From: Otto Moerbeek Date: Fri, 13 Dec 2019 09:45:30 +0000 (+0100) Subject: Upgrade guide for rec-4.3 X-Git-Tag: auth-4.3.0-beta1~56^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=122d13229b965cf62acbd019e7e27f26cbf8b775;p=thirdparty%2Fpdns.git Upgrade guide for rec-4.3 --- diff --git a/pdns/recursordist/docs/settings.rst b/pdns/recursordist/docs/settings.rst index bfd5fb5c68..4283b95a09 100644 --- a/pdns/recursordist/docs/settings.rst +++ b/pdns/recursordist/docs/settings.rst @@ -865,6 +865,9 @@ Maximum number of seconds to cache an item in the DNS cache, no matter what the ``max-concurrent-requests-per-tcp-connection`` ---------------------------------------------- + +.. versionadded:: 4.3.0 + - Integer - Default: 10 diff --git a/pdns/recursordist/docs/upgrade.rst b/pdns/recursordist/docs/upgrade.rst index a2fad7da2f..129e46adff 100644 --- a/pdns/recursordist/docs/upgrade.rst +++ b/pdns/recursordist/docs/upgrade.rst @@ -7,8 +7,42 @@ When upgrading several versions, please read **all** notes applying to the upgra 4.2.x to 4.3.0 or master ------------------------ +Lua Netmask class methods changed +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - Netmask class methods ``isIpv4`` and ``isIpv6`` have been deprecated in Lua, use :func:`Netmask.isIPv4` and :func:`Netmask.isIPv6` instead. In C++ API these methods have been removed. +``socket-dir`` changed +^^^^^^^^^^^^^^^^^^^^^^ +The default :ref:`setting-socket-dir` has changed to include ``pdns-recursor`` in the path. +For non-chrooted setups, it is now whatever is passed to ``--with-socketdir`` during configure (``/var/run`` by default) plus ``pdns_recursor``. +The systemd unit-file is updated to reflect this change and systemd will automatically create the directory with the proper permissions. +The packaged sysV init-script also creates this directory. +For other operating systems, update your init-scripts accordingly. + +Systemd service and permissions +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +The systemd service-file that is installed no longer uses the ``root`` user to start. +It uses the user and group set with the ``--with-service-user`` and ``--with-service-group`` switches during +configuration, "pdns" by default. +This could mean that PowerDNS Recursor cannot read its configuration or zone-file data. +It is recommended to recursively ``chown`` directories used by PowerDNS Recursor:: + + # For Debian-based systems + chown -R root:pdns /etc/powerdns + + # For CentOS and RHEL based systems + chown -R root:pdns /etc/pdns-recursor + +Packages provided on `the PowerDNS Repository `__ will ``chown`` directories created by them accordingly in the post-installation steps. + +New settings +^^^^^^^^^^^^ +- The :ref:`allow-trust-anchor-query` setting has been added. This setting controls if negative trust anchors can be queried. The default is `no`. +- The :ref:`max-concurrent-requests-per-tcp-connection` has been added. This setting controls how many requests are handled concurrently per incoming TCP connection. The default is 10. +- The :ref:`max-generate-steps` setting has been added. This sets the maximum number of steps that will be performed when loading a BIND zone with the ``$GENERATE`` directive. The default is 0, which is unlimited. +- The :ref:`nothing-below-nxdomain` setting has been added. This setting controls the way cached NXDOMAIN replies imply non-existence of a whole subtree. The default is `dnssec` which means that only DNSSEC validated NXDOMAINS results are used. +- The :ref:`qname-minimization` setting has been added. This options controls if QName Minimization is used. The default is `yes`. + 4.1.x to 4.2.0 --------------