			dns_rdataset_current(&rootrrset, &rdata);
-			if (!inrrset(&hintrrset, &rdata)) {
+			if (!inrrset(&hintrrset, &rdata) &&
+			    !changing(name, dns_rdatatype_a, now))
+			{
 				report(view, name, true, &rdata);
 			}
 			result = dns_rdataset_next(&rootrrset);
@@ -375,7 +410,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
 		while (result == ISC_R_SUCCESS) {
 			dns_rdata_reset(&rdata);
 			dns_rdataset_current(&hintrrset, &rdata);
-			if (!inrrset(&rootrrset, &rdata)) {
+			if (!inrrset(&rootrrset, &rdata) &&
+			    !changing(name, dns_rdatatype_a, now))
+			{
 				report(view, name, false, &rdata);
 			}
 			result = dns_rdataset_next(&hintrrset);
@@ -414,7 +451,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
 		while (result == ISC_R_SUCCESS) {
 			dns_rdata_reset(&rdata);
 			dns_rdataset_current(&rootrrset, &rdata);
-			if (!inrrset(&hintrrset, &rdata)) {
+			if (!inrrset(&hintrrset, &rdata) &&
+			    !changing(name, dns_rdatatype_aaaa, now))
+			{
 				report(view, name, true, &rdata);
 			}
 			dns_rdata_reset(&rdata);
@@ -424,7 +463,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
 		while (result == ISC_R_SUCCESS) {
 			dns_rdata_reset(&rdata);
 			dns_rdataset_current(&hintrrset, &rdata);
-			if (!inrrset(&rootrrset, &rdata)) {
+			if (!inrrset(&rootrrset, &rdata) &&
+			    !changing(name, dns_rdatatype_aaaa, now))
+			{
 				report(view, name, false, &rdata);
 			}
 			dns_rdata_reset(&rdata);

From b9bba29c5e77bcfffce401da2ed53cdcbf2d90e7 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Oct 2023 10:24:50 +1100
Subject: [PATCH 3/4] Add CHANGES note for [GL #4101]

---
 CHANGES | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGES b/CHANGES
index 3165dca854..2efb524d7b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+6269.	[maint]		B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and
+			2801:1b8:10::b. [GL #4101]
+
 6268.	[func]		Offload the IXFR and AXFR processing to unblock
 			the networking threads. [GL #4367]
 

From c7a06b1fa18386a129d6c97fef03ce249dd2e765 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Oct 2023 10:26:38 +1100
Subject: [PATCH 4/4] Add release note for [GL #4101]

---
 doc/notes/notes-current.rst | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst
index fd41fbfb6c..7491e3dc7f 100644
--- a/doc/notes/notes-current.rst
+++ b/doc/notes/notes-current.rst
@@ -51,6 +51,9 @@ Feature Changes
   zones will no longer create redundant signed versions of the zone.
   :gl:`#4349`
 
+- B.ROOT-SERVERS.NET addresses are now 170.247.170.2 and 2801:1b8:10::b.
+  :gl:`#4101`
+
 Bug Fixes
 ~~~~~~~~~