4 Before proceeding, it is advised to check the release notes for your
5 PowerDNS version, as specified in the name of the distribution file.
7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
9 upgrade notes if your version is older than 3.4.2.
14 - Superslave operation is no longer enabled by default, use :ref:`setting-superslave` to enable. This setting was called ``supermaster`` in some 4.2.0 prereleases.
15 - The gsqlite3 backend, and the DNSSEC database for the BIND backend, have a new journal-mode setting. This setting defaults to `WAL <https://www.sqlite.org/wal.html>`_; older versions of PowerDNS did not set the journal mode, which means they used the SQLite default of DELETE.
20 - The :doc:`Generic MySQL backend <backends/generic-mysql>` schema has
21 changed: the ``notified_serial`` column default in the ``domains``
22 table has been changed from ``INT DEFAULT NULL`` to ``INT UNSIGNED
25 - ``ALTER TABLE domains MODIFY notified_serial INT UNSIGNED DEFAULT NULL;``
30 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
31 - ALIAS record expansion is disabled by default, use :ref:`setting-expand-alias` to enable.
32 - *Your LDAP schema might need to be updated*, because new record types
33 have been added (see below) and the ``dNSDomain2`` type has been
35 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
50 - ``experimental-lua-policy-script`` option and the feature itself have
51 been completely dropped. We invite you to use `PowerDNS
52 dnsdist <https://dnsdist.org>`_ instead.
54 - As recursion has been removed from the Authoritative Server, the
55 ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
58 - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm`
59 and only supports a single algorithm name now.
61 - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm`
62 and only supports a single algorithm name now.
67 - The default value of :ref:`setting-webserver-allow-from` has been changed from ``0.0.0.0, ::/0`` to ``127.0.0.1, ::1``.
72 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
73 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
74 ``configure`` now attempts to find the Postgresql client libraries via
75 ``pkg-config``, falling back to detecting ``pg_config``. Use
76 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
77 you have Postgresql installed in a non-default location.
79 The ``--with-libsodium`` configure flag has changed from 'no' to 'auto'.
80 This means that if libsodium and its development header are installed, it will be linked in.
82 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
83 Specifically, it needs `krb5.h` to be installed.
94 - :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
102 No changes have been made to the database schema. However, several
103 superfluous queries have been dropped from the SQL backend. Furthermore,
104 the generic SQL backends switched to prepared statements. If you use a
105 non-standard SQL schema, please review the new defaults.
107 - ``insert-ent-query``, ``insert-empty-non-terminal-query``,
108 ``insert-ent-order-query`` have been replaced by one query named
109 ``insert-empty-non-terminal-order-query``
110 - ``insert-record-order-query`` has been dropped,
111 ``insert-record-query`` now sets the ordername (or NULL)
112 - ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
113 sets the type of zone
118 Several options have been removed or renamed, for the full overview of
119 all options, see :doc:`settings`.
124 The following options have been renamed:
126 - ``experimental-json-interface`` ==> :ref:`setting-api`
127 - ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
128 - ``experimental-api-key`` ==> :ref:`setting-api-key`
129 - ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
130 - ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
131 - ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
132 - ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
137 - :ref:`setting-default-ksk-algorithms`
138 changed from rsasha256 to ecdsa256
139 - :ref:`setting-default-zsk-algorithms`
140 changed from rsasha256 to empty
145 The following options are removed:
147 - ``pipebackend-abi-version``, it now a setting per-pipe backend.
148 - ``strict-rfc-axfrs``
149 - ``send-root-referral``
154 The API path has changed to ``/api/v1``.
156 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
157 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
158 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
159 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
160 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
162 Resource Record Changes
163 ^^^^^^^^^^^^^^^^^^^^^^^
165 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
166 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
167 resource record, which was removed from PowerDNS 4.0. Hence, if you used
168 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
169 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
170 records and will throw an exception on all queries for a label with
171 MBOXFW records. Thus, make sure to clean up the records in the DB.
173 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
174 have a 'priority' field (like MX or SRV), but where one was not in the database.
175 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.