[Kea-announce] Kea 2.1.0, a new development release of Kea, is now available

Wed Oct 27 19:08:25 UTC 2021

Internet Systems Consortium is pleased to announce the release of Kea 2.1.0.

                                  -  -  -

Kea 2.1.0 is the first release version of the Kea 2.1 development branch.

As a reminder:  Internet Systems Consortium uses an alternating branch 
scheme for our releases.  Branches that have an odd number in the digit
after the first "." (for example:  Kea 1.9, Kea 2.1) are experimental
development branches, while branches that are even-numbered are intended
for stable production use (for example: Kea 1.8, Kea 2.0.)

The purpose of the development branch is to provide frequent snapshot
releases for those who wish to track the development of new features in
the experimental branch (2.1) while keeping new feature development work
separate from the stable branch (2.0) that is recommended for production
use.

You can read more about specific changes in the release notes below.

Cathy Almond
ISC Support

-----------------------------------------------------------------------

# Kea 2.1.0, Oct 27th 2021, Release Notes

Welcome to Kea 2.1.0, the first monthly release of the 2.1 development
branch. As with any other development release, use this with caution:
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium
(ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a
REST API; optional database support (MySQL and PostgreSQL); optional
RADIUS, Kerberos, and Yang/NETCONF support; and much more. Kea provides
extensive management capabilities, including but not limited to: TLS
support, run-time configuration monitoring and updates via a REST API,
host reservations, client classification, and more.

The text below references issue numbers. For more details, visit the Kea
GitLab page at https://gitlab.isc.org/isc-projects/kea/issues.

The following bugfixes and features have been implemented since the Kea
2.0.0 release:

1. **Authoritative mode improvements.** By default, Kea assumes it has
full knowledge about the networks it governs. However, it can be told
that there are other servers on the network (`authoritative=false`). In
such cases, Kea does not send NAK for leases it doesn't know about. This
mechanism was implemented properly, but was buggy in some cases; this
has been now corrected (#1584).

2. **Multi-line in forensic logging.** The forensic logging hook library
can now log on multiple lines using the hex string 0x0a. Each line is
prepended by the timestamp. This may be useful for verbose logging which
could produce excessively long log entries (#2087).

3. **GSS-TSIG hook.** Work continues on this subscriber-only hook. While
it still retains its experimental status, it is now much more robust and
handles both positive and negative scenarios much better. The hook is
now able to report statistics for GSS-TSIG keys (number of created
GSS-TSIG keys, when TKEY exchange was created for each key, last
successful use, last timeout, and last error) (#2124, #2089). General
library robustness has been improved. TKEY exchange can now be
cancelled, which is useful for clean reconfiguration or shutdown
(#2092). Building with GSSAPI enabled and without unit tests now works
properly (#2114). The code now handles a situation in which the server
returns BADNAME, which can happen if the key identifier is duplicated
(#2128). The ARM section has been expanded with a description of how to
configure Microsoft Windows Active Directory to work with Kea's GSS-TSIG
library (#2113). Unit-tests are now more robust and no longer fail on
CentOS 8 and Fedora 34 (#2082, #2056). The `fallback` parameter has been
added to make it possible to indicate what to do if DNS Update is
supposed to be carried out, but the key for it is not available (#2125).
GSS-TSIG now sets the environment variables correctly (#2109).

4. **Statistics improvements.** Kea can change its configuration
dynamically. In particular, it's possible to remove subnets or change
their subnet-id. Previously, Kea kept reporting leftover statistics for
subnets that no longer existed; this deficiency has been fixed (#2033).

5. **Build and packaging improvements.** The Sysrepo/NETCONF detection
in the configure script has been improved on Fedora systems (#2049).

6. **Documentation updates.** Many documentation updates made it into
this release. Vivso options are enumerated (#1745). An example
showcasing how to use forensic logging on multiple lines has been added
(#2087). The Kea ARM has been proofread and corrected in many places
(#2103, #2132, #2135). A small tweak in the TLS certificate-generation
instructions was added (#2110).

## Incompatible Changes

1. **No NAKs for unknown addresses.** The DHCPv4 server now silently
ignores DHCPREQUEST messages which request an address that Kea knows
nothing about. Previously a NAK was sent in response (#1584).

2. **Upgrading from recent development versions may fail if client
classes were used in CB**. Kea 1.9.10 and 1.9.11 had a bug in the delete
commands for client classes in the Config Backend. If you used client
classes in the config backend and deleted them using the API, the
upgrade to 2.0.0 may fail. See the known issues list
(https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list#kea-19
10-1911.

3. **The GSS-TSIG hook has been renamed** to `libddns_gss_tsig.so` to
signify that it is supposed to be loaded by the DDNS server, as opposed
to all the other hooks, which are loaded by the DHCP servers (#2115).

## License

This version of Kea is released under the Mozilla Public License,
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

The premium and subscriber-only hooks libraries are provided under the
terms of an End User License Agreement.

## Download

Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:

https://cloudsmith.io/\~isc/repos/

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

The signature was generated with the ISC code signing key, which is
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
https://kea.readthedocs.io/en/latest/index.html.

Limitations and known issues with this release can be found at
https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list.

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
(https://lists.isc.org/mailman/listinfo/kea-users. We would also like to
hear whether the documentation is adequate and accurate. Please open
tickets in the Kea GitLab project for bugs, documentation omissions and
errors, and enhancement requests. We want to hear from you even if
everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea and DHCP
software support see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list.

## Changes

The following summarizes changes and important upgrade notes since the
2.0.0 release for Kea core:

1957.	[build]		razvan
	Library version numbers bumped for Kea 2.1.0 development
	version.
	(Gitlab #2141)

1956.	[bug]		tmark
	Modified stat_cmds hook library to omit statistics
	for non-existent subnets from results returned by
	stat-lease4-get and stat-lease6-get commands.
	(Gitlab #2033)

1955.	[bug]		tmark
	kea-dhcp4 no longer sends DHCPNAKs in response to
	DHCPREQUESTs for addresses for which it has no knowledge.
	(Gitlab #1584)

1954.	[doc]		fdupont
	Updated the Developer's Guide to explain what to do when
	GSS-TSIG hook unit tests fail from a system Kerberos
	incompatible configuration.
	(Gitlab #2056)

1953.	[build]		fdupont
	Changed the name of the GSS-TSIG hook library object to
	libddns_gss_tsig.so.
	(Gitlab #2115)

And for Kea premium:

132.    [func]      razvan
     The forensic logging hook library can now log on multiple lines
     using the hex string 0x0a. Each line is prepended by the
     timestamp.
     (Gitlab #2087)

131.    [func]      fdupont
     Implemented a configure flag which governs the behavior
     when GSS-TSIG is enabled but no key is available.
     The default (and previous) behavior is to skip this
     DNS server, the flag allows instead to fallback to
     the disabled GSS-TSIG one.
     (Gitlab #2125)

130.    [func]      fdupont
     Added statistics to the GSS-TSIG hook library to follow the
     GSS-TSIG key and TKEY activity.
     (Gitlab #2124)

129.    [bug]       fdupont
     The GSS-TSIG hook library now sets and restores environment
     variables when configured.
     (Gitlab #2109)

128.    [build, bug]    fdupont
     The nsupdate test tool of the GSS-TSIG hook library is
     correctly built even without Google Test.
     (Gitlab #2114)

127.    [build]     fdupont
     Changed the name of the GSS-TSIG hook library object to
     libddns_gss_tsig.so.
     (Gitlab #2115)

See https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes for a
complete list of release notes.

Thank you again to everyone who assisted us in making this release
possible.

We look forward to receiving your feedback.