Add auth 4.3.0 upgrade docs

diff --git a/docs/upgrading.rst b/docs/upgrading.rst
index 7f2fc402440f7ee7970abb34866561e5f51fee77..ba03af5069ef5e903148d97377fdb7553ecd926e 100644 (file)
--- a/docs/upgrading.rst
+++ b/docs/upgrading.rst
@@ -11,7 +11,47 @@ upgrade notes if your version is older than 3.4.2.
 4.2.x to 4.3.0
 --------------
 
-- Netmask class methods ``isIpv4`` and ``isIpv6`` have been deprecated in Lua, use :func:`Netmask.isIPv4` and :func:`Netmask.isIPv6` instead. In C++ API these methods have been removed.
+Lua Netmask class methods changed
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+Netmask class methods ``isIpv4`` and ``isIpv6`` have been deprecated in Lua, use :func:`Netmask.isIPv4` and :func:`Netmask.isIPv6` instead. In the C++ API, these methods have been removed.
+
+``socket-dir`` changed
+^^^^^^^^^^^^^^^^^^^^^^
+The default :ref:`setting-socket-dir` has changed to include ``pdns`` in the path.
+It is now whatever is passed to ``--with-socketdir`` during configure (``/var/run`` by default) plus ``pdns``.
+The systemd unit-file is updated to reflect this change and systemd will automatically create the directory with the proper permissions.
+The packaged sysV init-script also creates this directory.
+For other operating systems, update your init-scripts accordingly.
+
+Systemd service and permissions
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+The systemd service-file that is installed no longer uses the ``root`` user to start.
+It uses the user and group set with the ``--with-service-user`` and ``--with-service-group`` switches during configuration, "pdns" by default.
+This could mean that PowerDNS cannot read its configuration or zone-file data.
+It is recommended to recursively ``chown`` directories used by PowerDNS::
+
+  # For Debian-based systems
+  chown -R root:pdns /etc/powerdns
+  chown -R pdns:pdns /var/lib/powerdns
+
+  # For CentOS and RHEL based systems
+  chown -R root:pdns /etc/pdns
+  chown -R pdns:pdns /var/lib/pdns
+
+Packages provided on `the PowerDNS Repository <https://repo.powerdns.com>`__ will ``chown`` directories created by them accordingly in the post-installation steps.
+
+New settings
+^^^^^^^^^^^^
+
+- The :ref:`setting-axfr-fetch-timeout` setting has been added. This setting controls how long an inbound AXFR may be idle in seconds. Its default is 10
+- The :ref:`setting-max-generate-steps` setting has been added. This sets the maximum number of steps that will be performed when loading a BIND zone with the ``$GENERATE`` directive. The default is 0, which is unlimited.
+
+Removed settings
+^^^^^^^^^^^^^^^^
+
+- :ref:``setting-local-ipv6`` has been removed. IPv4 and IPv6 listen addresses can now be set with :ref:`setting-local-address`. The default for the latter has been changed to ``0.0.0.0, ::``.
+
 
 4.1.X to 4.2.0
 --------------