docs/upgrading.rst

   1 Upgrade Notes
   2 =============
   3
   4 Before proceeding, it is advised to check the release notes for your
   5 PowerDNS version, as specified in the name of the distribution file.
   6
   7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
   8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
   9 upgrade notes if your version is older than 3.4.2.
  10
  11 4.1.X to 4.2.0
  12 --------------
  13
  14 - Superslave operation is no longer enabled by default, use :ref:`setting-superslave` to enable. This setting was called ``supermaster`` in some 4.2.0 prereleases.
  15
  16 4.1.0 to 4.1.1
  17 --------------
  18
  19 - The :doc:`Generic MySQL backend <backends/generic-mysql>` schema has
  20   changed: the ``notified_serial`` column default in the ``domains``
  21   table has been changed from ``INT DEFAULT NULL`` to ``INT UNSIGNED
  22   DEFAULT NULL``:
  23
  24   - ``ALTER TABLE domains MODIFY notified_serial INT UNSIGNED DEFAULT NULL;``
  25
  26 4.0.X to 4.1.0
  27 --------------
  28
  29 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
  30 - ALIAS record expansion is disabled by default, use :ref:`setting-expand-alias` to enable.
  31 - *Your LDAP schema might need to be updated*, because new record types
  32   have been added (see below) and the ``dNSDomain2`` type has been
  33   changed.
  34 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
  35
  36   - NSEC3
  37   - NSEC3PARAM
  38   - TLSA
  39   - CDS
  40   - CDNSKEY
  41   - OPENPGPKEY
  42   - TKEY
  43   - URI
  44   - CAA
  45
  46 Changed options
  47 ^^^^^^^^^^^^^^^
  48
  49 -  ``experimental-lua-policy-script`` option and the feature itself have
  50    been completely dropped. We invite you to use `PowerDNS
  51    dnsdist <https://dnsdist.org>`_ instead.
  52
  53 - As recursion has been removed from the Authoritative Server, the
  54   ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
  55   been removed as well.
  56
  57 - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm`
  58   and only supports a single algorithm name now.
  59
  60 - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm`
  61   and only supports a single algorithm name now.
  62
  63 Changed defaults
  64 ~~~~~~~~~~~~~~~~
  65
  66 - The default value of :ref:`setting-webserver-allow-from` has been changed from ``0.0.0.0, ::/0`` to ``127.0.0.1, ::1``.
  67
  68 Other changes
  69 ^^^^^^^^^^^^^
  70
  71 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
  72 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
  73 ``configure`` now attempts to find the Postgresql client libraries via
  74 ``pkg-config``, falling back to detecting ``pg_config``. Use
  75 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
  76 you have Postgresql installed in a non-default location.
  77
  78 The ``--with-libsodium`` configure flag has changed from 'no' to 'auto'.
  79 This means that if libsodium and its development header are installed, it will be linked in.
  80
  81 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
  82 Specifically, it needs `krb5.h` to be installed.
  83
  84 4.0.X to 4.0.2
  85 --------------
  86
  87 Changed options
  88 ^^^^^^^^^^^^^^^
  89
  90 Changed defaults
  91 ~~~~~~~~~~~~~~~~
  92
  93 -  :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
  94
  95 3.4.X to 4.0.0
  96 --------------
  97
  98 Database changes
  99 ^^^^^^^^^^^^^^^^
 100
 101 No changes have been made to the database schema. However, several
 102 superfluous queries have been dropped from the SQL backend. Furthermore,
 103 the generic SQL backends switched to prepared statements. If you use a
 104 non-standard SQL schema, please review the new defaults.
 105
 106 -  ``insert-ent-query``, ``insert-empty-non-terminal-query``,
 107    ``insert-ent-order-query`` have been replaced by one query named
 108    ``insert-empty-non-terminal-order-query``
 109 -  ``insert-record-order-query`` has been dropped,
 110    ``insert-record-query`` now sets the ordername (or NULL)
 111 -  ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
 112    sets the type of zone
 113
 114 Changed options
 115 ^^^^^^^^^^^^^^^
 116
 117 Several options have been removed or renamed, for the full overview of
 118 all options, see :doc:`settings`.
 119
 120 Renamed options
 121 ~~~~~~~~~~~~~~~
 122
 123 The following options have been renamed:
 124
 125 -  ``experimental-json-interface`` ==> :ref:`setting-api`
 126 -  ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
 127 -  ``experimental-api-key`` ==> :ref:`setting-api-key`
 128 -  ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
 129 -  ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
 130 -  ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
 131 -  ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
 132
 133 Changed defaults
 134 ~~~~~~~~~~~~~~~~
 135
 136 -  :ref:`setting-default-ksk-algorithms`
 137    changed from rsasha256 to ecdsa256
 138 -  :ref:`setting-default-zsk-algorithms`
 139    changed from rsasha256 to empty
 140
 141 Removed options
 142 ~~~~~~~~~~~~~~~
 143
 144 The following options are removed:
 145
 146 -  ``pipebackend-abi-version``, it now a setting per-pipe backend.
 147 -  ``strict-rfc-axfrs``
 148 -  ``send-root-referral``
 149
 150 API
 151 ^^^
 152
 153 The API path has changed to ``/api/v1``.
 154
 155 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
 156 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
 157 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
 158 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
 159 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
 160
 161 Resource Record Changes
 162 ^^^^^^^^^^^^^^^^^^^^^^^
 163
 164 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
 165 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
 166 resource record, which was removed from PowerDNS 4.0. Hence, if you used
 167 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
 168 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
 169 records and will throw an exception on all queries for a label with
 170 MBOXFW records. Thus, make sure to clean up the records in the DB.
 171
 172 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
 173 have a 'priority' field (like MX or SRV), but where one was not in the database.
 174 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.