]>
Commit | Line | Data |
---|---|---|
20d81666 PL |
1 | Upgrade Guide |
2 | ============= | |
3 | ||
955de53b PD |
4 | 1.3.x to 1.4.0 |
5 | -------------- | |
6 | ||
7 | :func:`addLuaAction` and :func:`addLuaResponseAction` have been removed. Instead, use :func:`addAction` with a :func:`LuaAction`, or :func:`addResponseAction` with a :func:`LuaResponseAction`. | |
8 | ||
6da31e3a RG |
9 | :func:`newPacketCache` now takes an optional table as its second argument, instead of several optional parameters. |
10 | ||
11 | Lua's constants for DNS response codes and QTypes have been moved from the 'dnsdist' prefix to, respectively, the 'DNSQType' and 'DNSRCode' prefix. | |
12 | ||
13 | To improve security, all ambient capabilities are now dropped after the startup phase, which might prevent launching the webserver on a privileged port at run-time, or impact some custom Lua code. In addition, systemd's sandboxing features are now determined at compile-time, resulting in more restrictions on recent distributions. See pull requests 7138 and 6634 for more information. | |
14 | ||
15 | If you are compiling dnsdist, note that several ./configure options have been renamed to provide a more consistent experience. Features that depend on an external component have been prefixed with '--with-' while internal features use '--enable-'. This lead to the following changes: | |
16 | ||
17 | - ``--enable-fstrm`` to ``--enable-dnstap`` | |
18 | - ``--enable-gnutls`` to ``--with-gnutls`` | |
19 | - ``--enable-libsodium`` to ``--with-libsodium`` | |
20 | - ``--enable-libssl`` to ``--with-libssl`` | |
21 | - ``--enable-re2`` to ``--with-re2`` | |
22 | ||
70ee2bc3 PD |
23 | 1.3.2 to 1.3.3 |
24 | -------------- | |
25 | ||
26 | When upgrading from a package before 1.3.3, on CentOS 6 and RHEL 6, dnsdist will be stopped instead of restarted. | |
27 | ||
e1e5ea46 PL |
28 | 1.2.x to 1.3.x |
29 | -------------- | |
30 | ||
31 | In version 1.3.0, these things have changed. | |
32 | ||
33 | The :ref:`Console` has an ACL now, which is set to ``{"127.0.0.0/8", "::1/128"}`` by default. | |
34 | Add the appropriate :func:`setConsoleACL` and :func:`addConsoleACL` statements to the configuration file. | |
35 | ||
36 | The ``--daemon`` option is removed from the :program:`dnsdist` binary, meaning that :program:`dnsdist` will not fork to the background anymore. | |
37 | Hence, it can only be run on the foreground or under a supervisor like systemd, supervisord and ``daemon(8)``. | |
38 | ||
9df79d52 PL |
39 | Due to changes in the architecture of :program:`dnsdist`, several of the shortcut rules have been removed after deprecating them in 1.2.0. |
40 | All removed functions have their equivalent :func:`addAction` listed. | |
41 | Please check the configuration for these statements (or use ``dnsdist --check-config``) and update where needed. | |
42 | This removal affects these functions: | |
43 | ||
44 | - :func:`addAnyTCRule` | |
45 | - :func:`addDelay` | |
46 | - :func:`addDisableValidationRule` | |
47 | - :func:`addDomainBlock` | |
48 | - :func:`addDomainCNAMESpoof` | |
49 | - :func:`addDomainSpoof` | |
50 | - :func:`addNoRecurseRule` | |
51 | - :func:`addPoolRule` | |
52 | - :func:`addQPSLimit` | |
53 | - :func:`addQPSPoolRule` | |
54 | ||
20d81666 PL |
55 | 1.1.0 to 1.2.0 |
56 | -------------- | |
57 | ||
58 | In 1.2.0, several configuration options have been changed: | |
59 | ||
60 | As the amount of possible settings for listen sockets is growing, all listen-related options must now be passed as a table as the second argument to both :func:`addLocal` and :func:`setLocal`. | |
61 | See the function's reference for more information. | |
62 | ||
63 | The ``BlockFilter`` function is removed, as :func:`addRule` combined with a :func:`DropAction` can do the same. |