Suppress reporting upcoming changes in root hints

To reduce the amount of log spam when root servers change their
addresses keep a table of upcoming changes by expected date and time
and suppress reporting differences for them until then.

Add initial entry for B.ROOT-SERVERS.NET, Nov 27, 2023.

diff --git a/lib/dns/rootns.c b/lib/dns/rootns.c
index 0ff9279278a382ffb4eb7cd786bef6f733c74176..26f1ef64d55438b6aa8496c22608a29546bbcbc0 100644 (file)
--- a/lib/dns/rootns.c
+++ b/lib/dns/rootns.c
@@ -34,6 +34,9 @@
 #include <dns/rootns.h>
 #include <dns/view.h>
 
+/*
+ * Also update 'upcoming' when updating 'root_ns'.
+ */
 static char root_ns[] =
        ";\n"
        "; Internet Root Nameservers\n"
@@ -79,6 +82,24 @@ static char root_ns[] =
        "M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33\n"
        "M.ROOT-SERVERS.NET.     3600000 IN      AAAA    2001:DC3::35\n";
 
+static unsigned char b_data[] = "\001b\014root-servers\003net";
+static unsigned char b_offsets[] = { 0, 2, 15, 19 };
+
+static struct upcoming {
+       const dns_name_t name;
+       dns_rdatatype_t type;
+       isc_stdtime_t time;
+} upcoming[] = { {
+                        .name = DNS_NAME_INITABSOLUTE(b_data, b_offsets),
+                        .type = dns_rdatatype_a,
+                        .time = 1701086400 /* November 27 2023, 12:00 UTC */
+                },
+                {
+                        .name = DNS_NAME_INITABSOLUTE(b_data, b_offsets),
+                        .type = dns_rdatatype_aaaa,
+                        .time = 1701086400 /* November 27 2023, 12:00 UTC */
+                } };
+
 static isc_result_t
 in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {
        isc_result_t result;
@@ -335,6 +356,18 @@ inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) {
        return (false);
 }
 
+static bool
+changing(const dns_name_t *name, dns_rdatatype_t type, isc_stdtime_t now) {
+       for (size_t i = 0; i < ARRAY_SIZE(upcoming); i++) {
+               if (upcoming[i].time > now && upcoming[i].type == type &&
+                   dns_name_equal(&upcoming[i].name, name))
+               {
+                       return (true);
+               }
+       }
+       return (false);
+}
+
 /*
  * Check that the address RRsets match.
  *
@@ -366,7 +399,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
                while (result == ISC_R_SUCCESS) {
                        dns_rdata_reset(&rdata);
                        dns_rdataset_current(&rootrrset, &rdata);
-                       if (!inrrset(&hintrrset, &rdata)) {
+                       if (!inrrset(&hintrrset, &rdata) &&
+                           !changing(name, dns_rdatatype_a, now))
+                       {
                                report(view, name, true, &rdata);
                        }
                        result = dns_rdataset_next(&rootrrset);
@@ -375,7 +410,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
                while (result == ISC_R_SUCCESS) {
                        dns_rdata_reset(&rdata);
                        dns_rdataset_current(&hintrrset, &rdata);
-                       if (!inrrset(&rootrrset, &rdata)) {
+                       if (!inrrset(&rootrrset, &rdata) &&
+                           !changing(name, dns_rdatatype_a, now))
+                       {
                                report(view, name, false, &rdata);
                        }
                        result = dns_rdataset_next(&hintrrset);
@@ -414,7 +451,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
                while (result == ISC_R_SUCCESS) {
                        dns_rdata_reset(&rdata);
                        dns_rdataset_current(&rootrrset, &rdata);
-                       if (!inrrset(&hintrrset, &rdata)) {
+                       if (!inrrset(&hintrrset, &rdata) &&
+                           !changing(name, dns_rdatatype_aaaa, now))
+                       {
                                report(view, name, true, &rdata);
                        }
                        dns_rdata_reset(&rdata);
@@ -424,7 +463,9 @@ check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
                while (result == ISC_R_SUCCESS) {
                        dns_rdata_reset(&rdata);
                        dns_rdataset_current(&hintrrset, &rdata);
-                       if (!inrrset(&rootrrset, &rdata)) {
+                       if (!inrrset(&rootrrset, &rdata) &&
+                           !changing(name, dns_rdatatype_aaaa, now))
+                       {
                                report(view, name, false, &rdata);
                        }
                        dns_rdata_reset(&rdata);