docs/upgrading.rst

   1 Upgrade Notes
   2 =============
   3
   4 Before proceeding, it is advised to check the release notes for your
   5 PowerDNS version, as specified in the name of the distribution file.
   6
   7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
   8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
   9 upgrade notes if your version is older than 3.4.2.
  10
  11 4.1.X to 4.2.0
  12 --------------
  13
  14 - Superslave operation is no longer enabled by default, use :ref:`setting-superslave` to enable. This setting was called ``supermaster`` in some 4.2.0 prereleases.
  15 - The gsqlite3 backend, and the DNSSEC database for the BIND backend, have a new journal-mode setting. This setting defaults to `WAL <https://www.sqlite.org/wal.html>`_; older versions of PowerDNS did not set the journal mode, which means they used the SQLite default of DELETE.
  16 - Autoserial support has been removed. The ``change_date`` column has been removed from the ``domains`` table in all gsql backends, but leaving it in is harmless.
  17 - The :doc:`Generic PostgreSQL backend <backends/generic-postgresql>` schema has changed: the ``notified_serial`` column type in the ``domains`` table has been changed from ``INT DEFAULT NULL`` to ``BIGINT DEFAULT NULL``: ``ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;``
  18
  19 4.1.0 to 4.1.1
  20 --------------
  21
  22 - The :doc:`Generic MySQL backend <backends/generic-mysql>` schema has
  23   changed: the ``notified_serial`` column default in the ``domains``
  24   table has been changed from ``INT DEFAULT NULL`` to ``INT UNSIGNED
  25   DEFAULT NULL``:
  26
  27   - ``ALTER TABLE domains MODIFY notified_serial INT UNSIGNED DEFAULT NULL;``
  28
  29 4.0.X to 4.1.0
  30 --------------
  31
  32 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
  33 - ALIAS record expansion is disabled by default, use :ref:`setting-expand-alias` to enable.
  34 - *Your LDAP schema might need to be updated*, because new record types
  35   have been added (see below) and the ``dNSDomain2`` type has been
  36   changed.
  37 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
  38
  39   - NSEC3
  40   - NSEC3PARAM
  41   - TLSA
  42   - CDS
  43   - CDNSKEY
  44   - OPENPGPKEY
  45   - TKEY
  46   - URI
  47   - CAA
  48
  49 Changed options
  50 ^^^^^^^^^^^^^^^
  51
  52 -  ``experimental-lua-policy-script`` option and the feature itself have
  53    been completely dropped. We invite you to use `PowerDNS
  54    dnsdist <https://dnsdist.org>`_ instead.
  55
  56 - As recursion has been removed from the Authoritative Server, the
  57   ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
  58   been removed as well.
  59
  60 - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm`
  61   and only supports a single algorithm name now.
  62
  63 - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm`
  64   and only supports a single algorithm name now.
  65
  66 Changed defaults
  67 ~~~~~~~~~~~~~~~~
  68
  69 - The default value of :ref:`setting-webserver-allow-from` has been changed from ``0.0.0.0, ::/0`` to ``127.0.0.1, ::1``.
  70
  71 Other changes
  72 ^^^^^^^^^^^^^
  73
  74 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
  75 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
  76 ``configure`` now attempts to find the Postgresql client libraries via
  77 ``pkg-config``, falling back to detecting ``pg_config``. Use
  78 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
  79 you have Postgresql installed in a non-default location.
  80
  81 The ``--with-libsodium`` configure flag has changed from 'no' to 'auto'.
  82 This means that if libsodium and its development header are installed, it will be linked in.
  83
  84 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
  85 Specifically, it needs `krb5.h` to be installed.
  86
  87 4.0.X to 4.0.2
  88 --------------
  89
  90 Changed options
  91 ^^^^^^^^^^^^^^^
  92
  93 Changed defaults
  94 ~~~~~~~~~~~~~~~~
  95
  96 -  :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
  97
  98 3.4.X to 4.0.0
  99 --------------
 100
 101 Database changes
 102 ^^^^^^^^^^^^^^^^
 103
 104 No changes have been made to the database schema. However, several
 105 superfluous queries have been dropped from the SQL backend. Furthermore,
 106 the generic SQL backends switched to prepared statements. If you use a
 107 non-standard SQL schema, please review the new defaults.
 108
 109 -  ``insert-ent-query``, ``insert-empty-non-terminal-query``,
 110    ``insert-ent-order-query`` have been replaced by one query named
 111    ``insert-empty-non-terminal-order-query``
 112 -  ``insert-record-order-query`` has been dropped,
 113    ``insert-record-query`` now sets the ordername (or NULL)
 114 -  ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
 115    sets the type of zone
 116
 117 Changed options
 118 ^^^^^^^^^^^^^^^
 119
 120 Several options have been removed or renamed, for the full overview of
 121 all options, see :doc:`settings`.
 122
 123 Renamed options
 124 ~~~~~~~~~~~~~~~
 125
 126 The following options have been renamed:
 127
 128 -  ``experimental-json-interface`` ==> :ref:`setting-api`
 129 -  ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
 130 -  ``experimental-api-key`` ==> :ref:`setting-api-key`
 131 -  ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
 132 -  ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
 133 -  ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
 134 -  ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
 135
 136 Changed defaults
 137 ~~~~~~~~~~~~~~~~
 138
 139 -  :ref:`setting-default-ksk-algorithms`
 140    changed from rsasha256 to ecdsa256
 141 -  :ref:`setting-default-zsk-algorithms`
 142    changed from rsasha256 to empty
 143
 144 Removed options
 145 ~~~~~~~~~~~~~~~
 146
 147 The following options are removed:
 148
 149 -  ``pipebackend-abi-version``, it now a setting per-pipe backend.
 150 -  ``strict-rfc-axfrs``
 151 -  ``send-root-referral``
 152
 153 API
 154 ^^^
 155
 156 The API path has changed to ``/api/v1``.
 157
 158 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
 159 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
 160 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
 161 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
 162 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
 163
 164 Resource Record Changes
 165 ^^^^^^^^^^^^^^^^^^^^^^^
 166
 167 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
 168 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
 169 resource record, which was removed from PowerDNS 4.0. Hence, if you used
 170 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
 171 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
 172 records and will throw an exception on all queries for a label with
 173 MBOXFW records. Thus, make sure to clean up the records in the DB.
 174
 175 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
 176 have a 'priority' field (like MX or SRV), but where one was not in the database.
 177 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.