Skip to main content

Upgrading to OpenTofu v1.6

OpenTofu v1.6 is the first release in the stable OpenTofu v1.0 series.

OpenTofu v1.6 honors the OpenTofu v1.0 Compatibility Promises, but there are some behavior changes outside of those promises that may affect a small number of users. Specifically, the following updates may require additional upgrade steps:

See the full changelog for more details. If you encounter any problems during upgrading which are not covered this guide, please start a new topic in the OpenTofu community forum to discuss it.

Linux DNS resolver changes‚Äč

OpenTofu on Linux uses a built-in DNS resolver rather than using the DNS resolver from the platform's C library, because this allows OpenTofu to run on systems with many different C libraries.

In OpenTofu v1.6, the DNS resolver will now notice when you have set the trust-ad option in your /etc/resolve.conf file, and will respond by setting the "authentic data" option in outgoing DNS requests to better match the behavior of the GNU libc DNS resolver.

OpenTofu does not pay any attention to the corresponding option in responses, but some DNSSEC-aware recursive resolvers return different responses when the request option isn't set. This should therefore avoid some potential situations where a DNS request from OpenTofu might get a different response than a similar request from other software on your system.

We don't expect this behavior change to be significant for most OpenTofu users.

Note that this change affects only DNS requests made by OpenTofu CLI itself, and not requests made by providers. Provider plugins are separate programs which handle DNS resolution themselves and so may have different behavior.