4 Before proceeding, it is advised to check the release notes for your
5 PowerDNS version, as specified in the name of the distribution file.
7 Please upgrade to the PowerDNS Authoritative Server 4.0.0 from 3.4.2+.
8 See the `3.X <https://doc.powerdns.com/3/authoritative/upgrading/>`__
9 upgrade notes if your version is older than 3.4.2.
14 - Superslave operation is no longer enabled by default, use :ref:`setting-superslave` to enable. This setting was called ``supermaster`` in some 4.2.0 prereleases.
15 - The gsqlite3 backend, and the DNSSEC database for the BIND backend, have a new journal-mode setting. This setting defaults to `WAL <https://www.sqlite.org/wal.html>`_; older versions of PowerDNS did not set the journal mode, which means they used the SQLite default of DELETE.
16 - Autoserial support has been removed. The ``change_date`` column has been removed from the ``domains`` table in all gsql backends, but leaving it in is harmless.
17 - The :doc:`Generic PostgreSQL backend <backends/generic-postgresql>` schema has changed: the ``notified_serial`` column type in the ``domains`` table has been changed from ``INT DEFAULT NULL`` to ``BIGINT DEFAULT NULL``: ``ALTER TABLE domains ALTER notified_serial TYPE bigint USING CASE WHEN notified_serial >= 0 THEN notified_serial::bigint END;``
22 - The :doc:`Generic MySQL backend <backends/generic-mysql>` schema has
23 changed: the ``notified_serial`` column default in the ``domains``
24 table has been changed from ``INT DEFAULT NULL`` to ``INT UNSIGNED
27 - ``ALTER TABLE domains MODIFY notified_serial INT UNSIGNED DEFAULT NULL;``
32 - Recursion has been removed, see the :doc:`dedicated migration guide <guides/recursion>`.
33 - ALIAS record expansion is disabled by default, use :ref:`setting-expand-alias` to enable.
34 - *Your LDAP schema might need to be updated*, because new record types
35 have been added (see below) and the ``dNSDomain2`` type has been
37 - The :doc:`LDAP Backend <backends/ldap>` now supports additional Record types
52 - ``experimental-lua-policy-script`` option and the feature itself have
53 been completely dropped. We invite you to use `PowerDNS
54 dnsdist <https://dnsdist.org>`_ instead.
56 - As recursion has been removed from the Authoritative Server, the
57 ``allow-recursion``, ``recursive-cache-ttl`` and ``recursor`` options have
60 - ``default-ksk-algorithms`` has been renamed to :ref:`setting-default-ksk-algorithm`
61 and only supports a single algorithm name now.
63 - ``default-zsk-algorithms`` has been renamed to :ref:`setting-default-zsk-algorithm`
64 and only supports a single algorithm name now.
69 - The default value of :ref:`setting-webserver-allow-from` has been changed from ``0.0.0.0, ::/0`` to ``127.0.0.1, ::1``.
74 The ``--with-pgsql``, ``--with-pgsql-libs``, ``--with-pgsql-includes``
75 and ``--with-pgsql-config`` ``configure`` options have been deprecated.
76 ``configure`` now attempts to find the Postgresql client libraries via
77 ``pkg-config``, falling back to detecting ``pg_config``. Use
78 ``--with-pg-config`` to specify a path to a non-default ``pg_config`` if
79 you have Postgresql installed in a non-default location.
81 The ``--with-libsodium`` configure flag has changed from 'no' to 'auto'.
82 This means that if libsodium and its development header are installed, it will be linked in.
84 The improved :doc:`LDAP Backend <backends/ldap>` backend now requires Kerberos headers to be installed.
85 Specifically, it needs `krb5.h` to be installed.
96 - :ref:`setting-any-to-tcp` changed from ``no`` to ``yes``
104 No changes have been made to the database schema. However, several
105 superfluous queries have been dropped from the SQL backend. Furthermore,
106 the generic SQL backends switched to prepared statements. If you use a
107 non-standard SQL schema, please review the new defaults.
109 - ``insert-ent-query``, ``insert-empty-non-terminal-query``,
110 ``insert-ent-order-query`` have been replaced by one query named
111 ``insert-empty-non-terminal-order-query``
112 - ``insert-record-order-query`` has been dropped,
113 ``insert-record-query`` now sets the ordername (or NULL)
114 - ``insert-slave-query`` has been dropped, ``insert-zone-query`` now
115 sets the type of zone
120 Several options have been removed or renamed, for the full overview of
121 all options, see :doc:`settings`.
126 The following options have been renamed:
128 - ``experimental-json-interface`` ==> :ref:`setting-api`
129 - ``experimental-api-readonly`` ==> :ref:`setting-api-readonly`
130 - ``experimental-api-key`` ==> :ref:`setting-api-key`
131 - ``experimental-dname-processing`` ==> :ref:`setting-dname-processing`
132 - ``experimental-dnsupdate`` ==> :ref:`setting-dnsupdate`
133 - ``allow-dns-update-from`` ==> :ref:`setting-allow-dnsupdate-from`
134 - ``forward-dnsupdates`` ==> :ref:`setting-forward-dnsupdate`
139 - :ref:`setting-default-ksk-algorithms`
140 changed from rsasha256 to ecdsa256
141 - :ref:`setting-default-zsk-algorithms`
142 changed from rsasha256 to empty
147 The following options are removed:
149 - ``pipebackend-abi-version``, it now a setting per-pipe backend.
150 - ``strict-rfc-axfrs``
151 - ``send-root-referral``
156 The API path has changed to ``/api/v1``.
158 Incompatible change: ``SOA-EDIT-API`` now follows ``SOA-EDIT-DNSUPDATE``
159 instead of ``SOA-EDIT`` (incl. the fact that it now has a default value
160 of ``DEFAULT``). You must update your existing ``SOA-EDIT-API`` metadata
161 (set ``SOA-EDIT`` to your previous ``SOA-EDIT-API`` value, and
162 ``SOA-EDIT-API`` to ``SOA-EDIT`` to keep the old behaviour).
164 Resource Record Changes
165 ^^^^^^^^^^^^^^^^^^^^^^^
167 Since PowerDNS 4.0.0 the CAA resource record (type 257) is supported.
168 Before PowerDNS 4.0.0 type 257 was used for a proprietary MBOXFW
169 resource record, which was removed from PowerDNS 4.0. Hence, if you used
170 CAA records with 3.4.x (stored in the DB with wrong type=MBOXFW but
171 worked fine) and upgrade to 4.0, PowerDNS will fail to parse this
172 records and will throw an exception on all queries for a label with
173 MBOXFW records. Thus, make sure to clean up the records in the DB.
175 In version 3.X, the PowerDNS Authoritative Server silently ignored records that
176 have a 'priority' field (like MX or SRV), but where one was not in the database.
177 In 4.X, :doc:`pdnsutil check-zone <manpages/pdnsutil.1>` will complain about this.