Backwards incompatible change: PowerDNS (2.9.x to 3.1.x)

Tue Nov 27 11:50:57 UTC 2012

Hi

 >    
 > On 26.11.2012 13:52, James Findley wrote:
 > > I noticed that pdns was recently (October) updated to 3.1 from 2.9.
 > > As http://doc.powerdns.com/changelog.html#changelog-auth-3-1
 > > and http://doc.powerdns.com/upgrades.html#from2.9to3.0 notes this is a
 > > major upgrade that requires schema updates to the database, will cause
 > > powerdns to fail to start for some configs, may change the answers
 > > returned and may negatively affect performance.
 > 
 > Hi,
 > 
 > The database schema from pdns 2.9.22 is still compatible with pdns 3.x.
 > 
 > Please see:
 > http://doc.powerdns.com/upgrades.html#from2.9to3.0
 > 
 >  > Can 3.x versions read the 2.9 pre-DNSSEC database schema?
 > 
 >  > Yes, as long as the relevant '-dnssec' setting is not enabled. These 
 >  > settings are typically called 'gmysql-dnssec', 'gpgsql-dnssec', 
 >  > 'gsqlite3-dnssec'. If this setting IS enabled, 3.x expects the new 
 >  > schema to be in place.
 > 
 >  > PowerDNS Authoritative Server 3.0 comes with DNSSEC support, but this 
 >  > has required big changes to database schemas. Each backend lists the 
 >  > changes required. To facilitate a smooth upgrade, the old, non-DNSSEC 
 >  > schema is used by default.
 > 
 > There will be no issue with the old 2.9.22 non-DNSSEC database schema 
 > with 3.x, because pdns 3.x uses by default the old non-DNSSEC database 
 > schema. You'll need big database changes only for DNSSEC. Since the old 
 > version (2.9.22) doesn't support DNSSEC this shouldn't be a problem.
 > 
 > Furthermore, the configuration from 2.9.22 in /etc/pdns/pdns.conf is 
 > also fully compatible with pdns 3.x.

That is untrue.  If your configuration contains the 'wildcards' parameter, powerdns 3.0+ will not start, but it's a supported and valid option for powerdns 2.9.  And as it doesn't check the config when restarting, this will cause downtime for unwary users who upgrade.

 > 
 > 
 > On 26.11.2012 16:51, Ken Dreyer wrote:
 >  > EPEL 6 will be around until November 2020.
 > 
 > That's exactly the point, also for PowerDNS. The upstream project will 
 > not maintain the old 2.9.x branch until 2020. For security reasons, I 
 > think it is necessary to upgrade to the 3.x branch. (to make sure that 
 > we get security related patches for PowerDNS) Furthermore, many bugs 
 > have been fixed since 2.9.22 and pdns 3.x supports DNSSEC.
 > 
 > > This probably should not have been done at all, and definitely not
 > > without some mention of these issues in the RPM changelog and ideally a
 > > postscript to fix configs, DB schema, etc.
 > 
 > You don't need to fix the database schema or the configuration file, 
 > because pdns 3.x uses by default the old non-DNSSEC database schema and 
 > the pdns.conf file is still compatible.

That's again not true.  If you have customers with zones without SOAs, these work in 2.9 - they do not work at all in 3.0+.

 > 
 > Thank you for your understanding.
 > 
 > Best regards,
 > 
 > Morten   
 > 

I appreciate the work you do to maintain this package in EPEL, but particularly with packages like DNS servers extreme care needs to be taken when deciding to upgrade to a different major version.

The powerdns documentation contains numerous warnings that it's not a trivial upgrade - these warnings should have been heeded, especially as the number of bugfixes are fairly small - it's mostly a feature upgrade which should not be a priority for EPEL.

Thanks for taking the time to read this,

James