docs/upgrading.rst

   1 Upgrade Notes
   2 =============
   3
   4 Before proceeding, it is advised to check the release notes for your
   5 PowerDNS version, as specified in the name of the distribution file.
   6
   7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
   8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
   9 upgrade notes if your version is older than 3.4.2.
  10
  11 4.1.X to 4.2.0
  12 --------------
  13
  14 - Superslave operation is no longer enabled by default, use :ref:`setting-superslave` to enable. This setting was called ``supermaster`` in some 4.2.0 prereleases.
  15 - The gsqlite3 backend, and the DNSSEC database for the BIND backend, have a new journal-mode setting. This setting defaults to `WAL <https://www.sqlite.org/wal.html>`_; older versions of PowerDNS did not set the journal mode, which means they used the SQLite default of DELETE.
  16
  17 4.1.0 to 4.1.1
  18 --------------
  19
  20 - The :doc:`Generic MySQL backend <backends/generic-mysql>` schema has
  21   changed: the ``notified_serial`` column default in the ``domains``
  22   table has been changed from ``INT DEFAULT NULL`` to ``INT UNSIGNED
  23   DEFAULT NULL``:
  24
  25   - ``ALTER TABLE domains MODIFY notified_serial INT UNSIGNED DEFAULT NULL;``
  26
  27 4.0.X to 4.1.0
  28 --------------
  29
  30 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
  31 - ALIAS record expansion is disabled by default, use :ref:`setting-expand-alias` to enable.
  32 - *Your LDAP schema might need to be updated*, because new record types
  33   have been added (see below) and the ``dNSDomain2`` type has been
  34   changed.
  35 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
  36
  37   - NSEC3
  38   - NSEC3PARAM
  39   - TLSA
  40   - CDS
  41   - CDNSKEY
  42   - OPENPGPKEY
  43   - TKEY
  44   - URI
  45   - CAA
  46
  47 Changed options
  48 ^^^^^^^^^^^^^^^
  49
  50 -  ``experimental-lua-policy-script`` option and the feature itself have
  51    been completely dropped. We invite you to use `PowerDNS
  52    dnsdist <https://dnsdist.org>`_ instead.
  53
  54 - As recursion has been removed from the Authoritative Server, the
  55   ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
  56   been removed as well.
  57
  58 - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm`
  59   and only supports a single algorithm name now.
  60
  61 - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm`
  62   and only supports a single algorithm name now.
  63
  64 Changed defaults
  65 ~~~~~~~~~~~~~~~~
  66
  67 - The default value of :ref:`setting-webserver-allow-from` has been changed from ``0.0.0.0, ::/0`` to ``127.0.0.1, ::1``.
  68
  69 Other changes
  70 ^^^^^^^^^^^^^
  71
  72 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
  73 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
  74 ``configure`` now attempts to find the Postgresql client libraries via
  75 ``pkg-config``, falling back to detecting ``pg_config``. Use
  76 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
  77 you have Postgresql installed in a non-default location.
  78
  79 The ``--with-libsodium`` configure flag has changed from 'no' to 'auto'.
  80 This means that if libsodium and its development header are installed, it will be linked in.
  81
  82 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
  83 Specifically, it needs `krb5.h` to be installed.
  84
  85 4.0.X to 4.0.2
  86 --------------
  87
  88 Changed options
  89 ^^^^^^^^^^^^^^^
  90
  91 Changed defaults
  92 ~~~~~~~~~~~~~~~~
  93
  94 -  :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
  95
  96 3.4.X to 4.0.0
  97 --------------
  98
  99 Database changes
 100 ^^^^^^^^^^^^^^^^
 101
 102 No changes have been made to the database schema. However, several
 103 superfluous queries have been dropped from the SQL backend. Furthermore,
 104 the generic SQL backends switched to prepared statements. If you use a
 105 non-standard SQL schema, please review the new defaults.
 106
 107 -  ``insert-ent-query``, ``insert-empty-non-terminal-query``,
 108    ``insert-ent-order-query`` have been replaced by one query named
 109    ``insert-empty-non-terminal-order-query``
 110 -  ``insert-record-order-query`` has been dropped,
 111    ``insert-record-query`` now sets the ordername (or NULL)
 112 -  ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
 113    sets the type of zone
 114
 115 Changed options
 116 ^^^^^^^^^^^^^^^
 117
 118 Several options have been removed or renamed, for the full overview of
 119 all options, see :doc:`settings`.
 120
 121 Renamed options
 122 ~~~~~~~~~~~~~~~
 123
 124 The following options have been renamed:
 125
 126 -  ``experimental-json-interface`` ==> :ref:`setting-api`
 127 -  ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
 128 -  ``experimental-api-key`` ==> :ref:`setting-api-key`
 129 -  ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
 130 -  ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
 131 -  ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
 132 -  ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
 133
 134 Changed defaults
 135 ~~~~~~~~~~~~~~~~
 136
 137 -  :ref:`setting-default-ksk-algorithms`
 138    changed from rsasha256 to ecdsa256
 139 -  :ref:`setting-default-zsk-algorithms`
 140    changed from rsasha256 to empty
 141
 142 Removed options
 143 ~~~~~~~~~~~~~~~
 144
 145 The following options are removed:
 146
 147 -  ``pipebackend-abi-version``, it now a setting per-pipe backend.
 148 -  ``strict-rfc-axfrs``
 149 -  ``send-root-referral``
 150
 151 API
 152 ^^^
 153
 154 The API path has changed to ``/api/v1``.
 155
 156 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
 157 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
 158 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
 159 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
 160 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
 161
 162 Resource Record Changes
 163 ^^^^^^^^^^^^^^^^^^^^^^^
 164
 165 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
 166 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
 167 resource record, which was removed from PowerDNS 4.0. Hence, if you used
 168 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
 169 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
 170 records and will throw an exception on all queries for a label with
 171 MBOXFW records. Thus, make sure to clean up the records in the DB.
 172
 173 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
 174 have a 'priority' field (like MX or SRV), but where one was not in the database.
 175 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.