summaryrefslogtreecommitdiffstats
path: root/doc/migration.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/migration.rst')
-rw-r--r--doc/migration.rst90
1 files changed, 85 insertions, 5 deletions
diff --git a/doc/migration.rst b/doc/migration.rst
index f79539c..7c4a279 100644
--- a/doc/migration.rst
+++ b/doc/migration.rst
@@ -249,19 +249,19 @@ Configuration changes
- Ignored obsolete options (with a notice log):
- - ``server.max-journal-depth``
- - ``server.max-journal-usage``
- - ``server.max-refresh-interval``
- - ``server.min-refresh-interval``
- ``server.max-ipv4-udp-payload``
- ``server.max-ipv6-udp-payload``
- ``server.max-udp-payload``
- ``server.max-tcp-clients``
- ``server.tcp-reply-timeout``
+ - ``zone.max-journal-depth``
+ - ``zone.max-journal-usage``
+ - ``zone.max-refresh-interval``
+ - ``zone.min-refresh-interval``
+ - ``zone.max-zone-size``
- ``template.journal-db``
- ``template.kasp-db``
- ``template.timer-db``
- - ``template.max-zone-size``
- ``template.max-journal-db-size``
- ``template.max-timer-db-size``
- ``template.max-kasp-db-size``
@@ -393,6 +393,86 @@ Query module API change
The function ``knotd_qdata_local_addr()`` only takes one parameter.
+.. _Upgrade 3.3.x to 3.4.x:
+
+Upgrade 3.3.x to 3.4.x
+======================
+
+There are the following changes between Knot DNS versions 3.4.x and 3.3.x.
+
+DNSSEC
+------
+
+- DNSSEC validation fails if the remaining RRSIG validity is shorter than
+ the corresponding :ref:`policy_rrsig-refresh` value.
+- SKR verification fails if the end of a DNSKEY RRSIG validity period doesn't
+ cover the next DNSKEY snapshot.
+- If DNSSEC signing is enabled, the outbound request's EDNS expire value is
+ lowered to the earliest RRSIG expiration if it is higher.
+
+Semantic checks
+---------------
+
+- Just one SOA record is required.
+- Unified DNAME and CNAME semantic checks (see :ref:`Handling CNAME and DNAME-related updates`).
+
+Configuration changes
+---------------------
+
+- The server no longer allows concurrent control zone and configuration transactions.
+- The server no longer allows opening a zone transaction when a blocking command is running.
+- Removed already ignored obsolete options:
+
+ - ``server.max-ipv4-udp-payload``
+ - ``server.max-ipv6-udp-payload``
+ - ``server.max-udp-payload``
+ - ``server.max-tcp-clients``
+ - ``server.tcp-handshake-timeout``
+ - ``server.tcp-reply-timeout``
+ - ``server.listen-xdp``
+ - ``xdp.quic-log``
+ - ``zone.max-journal-depth``
+ - ``zone.max-journal-usage``
+ - ``zone.max-refresh-interval``
+ - ``zone.min-refresh-interval``
+ - ``zone.max-zone-size``
+ - ``zone.disable-any``
+ - ``template.journal-db``
+ - ``template.kasp-db``
+ - ``template.timer-db``
+ - ``template.max-journal-db-size``
+ - ``template.max-timer-db-size``
+ - ``template.max-kasp-db-size``
+ - ``template.journal-db-mode``
+
+Utilities
+---------
+
+- Changed defaults:
+
+ - :doc:`kdig<man_kdig>`: enabled ``+edns`` and ``+bufsize=1232``
+
+- Removed legacy parameters:
+
+ - :doc:`keymgr<man_keymgr>`: ``--brief``
+ - :doc:`kjournalprint<man_kjournalprint>`: ``--no-color``
+ - :doc:`kjournalprint<man_kjournalprint>`: database specification without ``--dir``
+ - :doc:`kjournalprint<man_kcatalogprint>`: database specification without ``--dir``
+
+Documentation
+-------------
+
+- Info pages are no longer supported.
+
+Building notes
+--------------
+
+- A GCC or LLVM Clang compiler with C11 support is required.
+- Minimum required *GnuTLS* version is 3.6.10.
+- *Libidn* version 1 is no longer supported.
+- *Liburcu* must be available via pkg-config.
+- Linux distributions CentOS 7, Debian 10, and Ubuntu 18.04 are no longer supported.
+
.. _Knot DNS for BIND users:
Knot DNS for BIND users