[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Backwards incompatible change: PowerDNS (2.9.x to 3.1.x)

On 26.11.2012 13:52, James Findley wrote:
I noticed that pdns was recently (October) updated to 3.1 from 2.9.
  As http://doc.powerdns.com/changelog.html#changelog-auth-3-1
and http://doc.powerdns.com/upgrades.html#from2.9to3.0 notes this is a
major upgrade that requires schema updates to the database, will cause
powerdns to fail to start for some configs, may change the answers
returned and may negatively affect performance.


The database schema from pdns 2.9.22 is still compatible with pdns 3.x.

Please see:

> Can 3.x versions read the 2.9 pre-DNSSEC database schema?

> Yes, as long as the relevant '-dnssec' setting is not enabled. These > settings are typically called 'gmysql-dnssec', 'gpgsql-dnssec', > 'gsqlite3-dnssec'. If this setting IS enabled, 3.x expects the new > schema to be in place.

> PowerDNS Authoritative Server 3.0 comes with DNSSEC support, but this > has required big changes to database schemas. Each backend lists the > changes required. To facilitate a smooth upgrade, the old, non-DNSSEC > schema is used by default.

There will be no issue with the old 2.9.22 non-DNSSEC database schema with 3.x, because pdns 3.x uses by default the old non-DNSSEC database schema. You'll need big database changes only for DNSSEC. Since the old version (2.9.22) doesn't support DNSSEC this shouldn't be a problem.

Furthermore, the configuration from 2.9.22 in /etc/pdns/pdns.conf is also fully compatible with pdns 3.x.

On 26.11.2012 16:51, Ken Dreyer wrote:
> EPEL 6 will be around until November 2020.

That's exactly the point, also for PowerDNS. The upstream project will not maintain the old 2.9.x branch until 2020. For security reasons, I think it is necessary to upgrade to the 3.x branch. (to make sure that we get security related patches for PowerDNS) Furthermore, many bugs have been fixed since 2.9.22 and pdns 3.x supports DNSSEC.

This probably should not have been done at all, and definitely not
without some mention of these issues in the RPM changelog and ideally a
postscript to fix configs, DB schema, etc.

You don't need to fix the database schema or the configuration file, because pdns 3.x uses by default the old non-DNSSEC database schema and the pdns.conf file is still compatible.

Thank you for your understanding.

Best regards,


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]