Backwards incompatible change: PowerDNS (2.9.x to 3.1.x)
Morten Stevens
mstevens at imt-systems.com
Mon Nov 26 23:01:32 UTC 2012
On 26.11.2012 13:52, James Findley wrote:
> I noticed that pdns was recently (October) updated to 3.1 from 2.9.
> As http://doc.powerdns.com/changelog.html#changelog-auth-3-1
> and http://doc.powerdns.com/upgrades.html#from2.9to3.0 notes this is a
> major upgrade that requires schema updates to the database, will cause
> powerdns to fail to start for some configs, may change the answers
> returned and may negatively affect performance.
Hi,
The database schema from pdns 2.9.22 is still compatible with pdns 3.x.
Please see:
http://doc.powerdns.com/upgrades.html#from2.9to3.0
> Can 3.x versions read the 2.9 pre-DNSSEC database schema?
> Yes, as long as the relevant '-dnssec' setting is not enabled. These
> settings are typically called 'gmysql-dnssec', 'gpgsql-dnssec',
> 'gsqlite3-dnssec'. If this setting IS enabled, 3.x expects the new
> schema to be in place.
> PowerDNS Authoritative Server 3.0 comes with DNSSEC support, but this
> has required big changes to database schemas. Each backend lists the
> changes required. To facilitate a smooth upgrade, the old, non-DNSSEC
> schema is used by default.
There will be no issue with the old 2.9.22 non-DNSSEC database schema
with 3.x, because pdns 3.x uses by default the old non-DNSSEC database
schema. You'll need big database changes only for DNSSEC. Since the old
version (2.9.22) doesn't support DNSSEC this shouldn't be a problem.
Furthermore, the configuration from 2.9.22 in /etc/pdns/pdns.conf is
also fully compatible with pdns 3.x.
On 26.11.2012 16:51, Ken Dreyer wrote:
> EPEL 6 will be around until November 2020.
That's exactly the point, also for PowerDNS. The upstream project will
not maintain the old 2.9.x branch until 2020. For security reasons, I
think it is necessary to upgrade to the 3.x branch. (to make sure that
we get security related patches for PowerDNS) Furthermore, many bugs
have been fixed since 2.9.22 and pdns 3.x supports DNSSEC.
> This probably should not have been done at all, and definitely not
> without some mention of these issues in the RPM changelog and ideally a
> postscript to fix configs, DB schema, etc.
You don't need to fix the database schema or the configuration file,
because pdns 3.x uses by default the old non-DNSSEC database schema and
the pdns.conf file is still compatible.
Thank you for your understanding.
Best regards,
Morten
More information about the epel-devel-list
mailing list