Hi
> > On 26.11.2012 13:52, James Findley wrote: > > I noticed that pdns was recently (October) updated to 3.1 from 2.9. > > As http://doc.powerdns.com/changelog.html#changelog-auth-3-1 > > and http://doc.powerdns.com/upgrades.html#from2.9to3.0 notes this is a > > major upgrade that requires schema updates to the database, will cause > > powerdns to fail to start for some configs, may change the answers > > returned and may negatively affect performance. > > Hi, > > The database schema from pdns 2.9.22 is still compatible with pdns 3.x. > > Please see: > http://doc.powerdns.com/upgrades.html#from2.9to3.0 > > > Can 3.x versions read the 2.9 pre-DNSSEC database schema? > > > Yes, as long as the relevant '-dnssec' setting is not enabled. These > > settings are typically called 'gmysql-dnssec', 'gpgsql-dnssec', > > 'gsqlite3-dnssec'. If this setting IS enabled, 3.x expects the new > > schema to be in place. > > > PowerDNS Authoritative Server 3.0 comes with DNSSEC support, but this > > has required big changes to database schemas. Each backend lists the > > changes required. To facilitate a smooth upgrade, the old, non-DNSSEC > > schema is used by default. > > There will be no issue with the old 2.9.22 non-DNSSEC database schema > with 3.x, because pdns 3.x uses by default the old non-DNSSEC database > schema. You'll need big database changes only for DNSSEC. Since the old > version (2.9.22) doesn't support DNSSEC this shouldn't be a problem. > > Furthermore, the configuration from 2.9.22 in /etc/pdns/pdns.conf is > also fully compatible with pdns 3.x. That is untrue. If your configuration contains the 'wildcards' parameter, powerdns 3.0+ will not start, but it's a supported and valid option for powerdns 2.9. And as it doesn't check the config when restarting, this will cause downtime for unwary users who upgrade. > > > On 26.11.2012 16:51, Ken Dreyer wrote: > > EPEL 6 will be around until November 2020. > > That's exactly the point, also for PowerDNS. The upstream project will > not maintain the old 2.9.x branch until 2020. For security reasons, I > think it is necessary to upgrade to the 3.x branch. (to make sure that > we get security related patches for PowerDNS) Furthermore, many bugs > have been fixed since 2.9.22 and pdns 3.x supports DNSSEC. > > > This probably should not have been done at all, and definitely not > > without some mention of these issues in the RPM changelog and ideally a > > postscript to fix configs, DB schema, etc. > > You don't need to fix the database schema or the configuration file, > because pdns 3.x uses by default the old non-DNSSEC database schema and > the pdns.conf file is still compatible. That's again not true. If you have customers with zones without SOAs, these work in 2.9 - they do not work at all in 3.0+. > > Thank you for your understanding. > > Best regards, > > Morten > I appreciate the work you do to maintain this package in EPEL, but particularly with packages like DNS servers extreme care needs to be taken when deciding to upgrade to a different major version. The powerdns documentation contains numerous warnings that it's not a trivial upgrade - these warnings should have been heeded, especially as the number of bugfixes are fairly small - it's mostly a feature upgrade which should not be a priority for EPEL. Thanks for taking the time to read this, James _______________________________________________ epel-devel-list mailing list epel-devel-list@redhat.com https://www.redhat.com/mailman/listinfo/epel-devel-list
