ISC DHCP 4.1-ESV-R11b1 is now available for download.
tmark at isc.org
Thu Feb 5 21:49:00 UTC 2015
This is the first BETA of ISC DHCP 4.1-ESV-R11, a maintenance release
contains a number of bug fixes.
Field testing is an important part of our quality process. We welcome,
and need our user base to beta test our upcoming releases. Please report
bugs to dhcp-bugs at isc.org, and report that you have tried the release,
and any general observations, to dhcp-users at lists.isc.org. The first
release candidate, 4.1-ESV-R11rc1, is anticipated to be released on
A list of the changes in this release has been appended to the end
of this message. For a complete list of changes from any previous
release, please consult the RELNOTES file within the source distribution.
They can also be found at:
Knowledge base articles about various features can be found starting from:
Webinars can be found here:
This release, and its OpenPGP-signatures are available now from:
ISC's Release Signing Key can be obtained at:
The following are some of the more intersting changes in this release.
As always you should consult the notes in RELNOTES or at the bottom
of this announcement for the complete list of fixes in this release.
We have made several changes (20558, 21323 and 36233) to try and
handle client hostnames and DNS more in line with the documentation.
use-host-decl-names and prepending domain-search strings should
now work correctly.
A failover server now supports a split value of 256 allowing the
primary to be configured to be responsible for all clients (36664)
instead of only 255/256 of the range.
We fixed a bug in the way we modfied the lists containing leases.
This should fix some odd bugs where the leases were expired in
clumps rather than when their timers elapsed, see 38002. While
this is not a security issue it does fix some potential weird
behavior and we encouage people to upgrade if possible.
If the configruation is changed such that a lease was in a range
that had a failover peer but no longer has one then the server
will update the lease to be availabe. Previously the lease could
be stuck in the backup state, this will cause it to move to the
free state. See 36960.
We corrected an issue, present under Linux with NIC drivers which
perfrom vlan-tag encapsulation, that was causing inbound packets on
a vlan to also be seen on the vlan's hosting interface. This means
that when interfaces are specified on the command line, you must specify
a vlan interface explicitly, such as "eth0:12" rather than "eth0".
The following is the list of all changes for this release.
Changes since 4.1.-ESV-R10
- Corrected parser's right brace matching when a statement contains an
- Added check for invalid failover message type. Thanks to Tobias Stoeckmann
working with the OpendBSD project who spotted the issue and provided the
- Corrected rate limiting checks for bad packet logging. Thanks to Tobias
Stoeckmann working with the OpendBSD project who spotted the issue and
provided the patch.
- Addressed Coverity issues reported as of 07-31-2014:
[ISC-Bugs #36712] Corrects Coverity reported "high" impact issues.
[ISC-Bugs #36933] Corrects Coverity reported "medium" impact issues
[ISC-Bugs #37708] Fixes compilation error in dst_api.c seen in older
compilers that was introduced by #36712
- Server now supports a failover split value of 256.
- Added checks in range6 and prefix6 statement parsing to ensure addresses
are within the declared. Thanks to Jiri Popelka at Red Hat for the bug
report and patch.
- Addressed checksum issues:
Added checksum readiness check to Linux packet filtering which eliminates
invalid packet drops due to checksum errors when checksum offloading is
in use. Based on dhcp-4.2.2-xen-checksum.patch made to the Fedora
Inbound packets with UPD checksums of 0xffff now validate correctly rather
than being dropped.
- Added support of the configuration parameter, use-host-decl-names, to
BOOTP request handling.
- When the server cannot attribute an inbound request to a known subnet
and returning the server identifier in NAKS is enabled; the server
will use value of the configuration parameter server-identifier if it
is defined globally.
- By default, the server will now choose the value to use in the forward DNS
name from the following in order of preference:
1. FQDN option if provided by the client
2. Host name option if provided by the client
3. Configured option host-name if defined
As before, this may be overridden by defining ddns-hostname to the desired
value (or expression). In addition, the server logic has been extended to
use the value of the host name declaration if use-host-decl-names is
and no other value is available.
- In the failover code, handle the case of communications being interrupted
when the servers are dealing with POTENTIAL-CONFLICT. This patch allows
the primary to accept the secondary moving from POTENTIAL-CONFLICT to
RESOLUTION-INTERRUPTED as well as handling the bind update process better.
In addition the code to resend update or update all requests has been
modified to send requests more often.
- Corrected an issue which caused dhclient to incorrectly form the
prepending or appending to the IPv4 domain-search option,received from the
server, when either of the values being combined contain compressed
- During startup, when the server encounters a lease whose binding state is
FTS_BACKUP but whose pool has no configured failover peer, it will
lease's binding state to FTS_FREE. This allows the leases to be reclaimed
by the server after a pool's configuration has changed from failover to
standalone. Prior to this such leases would remain stuck in the backup
making them unavailable for assignment. This behavior is off by default.
It is enabled by defining CONVERT_BACKUP_TO_FREE in includes/site.h and
will occur whether or not the server is compiled for failover.
- Avoid calling pool_timer() recursively from supersede_lease(). This could
result in leases changing state incorrectly or delaying the running of the
leae expiration code.
- Move the check for a PID file and process to be before we rewrite the
lease file. This avoids the possibility of starting a second instance
of a server which changes the current lease file confusing the first
instance. This check is only included if the admin hasn't disabled PID
- In the client code change the way preferred_life and max_life are printed
for environment variables to be unsigned rather than signed.
Thanks to Jiri Popelka at Red Hat for the bug report and patch.
- Modified linux packet handling such that packets received via VLAN are now
seen only by the VLAN interface. Prior to this, such packets were seen by
both the VLAN interface and its parent (physical) interface, causing the
server to respond to both. Note this remains an issue for non-Linux OSs.
Thanks to Jiri Popelka at Red Hat for the patch.
- Corrected inconsistencies in dhcrelay's setting the upper interface
limit such that it now sets it to 32 when the upstream address is a
address per RFC 3315 Section 20. Prior to this if the -u argument preceded
the -l argument on the command line or if the same interface was specified
for both; the logic to set the hop limit count for the upper interface was
skipped. This caused the hop count limit to be set to the default value
(typically 1) in the outbound upstream packets.
More information about the dhcp-workers