Conditional dns resolution binding

[rajatagarwal-ibm]

Description

BREAKING CHANGE: ibm_is_vpc_dns_resolution_binding resources are no longer used for DNS resolution binding with the delegated resolver type. The DNS resolver now creates within the VPC when the resolver type is selected as delegated. This fixes the issue where the module attempts to create ibm_is_vpc_dns_resolution_binding twice, which is reported here: #1019

This upgrade notice applies only to users of the advanced Hub and Spoke VPC topology who are upgrading from a previous version of this module to v8.0.0 or later. If you are using the standard topology, or a new user starting with v8.0.0 or above, this breaking change does not apply.

Upgrade steps:

• Upgrade to the latest module (>= v8.0.0).
• Set update_delegated_resolver = true in your Terraform configuration (along with any other input parameters you previously used) and run terraform apply to re-create the DNS resolution binding with the delegated resolver type. For example:

terraform apply -var="update_delegated_resolver=true"

Expected network connectivity downtime of typically around 20 seconds.

Release required?

• No release
• Patch release (x.x.X)
• Minor release (x.X.x)
• Major release (X.x.x)

Release notes content

Run the pipeline

If the CI pipeline doesn't run when you create the PR, the PR requires a user with GitHub collaborators access to run the pipeline.

Run the CI pipeline when the PR is ready for review and you expect tests to pass. Add a comment to the PR with the following text:

/run pipeline

Checklist for reviewers

• If relevant, a test for the change is included or updated with this PR.
• If relevant, documentation for the change is included or updated with this PR.

For mergers

• Use a conventional commit message to set the release level. Follow the guidelines.
• Include information that users need to know about the PR in the commit message. The commit message becomes part of the GitHub release notes.
• Use the Squash and merge option.

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

Outputs:

dns_endpoint_gateways_by_spoke_vpc_crn = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-19346e18-cee0-41f1-8434-7e6662e9f662"
dns_endpoint_gateways_by_spoke_vpc_id = "r006-19346e18-cee0-41f1-8434-7e6662e9f662"

verified with the Spoke VPC UI

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

/run pipeline

[vburckhardt]

Hi Rajat, a few comments.

[vburckhardt]

Given the existing public instructions, I suspect consumers will already have flipped the flag update_delegated_resolver to true in version 7, and this is likely still the value used. So in first step, isn't there a need to explicitly set update_delegated_resolver to false?

In addition, given the flow to delete and re-create, we should probably document network connectivity issues in dns resolution in the spoke during this process?

[vburckhardt]

Also do not forget to flip the minor -> major flag in the PR for mergers

[rajatagarwal-ibm]

Some of the findings

[rajatagarwal-ibm]

@vburckhardt I have come up with a solution where the updates will be in-place instead of deletion of DNS resolution binding and recreating that in the second apply.

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:

  # module.hub_vpc.ibm_dns_zone.dns_zone[0] has changed
  ~ resource "ibm_dns_zone" "dns_zone" {
        id          = "bbe679b2-551d-42e4-8d3a-704b16ffe2c4/80319710-fa2d-4b68-85ea-41c8c78c8ebd"
      ~ modified_on = "2025-08-06T15:17:53.000Z" -> "2025-08-06T15:19:29.000Z"
        name        = "hnsexample.com"
      ~ state       = "PENDING_NETWORK_ADD" -> "ACTIVE"
        # (5 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # module.spoke_vpc.ibm_is_vpc.vpc[0] will be updated in-place
  ~ resource "ibm_is_vpc" "vpc" {
        id                          = "r006-2e1db019-fd2d-4945-be63-1ae446768bde"
        name                        = "hnsn-spoke-spoke"
        tags                        = []
        # (28 unchanged attributes hidden)

      ~ dns {
            # (2 unchanged attributes hidden)

          ~ resolver {
              + dns_binding_name      = "hnsn-spoke-spoke-dns-binding"
              ~ type                  = "system" -> "delegated"
              + vpc_crn               = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-260dc24e-82c0-46d3-aa7c-de66646f33d4"
                # (7 unchanged attributes hidden)
            }
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

[rajatagarwal-ibm]

/run pipeline

[rajatagarwal-ibm]

Further tests and findings:

Test 1:

Test on VPC module release v.7.18.0 (about 1.5 years old release)
IBM Provider version 1.59.0
Terraform version 1.5.7

Test passed

Test 2:

Test on VPC module main branch
IBM Provider version 1.81.1
Terraform version 1.9.2
Fails with the following error:

╷
│ Error: ---
│ id: terraform-15b12357
│ summary: 'CreateVPCDnsResolutionBindingWithContext failed: This VPC already contains
│   DNS Resolution Bindings'
│ severity: error
│ resource: ibm_is_vpc
│ operation: update
│ component:
│   name: github.com/IBM-Cloud/terraform-provider-ibm
│   version: 1.81.1
│ ---
│ 
│ 
│   with module.spoke_vpc.ibm_is_vpc.vpc[0],
│   on ../../main.tf line 30, in resource "ibm_is_vpc" "vpc":
│   30: resource "ibm_is_vpc" "vpc" {
│ 
╵

Note: All the changes were made two years ago in the DNS portion of the VPC TIM module, so the VPC module itself hasn’t changed. Therefore, testing different versions of the VPC module is unnecessary. I’m also unsure whether it’s worth testing different Terraform provider versions—because even if I identify the issue, from the user’s perspective they’ll eventually need to upgrade the provider.

Fetching DNS Resolution binding ID from the Spoke VPC after first terraform apply on the main branch. (System resolver type, not delegated)

5355 ± ibmcloud is vpc-dns-resolution-bindings r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f --output JSON                                                                                                        ✹
[
    {
        "created_at": "2025-08-11T18:53:00.000Z",
        "endpoint_gateways": [],
        "health_state": "ok",
        "href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/dns_resolution_bindings/r006-0020806f-8875-4a31-9ea6-f0a2134b04ea",
        "id": "r006-0020806f-8875-4a31-9ea6-f0a2134b04ea",
        "lifecycle_state": "stable",
        "name": "hns-main1-spoke-spoke-dns-binding",
        "resource_type": "vpc_dns_resolution_binding",
        "vpc": {
            "crn": "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de",
            "href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-17d36659-4450-4fc1-8c7c-2d105460b4de",
            "id": "r006-17d36659-4450-4fc1-8c7c-2d105460b4de",
            "name": "hns-main1-hub-hub",
            "remote": {},
            "resource_type": "vpc"
        }
    }
]%         

Then, ran terraform apply -var=update_delegated_resolver=true on the feature branch

5360 ± ibmcloud is vpc-dns-resolution-bindings r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f --output JSON                                                                                                        ✹
[
    {
        "created_at": "2025-08-11T19:00:27.000Z",
        "endpoint_gateways": [],
        "health_state": "ok",
        "href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/dns_resolution_bindings/r006-e4eccf41-49c3-476b-a4e5-7053756d1f84",
        "id": "r006-e4eccf41-49c3-476b-a4e5-7053756d1f84",
        "lifecycle_state": "stable",
        "name": "hns-main1-spoke-spoke-dns-binding",
        "resource_type": "vpc_dns_resolution_binding",
        "vpc": {
            "crn": "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de",
            "href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-17d36659-4450-4fc1-8c7c-2d105460b4de",
            "id": "r006-17d36659-4450-4fc1-8c7c-2d105460b4de",
            "name": "hns-main1-hub-hub",
            "remote": {},
            "resource_type": "vpc"
        }
    }
]%     

This proves the point that it is actually changing the DNS resolver binding (as oppose to what we talked about in the playback about just updating the terraform resource, but not the actual resources in the cloud.)

Conclusion:

Following is the log of terraform apply with the flag on the feature branch, with these highlights:

• deletion of external resource for the DNS resolver binding deletes before modifying VPC DNS resolver binding in-place. That's the right behaviour.
• The full process takes less than 20 seconds. In my opinon, downtime won't be much and we can add that in the readme.

module.spoke_vpc.ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0]: Destroying... [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/r006-0020806f-8875-4a31-9ea6-f0a2134b04ea]
module.spoke_vpc.ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0]: Still destroying... [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed...6-0020806f-8875-4a31-9ea6-f0a2134b04ea, 10s elapsed]
module.spoke_vpc.ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0]: Destruction complete after 11s
module.spoke_vpc.ibm_is_vpc.vpc[0]: Modifying... [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f]
module.spoke_vpc.ibm_is_vpc.vpc[0]: Modifications complete after 8s [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f]

Apply complete! Resources: 0 added, 1 changed, 1 destroyed.

FULL LOGS FOR REFERENCE

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:

  # module.hub_vpc.ibm_dns_custom_resolver.custom_resolver_hub[0] has changed
  ~ resource "ibm_dns_custom_resolver" "custom_resolver_hub" {
      ~ health                   = "DEGRADED" -> "HEALTHY"
        id                       = "2385f1b1-8b4e-4261-8791-2f94686901db:896c44b2-4367-49b0-bbbf-71ea001638c9"
        name                     = "hns-main1-hub-hub-custom-resolver"
        # (8 unchanged attributes hidden)

      ~ locations {
          ~ healthy       = false -> true
            # (4 unchanged attributes hidden)
        }
      ~ locations {
          ~ healthy       = false -> true
            # (4 unchanged attributes hidden)
        }

        # (1 unchanged block hidden)
    }

  # module.hub_vpc.ibm_dns_zone.dns_zone[0] has changed
  ~ resource "ibm_dns_zone" "dns_zone" {
        id          = "896c44b2-4367-49b0-bbbf-71ea001638c9/6d9c3c4d-965c-4317-959e-ce22abb8745a"
      ~ modified_on = "2025-08-11T18:49:24.000Z" -> "2025-08-11T18:50:57.000Z"
        name        = "hnsexample.com"
      ~ state       = "PENDING_NETWORK_ADD" -> "ACTIVE"
        # (5 unchanged attributes hidden)
    }


Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these changes.

───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  ~ update in-place
  - destroy

Terraform will perform the following actions:

  # module.spoke_vpc.ibm_is_vpc.vpc[0] will be updated in-place
  ~ resource "ibm_is_vpc" "vpc" {
        id                          = "r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f"
        name                        = "hns-main1-spoke-spoke"
        tags                        = []
        # (28 unchanged attributes hidden)

      ~ dns {
            # (2 unchanged attributes hidden)

          ~ resolver {
              + dns_binding_name      = "hns-main1-spoke-spoke-dns-binding"
              ~ type                  = "system" -> "delegated"
              + vpc_crn               = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
                # (7 unchanged attributes hidden)
            }
        }
    }

  # module.spoke_vpc.ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0] will be destroyed
  # (because index [0] is out of range for count)
  - resource "ibm_is_vpc_dns_resolution_binding" "vpc_dns_resolution_binding_crn" {
      - created_at        = "2025-08-11T18:53:00.000Z" -> null
      - endpoint_gateways = [] -> null
      - health_reasons    = [] -> null
      - health_state      = "ok" -> null
      - href              = "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/dns_resolution_bindings/r006-0020806f-8875-4a31-9ea6-f0a2134b04ea" -> null
      - id                = "r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/r006-0020806f-8875-4a31-9ea6-f0a2134b04ea" -> null
      - lifecycle_state   = "stable" -> null
      - name              = "hns-main1-spoke-spoke-dns-binding" -> null
      - resource_type     = "vpc_dns_resolution_binding" -> null
      - vpc_id            = "r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f" -> null

      - vpc {
          - crn           = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de" -> null
          - href          = "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-17d36659-4450-4fc1-8c7c-2d105460b4de" -> null
          - id            = "r006-17d36659-4450-4fc1-8c7c-2d105460b4de" -> null
          - name          = "hns-main1-hub-hub" -> null
          - remote        = [
              - {},
            ] -> null
          - resource_type = "vpc" -> null
        }
    }

Plan: 0 to add, 1 to change, 1 to destroy.

Changes to Outputs:
  ~ custom_resolver_hub_vpc                = {
      ~ health                   = "DEGRADED" -> "HEALTHY"
        id                       = "2385f1b1-8b4e-4261-8791-2f94686901db:896c44b2-4367-49b0-bbbf-71ea001638c9"
      ~ locations                = [
          ~ {
              ~ healthy       = false -> true
                # (4 unchanged attributes hidden)
            },
          ~ {
              ~ healthy       = false -> true
                # (4 unchanged attributes hidden)
            },
            {
                dns_server_ip = "10.30.10.4"
                enabled       = true
                healthy       = true
                location_id   = "89db9dea-62f1-451b-b309-d50a91e8ba75"
                subnet_crn    = "crn:v1:bluemix:public:is:us-south-3:a/abac0df06b644a9cabc6e44f55b3880e::subnet:0737-24a6d27b-27ba-4b3a-9a5c-35b7ce786754"
            },
        ]
        name                     = "hns-main1-hub-hub-custom-resolver"
        # (11 unchanged attributes hidden)
    }
  ~ dns_endpoint_gateways_by_spoke_vpc_crn = {
      - created_at        = "2025-08-11T18:53:00.000Z"
      - endpoint_gateways = []
      - health_reasons    = []
      - health_state      = "ok"
      - href              = "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/dns_resolution_bindings/r006-0020806f-8875-4a31-9ea6-f0a2134b04ea"
      - id                = "r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/r006-0020806f-8875-4a31-9ea6-f0a2134b04ea"
      - lifecycle_state   = "stable"
      - name              = "hns-main1-spoke-spoke-dns-binding"
      - resource_type     = "vpc_dns_resolution_binding"
      - timeouts          = null
      - vpc               = [
          - {
              - crn           = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
              - href          = "https://us-south.iaas.cloud.ibm.com/v1/vpcs/r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
              - id            = "r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
              - name          = "hns-main1-hub-hub"
              - remote        = [
                  - {
                      - account = null
                      - region  = null
                    },
                ]
              - resource_type = "vpc"
            },
        ]
      - vpc_id            = "r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f"
    } -> "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
  + dns_endpoint_gateways_by_spoke_vpc_id  = "r006-17d36659-4450-4fc1-8c7c-2d105460b4de"

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

module.spoke_vpc.ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0]: Destroying... [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f/r006-0020806f-8875-4a31-9ea6-f0a2134b04ea]
module.spoke_vpc.ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0]: Still destroying... [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed...6-0020806f-8875-4a31-9ea6-f0a2134b04ea, 10s elapsed]
module.spoke_vpc.ibm_is_vpc_dns_resolution_binding.vpc_dns_resolution_binding_crn[0]: Destruction complete after 11s
module.spoke_vpc.ibm_is_vpc.vpc[0]: Modifying... [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f]
module.spoke_vpc.ibm_is_vpc.vpc[0]: Modifications complete after 8s [id=r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f]

Apply complete! Resources: 0 added, 1 changed, 1 destroyed.

Outputs:

custom_resolver_hub_vpc = {
  "allow_disruptive_updates" = false
  "created_on" = tostring(null)
  "custom_resolver_id" = "2385f1b1-8b4e-4261-8791-2f94686901db"
  "description" = ""
  "enabled" = true
  "health" = "HEALTHY"
  "high_availability" = true
  "id" = "2385f1b1-8b4e-4261-8791-2f94686901db:896c44b2-4367-49b0-bbbf-71ea001638c9"
  "instance_id" = "896c44b2-4367-49b0-bbbf-71ea001638c9"
  "locations" = tolist([
    {
      "dns_server_ip" = "10.10.10.4"
      "enabled" = true
      "healthy" = true
      "location_id" = "d67e4d67-d006-4e0c-8cf4-7387885241f0"
      "subnet_crn" = "crn:v1:bluemix:public:is:us-south-1:a/abac0df06b644a9cabc6e44f55b3880e::subnet:0717-75d02d02-1e58-4ae4-b540-9c908c4f9176"
    },
    {
      "dns_server_ip" = "10.20.10.4"
      "enabled" = true
      "healthy" = true
      "location_id" = "674f07fa-05ff-4f85-a372-30a606c33b75"
      "subnet_crn" = "crn:v1:bluemix:public:is:us-south-2:a/abac0df06b644a9cabc6e44f55b3880e::subnet:0727-33caf830-8e5e-4e11-ad2f-1fcdf1fe6fc2"
    },
    {
      "dns_server_ip" = "10.30.10.4"
      "enabled" = true
      "healthy" = true
      "location_id" = "89db9dea-62f1-451b-b309-d50a91e8ba75"
      "subnet_crn" = "crn:v1:bluemix:public:is:us-south-3:a/abac0df06b644a9cabc6e44f55b3880e::subnet:0737-24a6d27b-27ba-4b3a-9a5c-35b7ce786754"
    },
  ])
  "modified_on" = tostring(null)
  "name" = "hns-main1-hub-hub-custom-resolver"
  "profile" = "essential"
  "rules" = tolist([
    {
      "description" = "default forwarding rule"
      "forward_to" = tolist([
        "161.26.0.7",
        "161.26.0.8",
      ])
      "match" = "*"
      "rule_id" = "0ccda83e-414f-4ff4-ace6-9c986effabdc"
      "type" = "default"
      "views" = tolist([])
    },
  ])
  "timeouts" = null /* object */
}
dns_custom_resolver_id = "2385f1b1-8b4e-4261-8791-2f94686901db"
dns_endpoint_gateways_by_spoke_vpc_crn = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
dns_endpoint_gateways_by_spoke_vpc_id = "r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
dns_instance_id = "896c44b2-4367-49b0-bbbf-71ea001638c9"
hub_vpc_crn = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
hub_vpc_id = "r006-17d36659-4450-4fc1-8c7c-2d105460b4de"
spoke_vpc_crn = "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f"
spoke_vpc_id = "r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f"
transit_gateway_crn = "crn:v1:bluemix:public:transit:us-south:a/abac0df06b644a9cabc6e44f55b3880e::gateway:57353a21-3068-4279-94b6-d40c84505fc1"
transit_gateway_id = "57353a21-3068-4279-94b6-d40c84505fc1"
vpc_connection_ids = {
  "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-17d36659-4450-4fc1-8c7c-2d105460b4de" = "adcb0a87-7453-4ffe-af5e-bba046546e9c"
  "crn:v1:bluemix:public:is:us-south:a/abac0df06b644a9cabc6e44f55b3880e::vpc:r006-37ab9d4d-c89e-49fd-a476-6da237f8ed0f" = "cc45ff6c-75a4-4135-886b-2e105f5d0d93"
}

@vburckhardt had discussion on this topic in last week's deep dive and playback to avoid/reduce downtime for the users.

[rajatagarwal-ibm]

/run pipelin

[rajatagarwal-ibm]

/run pipeline

[vburckhardt]

/run pipeline

[ocofaigh]

Please add the release notes - ensure they contain the full details of why this is a breaking change, and what the impact will be, and if any actions can be taken to prevent downtime. Thanks