docs/upgrading.rst

   1 Upgrade Notes
   2 =============
   3
   4 Before proceeding, it is advised to check the release notes for your
   5 PowerDNS version, as specified in the name of the distribution file.
   6
   7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
   8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
   9 upgrade notes if your version is older than 3.4.2.
  10
  11 4.0.X to 4.1.0
  12 --------------
  13
  14 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
  15 - ALIAS record expension is disabled by default, use :ref:`setting-expand-alias` to enable.
  16 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
  17
  18   - NSEC3
  19   - NSEC3PARAM
  20   - TLSA
  21   - CDS
  22   - CDNSKEY
  23   - OPENPGPKEY
  24   - TKEY
  25   - URI
  26   - CAA
  27
  28 Changed options
  29 ^^^^^^^^^^^^^^^
  30
  31 -  ``experimental-lua-policy-script`` option and the feature itself have
  32    been completely dropped. We invite you to use `PowerDNS
  33    dnsdist <https://dnsdist.org>`_ instead.
  34
  35 - As recursion has been removed from the Authoritative Server, the
  36   ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
  37   been removed as well.
  38
  39 Changed defaults
  40 ~~~~~~~~~~~~~~~~
  41
  42 Other changes
  43 ^^^^^^^^^^^^^
  44
  45 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
  46 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
  47 ``configure`` now attempts to find the Postgresql client libraries via
  48 ``pkg-config``, falling back to detecting ``pg_config``. Use
  49 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
  50 you have Postgresql installed in a non-default location.
  51
  52 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
  53 Specifically, it needs `krb5.h` to be installed.
  54
  55 4.0.X to 4.0.2
  56 --------------
  57
  58 Changed options
  59 ^^^^^^^^^^^^^^^
  60
  61 Changed defaults
  62 ~~~~~~~~~~~~~~~~
  63
  64 -  :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
  65
  66 3.4.X to 4.0.0
  67 --------------
  68
  69 Database changes
  70 ^^^^^^^^^^^^^^^^
  71
  72 No changes have been made to the database schema. However, several
  73 superfluous queries have been dropped from the SQL backend. Furthermore,
  74 the generic SQL backends switched to prepared statements. If you use a
  75 non-standard SQL schema, please review the new defaults.
  76
  77 -  ``insert-ent-query``, ``insert-empty-non-terminal-query``,
  78    ``insert-ent-order-query`` have been replaced by one query named
  79    ``insert-empty-non-terminal-order-query``
  80 -  ``insert-record-order-query`` has been dropped,
  81    ``insert-record-query`` now sets the ordername (or NULL)
  82 -  ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
  83    sets the type of zone
  84
  85 Changed options
  86 ^^^^^^^^^^^^^^^
  87
  88 Several options have been removed or renamed, for the full overview of
  89 all options, see :doc:`settings`.
  90
  91 Renamed options
  92 ~~~~~~~~~~~~~~~
  93
  94 The following options have been renamed:
  95
  96 -  ``experimental-json-interface`` ==> :ref:`setting-api`
  97 -  ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
  98 -  ``experimental-api-key`` ==> :ref:`setting-api-key`
  99 -  ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
 100 -  ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
 101 -  ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
 102 -  ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
 103
 104 Changed defaults
 105 ~~~~~~~~~~~~~~~~
 106
 107 -  :ref:`setting-default-ksk-algorithms`
 108    changed from rsasha256 to ecdsa256
 109 -  :ref:`setting-default-zsk-algorithms`
 110    changed from rsasha256 to empty
 111
 112 Removed options
 113 ~~~~~~~~~~~~~~~
 114
 115 The following options are removed:
 116
 117 -  ``pipebackend-abi-version``, it now a setting per-pipe backend.
 118 -  ``strict-rfc-axfrs``
 119 -  ``send-root-referral``
 120
 121 API
 122 ^^^
 123
 124 The API path has changed to ``/api/v1``.
 125
 126 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
 127 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
 128 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
 129 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
 130 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
 131
 132 Resource Record Changes
 133 ^^^^^^^^^^^^^^^^^^^^^^^
 134
 135 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
 136 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
 137 resource record, which was removed from PowerDNS 4.0. Hence, if you used
 138 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
 139 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
 140 records and will throw an exception on all queries for a label with
 141 MBOXFW records. Thus, make sure to clean up the records in the DB.
 142
 143 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
 144 have a 'priority' field (like MX or SRV), but where one was not in the database.
 145 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.