diff --git a/.ci/magician/github/membership.go b/.ci/magician/github/membership.go
index 4a3f34fe103f..d975f74edf2d 100644
--- a/.ci/magician/github/membership.go
+++ b/.ci/magician/github/membership.go
@@ -66,11 +66,16 @@ var (
 			id:        "SarahFrench",
 			startDate: newDate(2024, 4, 20, bstLoc),
 			endDate:   newDate(2024, 4, 23, bstLoc),
-    },
-    {
-	  		id: "slevenick",
-	 	  	startDate: newDate(2024, 4, 20, pdtLoc),
-	  		endDate: newDate(2024, 4, 27, pdtLoc),
+		},
+		{
+			id:        "slevenick",
+			startDate: newDate(2024, 4, 20, pdtLoc),
+			endDate:   newDate(2024, 4, 27, pdtLoc),
+		},
+		{
+			id:        "ScottSuarez",
+			startDate: newDate(2024, 4, 30, pdtLoc),
+			endDate:   newDate(2024, 7, 31, pdtLoc),
 		},
 	}
 )
diff --git a/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go b/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go
index 58802e8ac510..177ece5f1c0f 100644
--- a/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go
+++ b/mmv1/third_party/terraform/services/dns/resource_dns_record_set.go
@@ -457,14 +457,17 @@ func resourceDnsRecordSetDelete(d *schema.ResourceData, meta interface{}) error
 
 	zone := d.Get("managed_zone").(string)
 
-	// NS records must always have a value, so we short-circuit delete
-	// this allows terraform delete to work, but may have unexpected
-	// side-effects when deleting just that record set.
+	// NS and SOA records on the root zone must always have a value,
+	// so we short-circuit delete this allows terraform delete to work,
+	// but may have unexpected side-effects when deleting just that
+	// record set.
 	// Unfortunately, you can set NS records on subdomains, and those
 	// CAN and MUST be deleted, so we need to retrieve the managed zone,
 	// check if what we're looking at is a subdomain, and only not delete
 	// if it's not actually a subdomain
-	if d.Get("type").(string) == "NS" {
+	// This does not apply to SOA, as they can only be set on the root
+	// zone.
+	if d.Get("type").(string) == "NS" || d.Get("type").(string) == "SOA" {
 		mz, err := config.NewDnsClient(userAgent).ManagedZones.Get(project, zone).Do()
 		if err != nil {
 			return fmt.Errorf("Error retrieving managed zone %q from %q: %s", zone, project, err)
@@ -472,7 +475,7 @@ func resourceDnsRecordSetDelete(d *schema.ResourceData, meta interface{}) error
 		domain := mz.DnsName
 
 		if domain == d.Get("name").(string) {
-			log.Println("[DEBUG] NS records can't be deleted due to API restrictions, so they're being left in place. See https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set for more information.")
+			log.Printf("[DEBUG] root-level %s records can't be deleted due to API restrictions, so they're being left in place. See https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/dns_record_set for more information.\n", d.Get("type").(string))
 			return nil
 		}
 	}
diff --git a/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.erb b/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.erb
index 4255d51eeb4e..51fd7c52cb64 100644
--- a/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.erb
+++ b/mmv1/third_party/terraform/services/dns/resource_dns_record_set_test.go.erb
@@ -208,6 +208,30 @@ func TestAccDNSRecordSet_secondaryNS(t *testing.T) {
 	})
 }
 
+// tracks fix for https://github.com/hashicorp/terraform-provider-google/issues/12827
+func TestAccDNSRecordSet_deletionSOA(t *testing.T) {
+	t.Parallel()
+
+	zoneName := fmt.Sprintf("dnszone-test-soa-%s", acctest.RandString(t, 10))
+	recordSetName := "google_dns_managed_zone.parent-zone.dns_name"
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDnsRecordSetDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDnsRecordSet_SOA(zoneName, recordSetName, 300),
+			},
+			{
+				ResourceName:      "google_dns_record_set.foobar",
+				ImportStateId:     fmt.Sprintf("projects/%s/managedZones/%s/rrsets/%s.hashicorptest.com./SOA", envvar.GetTestProjectFromEnv(), zoneName, zoneName),
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccDNSRecordSet_quotedTXT(t *testing.T) {
 	t.Parallel()
 
@@ -679,6 +703,25 @@ resource "google_dns_record_set" "foobar" {
 `, zoneName, zoneName, zoneName, ttl)
 }
 
+
+func testAccDnsRecordSet_SOA(name string, recordSetName string, ttl int) string {
+	return fmt.Sprintf(`
+resource "google_dns_managed_zone" "parent-zone" {
+  name        = "%s"
+  dns_name    = "%s.hashicorptest.com."
+  description = "Test Description"
+}
+
+resource "google_dns_record_set" "foobar" {
+  managed_zone = google_dns_managed_zone.parent-zone.name
+  name         = %s
+  type         = "SOA"
+  rrdatas      = ["ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 629010464 900 900 1800 60"]
+  ttl          = %d
+}
+`, name, name, recordSetName, ttl)
+}
+
 func testAccDnsRecordSet_quotedTXT(name string, ttl int) string {
 	return fmt.Sprintf(`
 resource "google_dns_managed_zone" "parent-zone" {
diff --git a/mmv1/third_party/terraform/website/docs/r/compute_router_peer.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_router_peer.html.markdown
index 4158ff29de73..74f0ee690560 100644
--- a/mmv1/third_party/terraform/website/docs/r/compute_router_peer.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/compute_router_peer.html.markdown
@@ -183,6 +183,25 @@ resource "google_compute_router_peer" "peer" {
 }
 ```
 
+## Example Usage - Router Peer md5 authentication key
+
+
+```hcl
+  resource "google_compute_router_peer" "foobar" {
+    name                      = "%s-peer"
+    router                    = google_compute_router.foobar.name
+    region                    = google_compute_router.foobar.region
+    peer_asn                  = 65515
+    advertised_route_priority = 100
+    interface                 = google_compute_router_interface.foobar.name
+    peer_ip_address           = "169.254.3.2"
+    md5_authentication_key {
+      name = "%s-peer-key"
+      key = "%s-peer-key-value"
+    }
+  }
+```
+
 ## Argument Reference
 
 The following arguments are supported:
@@ -316,6 +335,8 @@ The following arguments are supported:
 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.
 
+* `md5_authentication_key` - (Optional) Configuration for MD5 authentication on the BGP session.
+  Structure is [documented below](#nested_md5_authentication_key).
 
 <a name="nested_advertised_ip_ranges"></a>The `advertised_ip_ranges` block supports:
 
@@ -361,6 +382,16 @@ The following arguments are supported:
   BFD declares that a peer is unavailable. If set, the value must
   be a value between 5 and 16.
 
+<a name="nested_md5_authentication_key"></a>The `md5_authentication_key` block supports:
+
+* `name` -
+  (Required)
+  Name used to identify the key. Must be unique within a router. Must comply with RFC1035.
+
+* `key` -
+  (Required, Input Only)
+  The MD5 authentication key for this BGP peer. Maximum length is 80 characters. Can only contain printable ASCII characters
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported:
diff --git a/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown b/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown
index d2612690ab08..a71c25e1d598 100644
--- a/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/dns_record_set.html.markdown
@@ -9,7 +9,7 @@ description: |-
 Manages a set of DNS records within Google Cloud DNS. For more information see [the official documentation](https://cloud.google.com/dns/records/) and
 [API](https://cloud.google.com/dns/api/v1/resourceRecordSets).
 
-~> **Note:** The provider treats this resource as an authoritative record set. This means existing records (including the default records) for the given type will be overwritten when you create this resource in Terraform. In addition, the Google Cloud DNS API requires NS records to be present at all times, so Terraform will not actually remove NS records during destroy but will report that it did.
+~> **Note:** The provider treats this resource as an authoritative record set. This means existing records (including the default records) for the given type will be overwritten when you create this resource in Terraform. In addition, the Google Cloud DNS API requires NS and SOA records to be present at all times, so Terraform will not actually remove NS or SOA records on the root of the zone during destroy but will report that it did.
 
 ## Example Usage