4 Before proceeding, it is advised to check the release notes for your
5 PowerDNS version, as specified in the name of the distribution file.
7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
9 upgrade notes if your version is older than 3.4.2.
14 - Superslave operation is no longer enabled by default, use :ref:`setting-superslave` to enable. This setting was called ``supermaster`` in some 4.2.0 prereleases.
19 - The :doc:`Generic MySQL backend <backends/generic-mysql>` schema has
20 changed: the ``notified_serial`` column default in the ``domains``
21 table has been changed from ``INT DEFAULT NULL`` to ``INT UNSIGNED
24 - ``ALTER TABLE domains MODIFY notified_serial INT UNSIGNED DEFAULT NULL;``
29 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
30 - ALIAS record expansion is disabled by default, use :ref:`setting-expand-alias` to enable.
31 - *Your LDAP schema might need to be updated*, because new record types
32 have been added (see below) and the ``dNSDomain2`` type has been
34 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
49 - ``experimental-lua-policy-script`` option and the feature itself have
50 been completely dropped. We invite you to use `PowerDNS
51 dnsdist <https://dnsdist.org>`_ instead.
53 - As recursion has been removed from the Authoritative Server, the
54 ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
57 - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm`
58 and only supports a single algorithm name now.
60 - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm`
61 and only supports a single algorithm name now.
66 - The default value of :ref:`setting-webserver-allow-from` has been changed from ``0.0.0.0, ::/0`` to ``127.0.0.1, ::1``.
71 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
72 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
73 ``configure`` now attempts to find the Postgresql client libraries via
74 ``pkg-config``, falling back to detecting ``pg_config``. Use
75 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
76 you have Postgresql installed in a non-default location.
78 The ``--with-libsodium`` configure flag has changed from 'no' to 'auto'.
79 This means that if libsodium and its development header are installed, it will be linked in.
81 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
82 Specifically, it needs `krb5.h` to be installed.
93 - :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
101 No changes have been made to the database schema. However, several
102 superfluous queries have been dropped from the SQL backend. Furthermore,
103 the generic SQL backends switched to prepared statements. If you use a
104 non-standard SQL schema, please review the new defaults.
106 - ``insert-ent-query``, ``insert-empty-non-terminal-query``,
107 ``insert-ent-order-query`` have been replaced by one query named
108 ``insert-empty-non-terminal-order-query``
109 - ``insert-record-order-query`` has been dropped,
110 ``insert-record-query`` now sets the ordername (or NULL)
111 - ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
112 sets the type of zone
117 Several options have been removed or renamed, for the full overview of
118 all options, see :doc:`settings`.
123 The following options have been renamed:
125 - ``experimental-json-interface`` ==> :ref:`setting-api`
126 - ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
127 - ``experimental-api-key`` ==> :ref:`setting-api-key`
128 - ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
129 - ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
130 - ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
131 - ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
136 - :ref:`setting-default-ksk-algorithms`
137 changed from rsasha256 to ecdsa256
138 - :ref:`setting-default-zsk-algorithms`
139 changed from rsasha256 to empty
144 The following options are removed:
146 - ``pipebackend-abi-version``, it now a setting per-pipe backend.
147 - ``strict-rfc-axfrs``
148 - ``send-root-referral``
153 The API path has changed to ``/api/v1``.
155 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
156 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
157 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
158 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
159 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
161 Resource Record Changes
162 ^^^^^^^^^^^^^^^^^^^^^^^
164 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
165 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
166 resource record, which was removed from PowerDNS 4.0. Hence, if you used
167 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
168 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
169 records and will throw an exception on all queries for a label with
170 MBOXFW records. Thus, make sure to clean up the records in the DB.
172 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
173 have a 'priority' field (like MX or SRV), but where one was not in the database.
174 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.