Backwards incompatible change: PowerDNS (2.9.x to 3.1.x)

James Findley james.findley at gmx.com
Tue Nov 27 20:15:56 UTC 2012 

 
 > On 27.11.2012 12:50, James Findley wrote:
 >
 > > That is untrue. If your configuration contains the 'wildcards' parameter, powerdns 3.0+ will not start, but it's a supported and valid option for powerdns 2.9. And as it doesn't check the config when restarting, this will cause downtime for unwary users who upgrade.
 >
 > Hi James,
 >
 > please note:
 >
 > http://doc.powerdns.com/changelog.html
 >
 > The pdns.conf 'wildcards'-setting did not do anything in 3.0, so it was
 > removed.


I'm afraid you've rather missed the point.  The previous version was 2.9,
where the wildcards setting *DID* do something, and something important at that.
You pushed a direct upgrade from 2.9 to 3.1 that meant that anyone with
this setting in theit pdns.conf would have found their server broken by this change.

There has never been a pdns-3.0 in EPEL so this changelog is not relevent.

 >
 > > That's again not true. If you have customers with zones without SOAs, these work in 2.9 - they do not work at all in 3.0+.
 >
 > This is a non-RFC-compliant setup. Zones without SOA record is something
 > that you should never do!
 >
 > RFC 1035:
 > [...] 2. Exactly one SOA RR should be present at the top of the zone.


The RFC says "should" not "must" - but this is irrellevent.
Customers can't always be relied upon to produce perfectly RFC
compliant zones, and a zone that worked fine in 2.9 and doesn't
work at all in 3.1 is another very important reason why you should
not have pushed this change.


 >
 > > I appreciate the work you do to maintain this package in EPEL, but particularly with packages like DNS servers extreme care needs to be taken when deciding to upgrade to a different major version.
 > >
 > > The powerdns documentation contains numerous warnings that it's not a trivial upgrade - these warnings should have been heeded, especially as the number of bugfixes are fairly small - it's mostly a feature upgrade which should not be a priority for EPEL.
 >
 > I agree with you fully that we need to be careful with such upgrades.
 >
 > It isn't really a feature upgrade. The main reason for this decision was
 > the security aspect to make sure that we get security patches for
 > PowerDNS until 2020.
 >
 > I can't justify using an old version excluding future security patches.
 > The upgrade effort is minimal in relation to the security aspect for the
 > next 8 years. For example, the bind version shipped with RHEL 6.0 was
 > 9.7.0-P2 and the latest 6.3 release contains bind 9.8.2 RC1. (Yes, I
 > know this is only a minor upgrade)


Had there been a critical security vulerability that this change fixed,
you'd have had a better argument.  There currently isn't one to the
best of my knowledge.

There may be a pressing security vulnerability that's not trivially
backported to 2.9... or there might not.  As of this moment this seems
to me like a gratuitous incompatible change that has been pushed without
proper consideration.

I don't really want to argue this back and forth - I don't think there's
a huge amount that can be done to fix it at this point, so creating a flame-
fest isn't productive.
I would like maintainers to realise that while your efforts are really appreicated
that doing things like this massively reduces the value of EPEL - if everyone
has to do this much diligence checking every update we may as well all roll
our own RPMs.

Thanks for listening,

James

More information about the epel-devel-list mailing list