[Kea-announce] Kea 2.1.1, a new development release of Kea, is now available

Cathy Almond cathya at isc.org
Thu Nov 25 17:47:57 UTC 2021

Internet Systems Consortium is pleased to announce the release of Kea 2.1.1.

Releases in the Kea 2.1.x sequence are part of the Kea 2.1 development
branch, where new features are provided for testing and evaluation
before the branch is designated stable and recommended for production

The current stable branch of Kea is Kea 2.0 and its most recent release
is 2.0.0

The latest releases from each branch are available via the ISC downloads



# Kea 2.1.1, Nov 24th 2021, Release Notes

Welcome to Kea 2.1.1, the second monthly release of the 2.1 development
branch. As with any other development release, use this with caution:
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium
(ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a
REST API; optional database support (MySQL and PostgreSQL); optional
RADIUS, Kerberos, and Yang/NETCONF support; and much more. Kea provides
extensive management capabilities, including but not limited to: TLS
support, run-time configuration monitoring and updates via a REST API,
host reservations, client classification, and more.

The text below references issue numbers. For more details, visit the Kea
GitLab page at

The following bugfixes and features have been implemented since the Kea
2.1.0 release:

1. **GSS-TSIG hook**. The development of subscriber-only GSS-TSIG hooks
coming to an end.  Additional safety checks for DNS update and TKEY
exchange [#2121]. It's now possible to control the key regeneration
(rekey) using new commands (`gss-tsig-rekey-all`, `gss-tsig-purge`) has
been implemented [#2127], new timers (`rekey-interval`,
`retry-interval`) are now configurable [#2138, #2175], the TKEY exchange
is now cleaned up properly during shutdown [#2170], the Kea ARM section
has now been expanded [#2173], the exchange timeout is now configurable
[#2174], the old GSS-TSIG keys are now removed [#2177] and the Kea ARM
now provides better guidance for integration with Microsoft Active
Directory [#2179].

2. **Debian 11 packages**. Native DEB packages for recently released
Debian 11 Bullseye are now available [#2042, #2193].

3. **Netconf YANG modules updated**. The YANG modules used in NETCONF
has been substantially updated and are now in sync with the regular Kea
JSON configuration. Fixed `store-extended-info`, it was an operational
node instead of a config node. Added several containers and leaves:
`compatibility`, `lenient-option-parsing`, `multi-threading`,
`enable-multi-threading`, `packet-queue-size`, `thread-pool-size`,
`valid-lifetime`, `min-valid-lifetime`, `max-valid-lifetime`,
`preferred-lifetime`, `min-preferred-lifetime`,
`max-preferred-lifetime`, `cache-max-age`, `cache-threshold`,
`ddns-generated-prefix`, `ddns-override-client-update`,
`ddns-override-no-update`, `ddns-qualifying-suffix`,
`ddns-replace-client-name`, `ddns-send-updates`, `ddns-update-on-renew`,
`ddns-use-conflict-resolution`, `ip-reservations-unique`,
`parked-packet-limit`, `reservations-global`, `reservations-in-subnet`,
`reservations-out-of-pool`, `statistic-default-sample-age`,
`statistic-default-sample-count`, `store-extended-info`, `on-fail`

4. **Empty Tuple Handling in VIVCO options**. Previously Kea refused to
handle options, which have empty tuples (sub-options like fragments of
complex options). This fixes some incompatibilities with vendor
independent vendor class options (code 124), but may improve
compatibility with other similar options, such as VIVSO (code 125) or
vendor specific (code 43) [#2021].

5. **Postgresql Config-Backend**. The work on PostgreSQL-based Config
Backend is picking up pace. The ultimate goal of this work is to be able
to store Kea configuration in a PostgreSQL database, similar to how it
is possible now with MySQL. While the solution is not functional yet,
this release introduces two major components. First is a schema change
that adds many new tables, constraints, and stored procedures that are
necessary to maintain CB data consistency. The tables are available now,
but Kea will not use them yet. The second component is a skeleton
PostgreSQL CB hook. It is not functional yet. This work will continue in
upcoming releases [#1848, #2159, #2166].

6. **Build improvements**. Several improvements has been made in the
`hammer` build tool [#2111, #2112], make check runs are more robust and
no longer erroneously fail if Kea was compiled without gtest support
[#2172, #2167].

7. **Definition of maxsize**. The maximum limit of the `maxsize`
parameter that controls the maximum size of log file, before it is
rotated, has been increased from 2GB to 2PB [#2130].

8. **keactrl improvements**. `keactrl` tool now prints some statuses
better [#2117].

9. **Documentation**. Logging formatting is now documented [#2134],
introduced many editorial changes in the ARM [#2139], a documentation
build on readthedocs service has been fixed [#2161].

## Incompatible Changes

1. The schema for PostgreSQL database has been substantially expanded.
There are no changes to existing tables, but many new tables were added.
Those should not affect existing users, although schema upgrade is

2. The YANG modules used in NETCONF have been updated. If your
deployment is using NETCONF, you need to migrate your configuration to
the updated modules.

## License

This version of Kea is released under the Mozilla Public License,
version 2.0.


The premium and subscriber-only hooks libraries are provided under the
terms of an End User License Agreement.

## Download

Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:


The Kea source and PGP signature for this release may be downloaded from:


The signature was generated with the ISC code signing key, which is
available at:


ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
.io/en/latest/index.html) in HTML, plain text, or PDF formats. ISC
maintains a public open source code tree, wiki, issue tracking system,
milestone planner, and roadmap at

Limitations and known issues with this release can be found at

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
/mailman/listinfo/kea-users)). We would also like to hear whether the
documentation is adequate and accurate. Please open tickets in the Kea
GitLab project for bugs, documentation omissions and errors, and
enhancement requests. We want to hear from you even if everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea and DHCP
software support see

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
y/mailing-list). If you have any comments or questions about working
with Kea, please share them to the Kea Users list
/mailman/listinfo/kea-users)). Bugs and feature requests may be
submitted via GitLab at

## Changes

The following summarizes changes and important upgrade notes since the
2.0.0 release for Kea core:

1970.	[build]		razvan
	Library version numbers bumped for Kea 2.1.1 development
	(Gitlab #2195)

1969.	[build]		andrei
	Fixed "make check -j N" running tests in parallel in src/lib/log.
	(Gitlab #2172)

1968.	[build]		andrei
	Fixed make check failing when googletest support was disabled.
	(Gitlab #2167)

1967.	[bug]		andrei
	Fixed a bug where keactrl did not color the active status code
	for kea-dhcp-ddns as it did for the other servers.
	(Gitlab #2117)

1966.	[func]		djt
	Allow Kea to pack opaque data tuples within options with zero
	length to accommodate some DHCP clients who have been observed
	to send DHCPv4 option 124 with zero length tuples.
	(Gitlab #2021)

1965.	[func]		andrei
	Increase the value that "maxsize" can take from 2GB to 2PB.
	(Gitlab #2130)

1964.	[func]		wlodek
	Added support for Debian 11 in hammer.py.
	(Gitlab #2042, #2193)

1963.	[func]		andrei
	hammer.py has had several improvements.
	NETCONF and PostgreSQL will be properly configured when running
	prepare-system on Fedora and FreeBSD.
	vagrant will be automatically upgraded if it is too outdated.
	Error messages are more clear when running on unsupported
	hammer.py is now able to detect Arch Linux distributions and
	offers limited support for it, being able to prepare-system with
	freeradius and netconf support.
	(Gitlab #2111, #2112)

1962.	[func]		andrei
	kea-netconf updates: fixed store-extended-info, it was an
	operational node instead of a config node. Added several
	containers and leaves: compatibility, lenient-option-parsing,
	multi-threading, enable-multi-threading, packet-queue-size,
	thread-pool-size, valid-lifetime, min-valid-lifetime,
	max-valid-lifetime, preferred-lifetime, min-preferred-lifetime,
	max-preferred-lifetime, cache-max-age, cache-threshold,
	ddns-generated-prefix, ddns-override-client-update,
	ddns-override-no-update, ddns-qualifying-suffix,
	ddns-replace-client-name, ddns-send-updates,
	ddns-update-on-renew, ddns-use-conflict-resolution,
	ip-reservations-unique, parked-packet-limit, reservations-global,
	reservations-in-subnet, reservations-out-of-pool,
	statistic-default-sample-age, statistic-default-sample-count,
	store-extended-info, on-fail.
	(Gitlab #2136)

1961.	[func]		tomek, tmark
	The initial, stubbed version of the PostgreSQL CB hook
	library has been created.  The library is not yet functional
	and does not installed.
	(Gitlab #1848)

1960.	[build]		andrei
	Froze sphinx dependency versions used to build documentation.
	Added the update-python-dependencies Makefile rule to bump the
	(Gitlab #2161)

1959.	[doc]		djt
	Move documentation for acceptable format strings into the Kea
	ARM. The relevant section of the ARM was previously referring
	to a dead link in the Log4cpp documentation.
	(Gitlab #2134)

1958.	[func]		tomek, tmark
	PostgreSQL database schema has been extended with tables for
	Config Backend (CB). This is the first step towards PostgreSQL
	CB. However, as there is no code yet to use those new tables,
	they're not not functional yet.
	(Gitlab #90, #2166)

And for Kea premium:

134.	[func]		razvan
	Added exchange-timeout, rekey-interval, retry-interval
	configuration entries to GSS-TSIG.
	(Gitlab #2138, #2174)

133.	[func]		fdupont
	Added the gss-tsig-rekey and the gss-tsig-rekey-all API commands
	to create new GSS-TSIG keys.
	(Gitlab #2127)

itlab.isc.org/isc-projects/kea/-/wikis/Release-Notes) for a complete
list of release notes.

Thank you again to everyone who assisted us in making this release

We look forward to receiving your feedback.

More information about the Kea-announce mailing list