Upgrading to OpenTF v1.6
OpenTF v1.6 is the first release in the stable OpenTF v1.0 series.
OpenTF v1.6 honors the OpenTF v1.0 Compatibility Promises, but there are some behavior changes outside of those promises that may affect a small number of users. Specifically, the following updates may require additional upgrade steps:
See the full changelog for more details. If you encounter any problems during upgrading which are not covered this guide, please start a new topic in the OpenTF community forum to discuss it.
Linux DNS resolver changes
OpenTF on Linux uses a built-in DNS resolver rather than using the DNS resolver from the platform's C library, because this allows OpenTF to run on systems with many different C libraries.
In OpenTF v1.6, the DNS resolver will now notice when you have set the
trust-ad
option in your /etc/resolve.conf
file, and will respond by setting
the "authentic data" option in outgoing DNS requests to better match the
behavior of the GNU libc DNS resolver.
OpenTF does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from OpenTF might get a different response than a similar request from other software on your system.
We don't expect this behavior change to be significant for most OpenTF users.
Note that this change affects only DNS requests made by OpenTF CLI itself, and not requests made by providers. Provider plugins are separate programs which handle DNS resolution themselves and so may have different behavior.