docs/upgrading.rst

   1 Upgrade Notes
   2 =============
   3
   4 Before proceeding, it is advised to check the release notes for your
   5 PowerDNS version, as specified in the name of the distribution file.
   6
   7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
   8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
   9 upgrade notes if your version is older than 3.4.2.
  10
  11 4.0.X to 4.1.0
  12 --------------
  13
  14 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
  15 - ALIAS record expension is disabled by default, use :ref:`setting-expand-alias` to enable.
  16 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
  17
  18   - NSEC3
  19   - NSEC3PARAM
  20   - TLSA
  21   - CDS
  22   - CDNSKEY
  23   - OPENPGPKEY
  24   - TKEY
  25   - URI
  26   - CAA
  27
  28 Changed options
  29 ^^^^^^^^^^^^^^^
  30
  31 -  ``experimental-lua-policy-script`` option and the feature itself have
  32    been completely dropped. We invite you to use `PowerDNS
  33    dnsdist <https://dnsdist.org>`_ instead.
  34
  35 - As recursion has been removed from the Authoritative Server, the
  36   ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
  37   been removed as well.
  38
  39 - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm`
  40   and only supports a single algorithm name now.
  41
  42 - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm`
  43   and only supports a single algorithm name now.
  44
  45 Changed defaults
  46 ~~~~~~~~~~~~~~~~
  47
  48 Other changes
  49 ^^^^^^^^^^^^^
  50
  51 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
  52 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
  53 ``configure`` now attempts to find the Postgresql client libraries via
  54 ``pkg-config``, falling back to detecting ``pg_config``. Use
  55 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
  56 you have Postgresql installed in a non-default location.
  57
  58 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
  59 Specifically, it needs `krb5.h` to be installed.
  60
  61 4.0.X to 4.0.2
  62 --------------
  63
  64 Changed options
  65 ^^^^^^^^^^^^^^^
  66
  67 Changed defaults
  68 ~~~~~~~~~~~~~~~~
  69
  70 -  :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
  71
  72 3.4.X to 4.0.0
  73 --------------
  74
  75 Database changes
  76 ^^^^^^^^^^^^^^^^
  77
  78 No changes have been made to the database schema. However, several
  79 superfluous queries have been dropped from the SQL backend. Furthermore,
  80 the generic SQL backends switched to prepared statements. If you use a
  81 non-standard SQL schema, please review the new defaults.
  82
  83 -  ``insert-ent-query``, ``insert-empty-non-terminal-query``,
  84    ``insert-ent-order-query`` have been replaced by one query named
  85    ``insert-empty-non-terminal-order-query``
  86 -  ``insert-record-order-query`` has been dropped,
  87    ``insert-record-query`` now sets the ordername (or NULL)
  88 -  ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
  89    sets the type of zone
  90
  91 Changed options
  92 ^^^^^^^^^^^^^^^
  93
  94 Several options have been removed or renamed, for the full overview of
  95 all options, see :doc:`settings`.
  96
  97 Renamed options
  98 ~~~~~~~~~~~~~~~
  99
 100 The following options have been renamed:
 101
 102 -  ``experimental-json-interface`` ==> :ref:`setting-api`
 103 -  ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
 104 -  ``experimental-api-key`` ==> :ref:`setting-api-key`
 105 -  ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
 106 -  ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
 107 -  ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
 108 -  ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
 109
 110 Changed defaults
 111 ~~~~~~~~~~~~~~~~
 112
 113 -  :ref:`setting-default-ksk-algorithms`
 114    changed from rsasha256 to ecdsa256
 115 -  :ref:`setting-default-zsk-algorithms`
 116    changed from rsasha256 to empty
 117
 118 Removed options
 119 ~~~~~~~~~~~~~~~
 120
 121 The following options are removed:
 122
 123 -  ``pipebackend-abi-version``, it now a setting per-pipe backend.
 124 -  ``strict-rfc-axfrs``
 125 -  ``send-root-referral``
 126
 127 API
 128 ^^^
 129
 130 The API path has changed to ``/api/v1``.
 131
 132 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
 133 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
 134 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
 135 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
 136 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
 137
 138 Resource Record Changes
 139 ^^^^^^^^^^^^^^^^^^^^^^^
 140
 141 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
 142 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
 143 resource record, which was removed from PowerDNS 4.0. Hence, if you used
 144 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
 145 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
 146 records and will throw an exception on all queries for a label with
 147 MBOXFW records. Thus, make sure to clean up the records in the DB.
 148
 149 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
 150 have a 'priority' field (like MX or SRV), but where one was not in the database.
 151 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.