[kea-announce] Kea 2.3.6, a new development release of Kea, is now available

Everett B. Fulton ebf at isc.org
Wed Mar 29 13:01:35 UTC 2023 

Internet Systems Consortium is pleased to announce the release of Kea 2.3.6.

Releases in the Kea 2.3.x sequence are part of the Kea 2.3 development
branch, where new features are provided for testing and evaluation
before the branch is designated stable and recommended for production use.

The current stable branch of Kea is Kea 2.2 and its most recent release
is 2.2.0

Kea source tarball are available from cloudsmith.io:


https://dl.cloudsmith.io/public/isc/kea-2-2/raw/versions/2.2.0/kea-2.2.0.tar.gz

https://dl.cloudsmith.io/public/isc/kea-2-3/raw/versions/2.3.6/kea-2.3.6.tar.gz

And from the ISC download page:

          https://www.isc.org/download

---

# Kea 2.3.6 Release Notes, March 29th 2023

Welcome to Kea 2.3.6, the seventh monthly release of the 2.3 development
series. As with any other development release, use this with caution:
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium
(ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a
REST API; optional database support (MySQL and PostgreSQL); optional
RADIUS, Kerberos, and YANG/NETCONF support; and much more. Kea provides
extensive management capabilities, including but not limited to: TLS
support, run-time configuration monitoring and updates via a REST API,
host reservations, client classification, and more.

The text below references issue numbers. For more details, visit the Kea
GitLab page at https://gitlab.isc.org/isc-projects/kea/issues.

The following features and bug fixes have been implemented since the
previous release, version 2.3.5:

1. **Never-send**: With earlier Kea versions, it was difficult to
configure an option that was supposed to be present everywhere except a
small number of locations. A new flag `never-send` was introduced. It
allows users to configure a given option globally and then suppress
sending it in a particular subnet or shared network [#719].

2. **Multiple Vendor options**: The Kea DHCPv4 server can now handle
multiple `vivco-suboptions` options with different enterprise IDs [#467].

3. **Usability: Better configuration checks**: New command line
parameter `-T` allows testing the configuration file with extra checks
for database connections, hook libraries, etc. [#1671].

4. **DDNS improvements**: Kea-dhcp4 and kea-dhcp6 support a new
parameter, `ddns-ttl-percent`, which allows setting the DNS TTL as a
percentage of a lease lifetime [#225].

5. **Accepting all traffic**: Earlier Kea versions followed an RFC2131
rule that checked whether the `server-identifier` matched Kea's. If not,
the packet was intended for some other DHCP server and was dropped.
However, in certain advanced scenarios it is useful to be able to force
Kea to accept everything. A new parameter,
`ignore-dhcp-server-identifier` for kea-dhcp4 allows enabling this
behavior [#2785].

6. **Early allocation**: RFC2131 states that leases are supposed to be
allocated when the server receives a REQUEST message. However, that
means that in certain situations, particularly when the server is almost
out of addresses, the client can get a DISCOVER with an address, but
when it actually requests the address, it gets doesn't get the address.
This is a conformant behavior, but it differs from ISC DHCP, which
assigned a short-lived (120s) lease when receiving DISCOVER. Kea-dhcp4
now supports the `offer-lifetime` parameter allowing for the temporary
allocation of leases during DHCPOFFER [#2719].

7. **RFC8572 compatibility:** Added support for Secure Zero Touch
Provisioning options as per RFC8572. Kea can now handle DHCPv4 Option
code #143 and DHCPv6 Option code #136 [#939].

8. **Compatibility:** Added a new `exclude-first-last-24` DHCPv4
compatibility flag, which skips addresses in .0 and .255 in subnets
larger than /24 [#720].

9. **Free Leases Queue**: Significant progress has been made with the
implementation of FLQ. FLQ will be an alternative allocation strategy
that will allow Kea to assign available addresses in pseudo-random
order. This will be particularly advantageous for shared database
scenarios as it will minimize the number of collisions between Kea
instances. Also, it will provide some protection against scanning
attacks. While the feature is not functional yet, two major milestones
were achieved. First, the lease manager was instrumented, so it's now
easy to perform specific additional tasks when the lease changes
[#2764]. Second, the design for the feature has been written and is
available on the project wiki [#1126].

10. **Bugfixes**: Fixed a bug that was changing the multi-threading
settings when running `config-test` command when the settings were
different from the server's configuration. Hooks now set the DROP flag
on the dhcp4_srv_configured and dhcp6_srv_configured callouts if the
configuration is invalid or an error occured [#2799]. The kea-dhcp4 and
kea-dhcp6 reload function (triggered by SIGHUP) has been enhanced to
roll back to the previously working configuration if the new
configuration is invalid [#2722]. Fixed a bug that advertised
re-assigned released leases with zero lifetimes [#2766]. Compatibility
flags, e.g. `lenient-option-parsing`, are now saved by `config-get` and
similar commands [#2790]. Corrected code that allowed `lease6-get-*`
commands to return IA_NA leases with prefix length values of zero
[#2660]. Kea-dhcp6 now consistently uses valid and preferred lifetime
values provided via classes [#2739]. Added missing log messages for host
commands hooks library [#2783].

11. **Documentation:** The ARM security section now explains how to tune
the OpenSSL configuration file, so the Kea service can accept commands
over HTTPS with the desired TLS version [#2784].

## License

This version of Kea is released under the Mozilla Public License,
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

The premium and subscriber-only hook libraries are provided under the
terms of a Kea Hooks Basic Commercial End User License Agreement.

## Download

Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:

https://cloudsmith.io/\~isc/repos/

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

as well as from the Cloudsmith repository.

The signature was generated with the ISC code signing key, which is
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
https://kea.readthedocs.io/en/latest/index.html.

Limitations and known issues with this release can be found at
https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list.

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
(https://lists.isc.org/mailman/listinfo/kea-users. We would also like to
hear whether the documentation is adequate and accurate. Please open
tickets in the Kea GitLab project for bugs, documentation omissions and
errors, and enhancement requests. We want to hear from you even if
everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea and DHCP
software support see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list.

## Changes

The following summarizes changes and important upgrade notes for core
Kea since the previous release, version 2.3.5:

2120.	[build]		razvan
	The library version numbers have been bumped up for the Kea 2.3.6
	development release.
	(Gitlab #2807)

2119.	[func]		tmark
	Added a new parameter, ddns-ttl-percent, to kea-dhcp4
	and kea-dhcp6, that may be used to calculate DNS TTL
	as a simple percentage of the lease life time.
	(Gitlab #225)

2118.	[bug]		razvan
	Fixed a bug which was changing the multi-threading settings when
	running config-test command and the settings were different from
	the server's configuration. This also fixes the rollback on the
	multi-threading settings if there is a configuration error
	detected. Also hooks now set DROP flag on the
	dhcp4_srv_configured and dhcp6_srv_configured callouts if the
	configuration is invalid or an error occured. Proper shutdown
	of the HTTP listener is performed now instead of generating a
	server crash if the provided address is not valid.
	(Gitlab #2799)

2117.	[func]		fdupont
	Added a new ignore-dhcp-server-identifier DHCPv4 compatibility
	flag which when set to true (default is false) makes any query
	to be accepted even when the address in the DHCP Server
	Identifier option belongs to another server (standard behavior
	is to drop such queries).
	(Gitlab #2785)

2116.	[func]		piotrek
	Added support of Secure Zero Touch Provisioning options as per
	RFC8572. Kea can now handle DHCPv4 Option code #143 and DHCPv6
	Option code #136.
	(Gitlab #939)

2115.	[func]		tmark
	Added the parameter, offer-lifetime, to kea-dhcp4.  When
	greater than zero, the server temporarily allocates and
	persists leases during DHCPOFFER processing.
	(Gitlab #2719)

2114.	[func]		razvan
	Added the -T command line parameter to kea-dhcp4 and kea-dhcp6
	for testing configuration files, similar to -t, but with extra
	checks like checking database connections, checking hook
	libraries parameters, and others.
	(Gitlab #1671)

2113.	[bug]		razvan
	The reload functionality (by sending SIGHUP) of the kea-dhcp4
	and kea-dhcp6 servers has been enhanced to rollback to
	previously working configuration if the new configuration is
	invalid. There are still cases that can leave the server in an
	unrecoverable state, and such case is indicated by a FATAL
	log message. The same logic applies to the "config-set" command
	available to the server through the control channel.
	(Gitlab #2722)

2112.	[doc]		fdupont
	Added in the ARM security a section explaining how
	to tune the OpenSSL configuration file for Kea service
	accepting commands over HTTPS.
	(Gitlab #2784)

2111.	[bug]		fdupont
	Fixed a bug which advertised re-assigned released leases
	with zero lifetimes.
	(Gitlab #2766)

2110.	[func]		fdupont
	A new boolean configuration flag called "never-send" has been
	added to the option data scope. When enabled, the option is not
	sent in a response to the client, even if the client explicitly
	requests it.
	(Gitlab #719)

2109.	[bug]		fdupont
	Compatibility flags e.g. lenient-option-parsing were not
	saved by config-get and similar commands.
	(Gitlab #2790)

2108.	[func]		fdupont
	Added a new exclude-first-last-24 DHCPv4 compatibility flag
	which when set to true (default is false) skips addresses
	in .0 and .255 in subnets with prefix length less than 24
	in the allocation engine routine picking a free address.
	(Gitlab #720)

2107.	[func]		fdupont
	The Kea DHCPv4 server can now handle multiple vivco-suboptions
	options with different enterprise IDs.
	(Gitlab #467)

2106.	[bug]		tmark
	Corrected code that allowed lease6-get-* commands to return
	IA_NA leases with prefix length values of zero and logic in
	kea-dhcp6 that was incorrectly generating duplicate iaaddr
	options with lifetimes of zero for such leases in REPLYs to
	RENEWs.
	(Gitlab #2660)

2105.	[bug]		tmark
	kea-dhcp6 now consistently uses valid and preferred lifetime
	values provided via classes.  Prior to this it was not
	utilizing class-supplied lifetimes when renewing existing
	leases or when reusing expired leases.
	(Gitlab #2739)

And for Kea premium:

165.	[bug]		razvan
	Hooks now set DROP flag on the dhcp4_srv_configured and
	dhcp6_srv_configured callouts if the configuration is invalid
	or an error occured. Proper shutdown of the HTTP listener is
	performed now instead of generating a server crash if the
	provided address is not valid.
	(Gitlab #2799)

164.	[bug]		razvan
	Added missing log messages for host commands hooks library.
	There are three messages that can be logged when any command is
	issued: one INFO message when the hook starts processing the
	command and one INFO message when it finishes with no error or
	one ERROR message then an error occurs.
	(Gitlab #2783)

See https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes for a
complete list of release notes.

Thank you again to everyone who assisted us in making this release
possible.

We look forward to receiving your feedback.

-- 
Everett B. Fulton
ISC Support

More information about the kea-announce mailing list