Upgrade guide for rec-4.3

diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst
index bfd5fb5c688563347b65c7821a8a02056b6381a1..4283b95a09162a823cae1f99ff2162be83ae1754 100644 (file)
--- a/pdns/recursordist/docs/settings.rst
+++ b/pdns/recursordist/docs/settings.rst
@@ -865,6 +865,9 @@ Maximum number of seconds to cache an item in the DNS cache, no matter what the
 
 ``max-concurrent-requests-per-tcp-connection``
 ----------------------------------------------
+
+.. versionadded:: 4.3.0
+
 -  Integer
 -  Default: 10
 

diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst
index a2fad7da2f7e772e79e195ae031d581c4f65033d..129e46adff58ff5a877939c12f8971de05eeb0c9 100644 (file)
--- a/pdns/recursordist/docs/upgrade.rst
+++ b/pdns/recursordist/docs/upgrade.rst
@@ -7,8 +7,42 @@ When upgrading several versions, please read **all** notes applying to the upgra
 4.2.x to 4.3.0 or master
 ------------------------
 
+Lua Netmask class methods changed
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - Netmask class methods ``isIpv4`` and ``isIpv6`` have been deprecated in Lua, use :func:`Netmask.isIPv4` and :func:`Netmask.isIPv6` instead. In C++ API these methods have been removed.
 
+``socket-dir`` changed
+^^^^^^^^^^^^^^^^^^^^^^
+The default :ref:`setting-socket-dir` has changed to include ``pdns-recursor`` in the path.
+For non-chrooted setups, it is now whatever is passed to ``--with-socketdir`` during configure (``/var/run`` by default) plus ``pdns_recursor``.
+The systemd unit-file is updated to reflect this change and systemd will automatically create the directory with the proper permissions.
+The packaged sysV init-script also creates this directory.
+For other operating systems, update your init-scripts accordingly.
+
+Systemd service and permissions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+The systemd service-file that is installed no longer uses the ``root`` user to start.
+It uses the user and group set with the ``--with-service-user`` and ``--with-service-group`` switches during
+configuration, "pdns" by default.
+This could mean that PowerDNS Recursor cannot read its configuration or zone-file data.
+It is recommended to recursively ``chown`` directories used by PowerDNS Recursor::
+
+  # For Debian-based systems
+  chown -R root:pdns /etc/powerdns
+
+  # For CentOS and RHEL based systems
+  chown -R root:pdns /etc/pdns-recursor
+
+Packages provided on `the PowerDNS Repository <https://repo.powerdns.com>`__ will ``chown`` directories created by them accordingly in the post-installation steps.
+
+New settings
+^^^^^^^^^^^^
+- The :ref:`allow-trust-anchor-query` setting has been added. This setting controls if negative trust anchors can be queried. The default is `no`.
+- The :ref:`max-concurrent-requests-per-tcp-connection` has been added. This setting controls how many requests are handled concurrently per incoming TCP connection. The default is 10.
+- The :ref:`max-generate-steps` setting has been added. This sets the maximum number of steps that will be performed when loading a BIND zone with the ``$GENERATE`` directive. The default is 0, which is unlimited.
+- The :ref:`nothing-below-nxdomain` setting has been added. This setting controls the way cached NXDOMAIN replies imply non-existence of a whole subtree. The default is `dnssec` which means that only DNSSEC validated NXDOMAINS results are used.
+- The :ref:`qname-minimization` setting has been added. This options controls if QName Minimization is used. The default is `yes`.
+  
 4.1.x to 4.2.0
 --------------