]>
Commit | Line | Data |
---|---|---|
0e2063c3 PL |
1 | Upgrade Notes |
2 | ============= | |
3 | ||
4 | Before proceeding, it is advised to check the release notes for your | |
5 | PowerDNS version, as specified in the name of the distribution file. | |
6 | ||
7 | Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+. | |
8 | See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__ | |
9 | upgrade notes if your version is older than 3.4.2. | |
10 | ||
1346a21e EW |
11 | 4.1.0 to 4.1.1 |
12 | -------------- | |
13 | ||
14 | - The :doc:`Generic MySQL backend <backends/generic-mysql>` schema has | |
15 | changed: the ``notified_serial`` column default in the ``domains`` | |
16 | table has been changed from ``INT DEFAULT NULL`` to ``INT UNSIGNED | |
17 | DEFAULT NULL``: | |
18 | ||
19 | - ``ALTER TABLE domains MODIFY notified_serial INT UNSIGNED DEFAULT NULL;`` | |
20 | ||
0e2063c3 PL |
21 | 4.0.X to 4.1.0 |
22 | -------------- | |
23 | ||
22544d28 | 24 | - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`. |
7a88a92f | 25 | - ALIAS record expansion is disabled by default, use :ref:`setting-expand-alias` to enable. |
bab2a886 EW |
26 | - *Your LDAP schema might need to be updated*, because new record types |
27 | have been added (see below) and the ``dNSDomain2`` type has been | |
28 | changed. | |
22544d28 PL |
29 | - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types |
30 | ||
31 | - NSEC3 | |
32 | - NSEC3PARAM | |
33 | - TLSA | |
34 | - CDS | |
35 | - CDNSKEY | |
36 | - OPENPGPKEY | |
37 | - TKEY | |
38 | - URI | |
39 | - CAA | |
0e2063c3 PL |
40 | |
41 | Changed options | |
42 | ^^^^^^^^^^^^^^^ | |
43 | ||
44 | - ``experimental-lua-policy-script`` option and the feature itself have | |
10200e92 PL |
45 | been completely dropped. We invite you to use `PowerDNS |
46 | dnsdist <https://dnsdist.org>`_ instead. | |
0e2063c3 | 47 | |
621f5105 PL |
48 | - As recursion has been removed from the Authoritative Server, the |
49 | ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have | |
50 | been removed as well. | |
51 | ||
c01b3507 PL |
52 | - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm` |
53 | and only supports a single algorithm name now. | |
54 | ||
55 | - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm` | |
56 | and only supports a single algorithm name now. | |
57 | ||
0e2063c3 PL |
58 | Changed defaults |
59 | ~~~~~~~~~~~~~~~~ | |
60 | ||
ef75af13 EW |
61 | - The default value of :ref:`setting-webserver-allow-from` has been changed from ``0.0.0.0, ::/0`` to ``127.0.0.1, ::1``. |
62 | ||
0e2063c3 PL |
63 | Other changes |
64 | ^^^^^^^^^^^^^ | |
65 | ||
66 | The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes`` | |
67 | and ``--with-pgsql-config`` ``configure`` options have been deprecated. | |
68 | ``configure`` now attempts to find the Postgresql client libraries via | |
69 | ``pkg-config``, falling back to detecting ``pg_config``. Use | |
70 | ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if | |
71 | you have Postgresql installed in a non-default location. | |
72 | ||
cb264691 | 73 | The ``--with-libsodium`` configure flag has changed from 'no' to 'auto'. |
67f12ad9 PL |
74 | This means that if libsodium and its development header are installed, it will be linked in. |
75 | ||
d001d2e4 PL |
76 | The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed. |
77 | Specifically, it needs `krb5.h` to be installed. | |
78 | ||
0e2063c3 PL |
79 | 4.0.X to 4.0.2 |
80 | -------------- | |
81 | ||
82 | Changed options | |
83 | ^^^^^^^^^^^^^^^ | |
84 | ||
85 | Changed defaults | |
86 | ~~~~~~~~~~~~~~~~ | |
87 | ||
88 | - :ref:`setting-any-to-tcp` changed from ``no`` to ``yes`` | |
89 | ||
90 | 3.4.X to 4.0.0 | |
91 | -------------- | |
92 | ||
93 | Database changes | |
94 | ^^^^^^^^^^^^^^^^ | |
95 | ||
96 | No changes have been made to the database schema. However, several | |
97 | superfluous queries have been dropped from the SQL backend. Furthermore, | |
98 | the generic SQL backends switched to prepared statements. If you use a | |
99 | non-standard SQL schema, please review the new defaults. | |
100 | ||
101 | - ``insert-ent-query``, ``insert-empty-non-terminal-query``, | |
102 | ``insert-ent-order-query`` have been replaced by one query named | |
103 | ``insert-empty-non-terminal-order-query`` | |
104 | - ``insert-record-order-query`` has been dropped, | |
105 | ``insert-record-query`` now sets the ordername (or NULL) | |
106 | - ``insert-slave-query`` has been dropped, ``insert-zone-query`` now | |
107 | sets the type of zone | |
108 | ||
109 | Changed options | |
110 | ^^^^^^^^^^^^^^^ | |
111 | ||
112 | Several options have been removed or renamed, for the full overview of | |
113 | all options, see :doc:`settings`. | |
114 | ||
115 | Renamed options | |
116 | ~~~~~~~~~~~~~~~ | |
117 | ||
118 | The following options have been renamed: | |
119 | ||
120 | - ``experimental-json-interface`` ==> :ref:`setting-api` | |
121 | - ``experimental-api-readonly`` ==> :ref:`setting-api-readonly` | |
122 | - ``experimental-api-key`` ==> :ref:`setting-api-key` | |
123 | - ``experimental-dname-processing`` ==> :ref:`setting-dname-processing` | |
124 | - ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate` | |
125 | - ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from` | |
126 | - ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate` | |
127 | ||
128 | Changed defaults | |
129 | ~~~~~~~~~~~~~~~~ | |
130 | ||
131 | - :ref:`setting-default-ksk-algorithms` | |
132 | changed from rsasha256 to ecdsa256 | |
133 | - :ref:`setting-default-zsk-algorithms` | |
134 | changed from rsasha256 to empty | |
135 | ||
136 | Removed options | |
137 | ~~~~~~~~~~~~~~~ | |
138 | ||
139 | The following options are removed: | |
140 | ||
141 | - ``pipebackend-abi-version``, it now a setting per-pipe backend. | |
142 | - ``strict-rfc-axfrs`` | |
143 | - ``send-root-referral`` | |
144 | ||
145 | API | |
146 | ^^^ | |
147 | ||
148 | The API path has changed to ``/api/v1``. | |
149 | ||
150 | Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE`` | |
151 | instead of ``SOA-EDIT`` (incl. the fact that it now has a default value | |
152 | of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata | |
153 | (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and | |
154 | ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour). | |
155 | ||
156 | Resource Record Changes | |
157 | ^^^^^^^^^^^^^^^^^^^^^^^ | |
158 | ||
159 | Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported. | |
160 | Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW | |
161 | resource record, which was removed from PowerDNS 4.0. Hence, if you used | |
162 | CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but | |
163 | worked fine) and upgrade to 4.0, PowerDNS will fail to parse this | |
164 | records and will throw an exception on all queries for a label with | |
165 | MBOXFW records. Thus, make sure to clean up the records in the DB. | |
17f0bbcf PL |
166 | |
167 | In version 3.X, the PowerDNS Authoritative Server silently ignored records that | |
168 | have a 'priority' field (like MX or SRV), but where one was not in the database. | |
169 | In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this. |