# Kea 2.6.0 Release Notes, May 29th 2024 Welcome to Kea 2.6.0, a new stable version. Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST API; optional database support (MySQL/MariaDB and PostgreSQL); optional RADIUS, Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, Role-Based Access Control, run-time configuration monitoring and updates via a REST API, host reservations, and client classification. The text below references issue numbers. For more details, visit the Kea GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For details about Docker issues, visit the page at https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details about packaging, visit the page at https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/. The following features and bug fixes have been implemented since the previous stable release, version 2.4.1: 1. **Hub-and-spoke model in High Availability (HA)**: Kea can now handle multiple HA relationships. In particular, it can handle the popular scenario of a central office (hub) providing failover support to multiple smaller satellite offices (spokes), reducing the number of servers required overall for a high-availability deployment. Extensive tests of this new functionality have not yet been completed, so use this with caution [#3106, #3178, #1149]. The hub-and-spoke model is not compatible with the `reselect-subnet-pool` and `reselect-subnet-address` parameters in RADIUS [#3252]. 2. **Ping Check hook**: One of the few ISC DHCP features that was not previously available in Kea is ping check; following customer requests, it has now been added. The basic idea is that, before handing out an IPv4 lease, the Kea DHCP server attempts to ping the address to be offered. If it receives a response, it marks the lease as being declined and discards the offer. Pings are not 100% reliable due to access technologies, firewalls, broken clients, and other factors, but in some deployments ping check may be very helpful [#3008, #3008, #3012, #3053, #3054, #3055, #3083, #3187, #3110]. A new hook point `lease4-offer` was implemented [#3063, #3038] and documented [#3067]. This hook was tested on Linux and BSD systems [#3101, #3099]. The Ping Check hook library is available only to ISC paid support subscribers. [#2781, #3084, #3165]. 3. **RADIUS hook**: The old RADIUS implementation was lacking in several areas: it was based on a patched version of FreeRADIUS-client, with effectively unmaintained code; it was not multi-threading-capable; and the nature of its code made it almost impossible to adapt for parallel operations. The old RADIUS hook was abandoned [#3168] and replaced with a new implementation that does not have any of the aforementioned problems. The new Kea RADIUS hook is multi-threading capable and the code is much easier to maintain [#3027, #3041, #3069, #3070, #3043, #3302]. In fact, many of the problems observed with the old code were fixed: for example, the RADIUS hook library is now multi-threaded; this is the last hook library that was missing multi-threading compatibility. A thread pool now helps process RADIUS exchanges, and a configuration entry, `thread-pool-size`, can limit the maximum number of spawned threads [#3262]. The Host Cache hook is now multi-threading-capable [#2023]. The RADIUS hook now supports the `Delegated-IPv6-Prefix` RADIUS attribute, which can be used to reserve an IPv6 Prefix Delegation [#2984]. Misuse of `Framed-IPv6-Prefix` in the RADIUS hook was fixed [#2998]. RADIUS packets are now sent asynchronously, allowing other DHCP packets to be processed until a RADIUS response is received [#2022]. There are a few differences that come from using Kea's own RADIUS client as opposed to the FreeRADIUS client; they are documented in the ARM [#2442, #3042, #3081, #3104, #3105, #3127]. The coexistence with HA was improved. The RADIUS hook has the ability to send accounting updates to the RADIUS server. In scenarios where the HA and RADIUS hooks are used together, the Kea server sends accounting updates when receiving lease updates from a partner, even if the partner already sent them. This might not be preferable in some deployments. A new option `peer-updates` can be set to `false` to disable this behavior [#3123]. Radcli, a potential replacement for the FreeRADIUS-client, was evaluated but rejected [#404]. The RADIUS hook library is available only to ISC paid support subscribers. 4. **Stash Agent options**: ISC DHCP provided a `stash-agent-options` mechanism that, when enabled, caused the server to remember options inserted by a relay agent during the initial exchange with a client. This mechanism is now supported by Kea. In cases where clients using relay options on initial address assignment renew their lease by communicating with the server directly, bypassing the relay, those relay options are now preserved for use during renewal [#2976]. 5. **Performance Monitoring hook**: A new open source hook is available: it provides insight into Kea performance and may be very useful for troubleshooting performance bottlenecks. The Performance Monitoring hook is highly configurable and allows reporting of many metrics and alarms [#3047, #3230, #3231, #3242, #3245, #3253, #3278, #3297]. 6. **Upper/lower case in expressions**: A mechanism to convert strings to upper (`ucase`) and lower (`lcase`) case in expressions has been implemented [#3048]. 7. **New global parameters in the Configuration Backend**: The Config Backend now supports scalar parameters contained by top-level global scopes: `compatibility`, `control-socket`, `dhcp-ddns`, `expired-leases-processing`, `multi-threading`, `sanity-checks`, `server-id`, and `dhcp-queue-control`. The parameters may be stored using dot notation; for example, the `lenient-option-parsing` parameter in the `compatibility` scope can be referenced as `compatibility.lenient-option-parsing` [#1790]. 8. **Database connection retry on startup**: Kea can be set to retry database connection attempts on startup. The new `retry-on-startup` parameter controls this behavior along with the other existing parameters: `on-fail`, `max-reconnect-tries`, and `reconnect-wait-time` [#3019]. 9. **Classless static route option**: Support was implemented for option 121 for DHCPv4, which conveys the classless static route information to clients [#3074]. 10. **Discovery of Network-designated Resolvers (DNR) options**: The implementation of the DNR option has been updated to respect the encoding of service parameters updated in RFCs 9463, 9461, and 9460. To facilitate the configuration of these service parameters, a convenient notation was introduced [#3141]. 11. **YANG/NETCONF**: The NETCONF model has been updated and Kea code has been corrected to properly handle vivso (vendor-independent vendor-specific) options [#3198]. The following YANG module updates have been made: `qualifying-suffix`, `override-no-update`, `override-client-update`, `replace-client-name`, `generated-prefix`, `hostname-char-set`, and `hostname-char-replacement` were removed from dhcp-ddns; `reservation-mode` was removed; and `retry-on-startup`, `stash-agent-options` and `ddns-conflict-resolution-mode` were added [#3301]. 12. **Bulk Leasequery (BLQ) improvements**: Empty relay ID and remote ID options in BLQ requests are now properly treated as malformed, and are met with a reply containing a proper message [#2906]. The by-link address query has been implemented for DHCPv6. The new command `extended-info6-upgrade` upgrades old DHCPv6 leases from the lease database to be visible by Bulk Leasequery. This one-time operation is useful for users who want to start using BLQ immediately and cannot wait for the normal lease renewal process to gradually fill in the data [#2869]. Kea now returns all the associated IPv6 PD (Prefix Delegation) leases when queried over the BLQ protocol [#3149]. 13. **Security**: A report from Coverity Scan was reviewed and some issues were addressed [#3051]. Our security policy was published in a GitHub-friendly format [#3080]. Kea's unit tests now work properly with OpenSSL 3.1.3 [#3093]. It is now possible to configure Kea to read a TSIG secret from a file on disk [#3133]. Errors reported by UBSAN were fixed [#3364]. The Kea ARM now explains how to verify tarball signatures [#3021]. 14. **Various improvements**: The `subnet4-update` command, part of the subscriber-only hook library `subnet_cmds`, has been extended slightly and now logs information about the subnet being updated [#2982]. The client ID is now included in the EVAL_RESULT message [#2854]. The DHCP4_CLASS_ASSIGNED log message now works properly with shared networks [#2908]. The information about DHCPv6 clients in the Forensic Logging hook is now also logged on the secondary server in a HA configuration [#2967]. It is now permitted for the DDNS daemon to listen on 0.0.0.0 or ::. This is a bad idea in general, but in some specific deployments, such as with a Docker container, it is convenient [#3116]. Kea is now able to pause and resume threads, instead of stopping and restarting them, resulting in greater efficiency [#1599, #3142]. The database schema is now initialized on startup if the configured database is empty [#3025]. The HA mechanism is a bit more robust now. We fixed an inconsistent HA state that occurred when one of the terminated services was restarted and the other one was not. The restarted service now waits 10 minutes for the partner to restart; if the partner is not restarted within that time, the service transitions to the terminated state to continue responding to DHCP traffic [#3250]. We corrected an issue in processing the `server-name` argument of the `ha-sync` command; the argument was ignored when the synchronization with a backup server was performed [#3276]. Several loggers (`alloc-engine`, `bad-packets`, `ddns`, `eval`, `leases`, `options`, and `packets`) were extended to provide more information about transaction ID, hardware address, and client ID details in existing log messages [#2820]. The Limits hook can now be configured alongside `retry-on-startup` on the lease database; previously, in this situation, the Kea DHCP server would not attempt to retry the connection, but would exit with an error [#3189]. 15. **Bug fixes**: We fixed a problem that, when upgrading from Kea 2.2.1 or earlier, could lead to all the IPv6 leases to expire immediately, when using MariaDB 10.10 or later [#3396]. We fixed a crash that could happen when Kea, linked with `libmysqlclient`, reconnected to the MySQL database during the execution of an SQL statement [#2792]. A problem with DHCP4_CLASSES_ASSIGNED being logged twice was fixed [#2591, #3009]. A race condition in the Free Lease Queue (FLQ) allocator code was fixed [#3111]. A problem was fixed with the DHCPv4 vendor options no longer getting encapsulated when using MySQL as a backend [#2881]. Kea daemons now properly redetect interfaces that may have appeared or disappeared since the daemon was started [#3017]. We added `DHCP4_DISCOVER` and `DHCP4_REQUEST` messages and renamed `DHCP4_LEASE_ADVERT` to `DHCP4_LEASE_OFFER` to better align with ISC DHCP logging format [#2918]. We fixed improper handling of large (larger than 64 bits) statistics by the Control Agent [#3068]. A new warning message is shown when the `ip-reservation-unique` flag is set to "true", but the database contains multiple reservations for the same IP [#3108]. The run(), run_once(), and poll() methods in IOService are now guarded against possible exceptions [#3112]. Many smaller issues reported by Coverity Scan were fixed [#3119]. The getopt function call has been improved to adhere better to Alpine's musl implementation [#2788]. An iterator is now properly checked in perfdhcp [#3185]. A potential use-after-free on server exit was fixed when Botan is used [#3193]. Some hooks using multi-threading postpone their startup until after the configuration has been completed; if the hook subsequently failed the startup, the error would not have been properly propagated. The fix ensures that the errors are reported during the configuration stage [#2692]. The code is now more defensive when going through a shutdown procedure. This addresses some of the issues reported for an unclean Kea shutdown [#3190]. A problem was fixed with database reconnection after a failure, and Kea no longer attempts rapid reconnects [#3300]. A bug was fixed when `reservation-del` was used to delete IPv6 reservations on Postgres [#3294]. We fixed a bug where omitting the `response-filters` parameter for the Role-Based Access Control (RBAC) hook configuration resulted in commands being rejected [#3314]. A crash in the Performance Monitoring hook, which occurred when no subnet was assigned, was fixed [#3347]. A crash was fixed that could manifest itself if startup failed and there were at least two hooks loaded [#3308]. We added better IO service handling in a multi-threaded environment [#3315]. The `-T` command-line parameter used to test configuration is now a bit more robust [#3305]. The Postgres schema was corrected: a DHCPv4 index now points correctly to the DHCPv4 table [#2957]. Earlier Kea versions dropped the whole packet if an invalid FQDN option was received; this is now corrected and only the option is ignored, rather than the whole packet [#3289]. We fixed a potential heap-use-after-free bug in the Ping Check hook [#3281]. An issue that could cause kea-dhcp-ddns to stop processing queued requests was addressed [#3295]. We fixed a problem with statistics not being updated when a subnet was updated using the `subnet4_update` or `subnet6_update` commands [#3195]. The `status-get` command now returns status properly, even if a lease database connection is not established [#3223]. The `pool-id` parameter is now supported properly for the PD pools in the Kea DHCPv6 daemon [#3424]. 16. **Documentation**: Subnet selection by specifying an interface for a subnet is now documented [#2968]. A small correction to the documentation of the `-D` option of perfdhcp has been fixed [#2995]. A new diagram explaining how Kea recognizes whether a client is the same as a previous one was added [#2908]. We added examples for Secure Zero Touch Provisioning options [#3002]. We added a note about PXE DHCPv6 clients [#181]. CentOS 7 references were removed from the documentation, as it is no longer supported [#2980]. The ARM section about log message format was clarified [#2591, #3011]. Class priority is now better documented [#2750]. A confusing example for DHCPv4 policy-filter (option 21) was clarified [#3095]. The DDNS section of the ARM now mentions the DDNS Tuning hook as a possible fine-tuning tool [#3046]. A confusing typo in the documentation for DDNS updates was fixed [#3138]. The Knowledgebase (KB) article about installing Kea from packages was expanded and now explains how to optionally configure a proxy to reach the appropriate Cloudsmith repository. For details, see https://kb.isc.org/docs/isc-kea-packages [#3136]. The ARM was updated to clearly state that the behavioral parameters for DDNS are obeyed, even if DDNS updates themselves are disabled [#3098]. An invalid JSON example was corrected [#3336]. The parameters for `ddns4_update` and `ddns6_update` hook points are now documented properly [#3279]. The server limitations section was updated after ping check was made available [#3221]. Another huge editorial and proofreading review was completed [#3363]. The application of the `ha-scopes` command was clarified in the ARM [#3290]. We updated documentation for PostgreSQL 15.x or later [#2773], and corrected several examples and a log message related to handling PD leases in `lease_cmds` [#3340]. A list of supported IETF RFCs standards was significantly updated [#3346]. We removed an outdated recommendation regarding Kea upgrades on HA servers [#3338]. We clarified when the `extended-info4-upgrade` and `extended-info6-upgrade` commands should be used [#3426]. We clarified some documentation examples so they no longer refer to the non-existent agent commands hook [#3001]. 17. **Build improvements**: A problem with header inclusions has been fixed; the code now builds properly on OpenBSD [#2970]. A warning about array-bounds warnings on Ubuntu and possibly other distributions has been fixed [#2821]. The `--enable-debug` compilation option now enables more debugging features [#1520]. Hammer, a Kea build tool used mostly by QA and release engineering, has been improved to better handle packages for CentOS 7; CentOS 7 itself is no longer supported, but it might be useful when using hammer from this release to build older Kea releases [#3060]. The `flto` (link-time optimization) was disabled on RHEL packages; this optimization caused Kea to crash in some rare circumstances [#3058]. Fedora 38 compilation was fixed [#3031]. Testing libraries are no longer built when compiling without Google Test [#3032]. A more detailed GTEST_VERSION is now reported when building with `--with-gtest-source` [#3065]. We improved `-V` and `-W` handling when Kea is installed from precompiled packages [#3078]. Hammer has gotten a new `--just-configure` option [#3229]. Compilation issues with the Botan library have been fixed [#3191]. Hammer was updated to build Kea while no longer needing the FreeRADIUS-client dependency [#3128]. Several previously missing headers are now installed [#3267]. Several dependencies in documentation building environments were updated [#3079]. The hammer tool now prints the list of supported systems correctly [#3249]. Several Doxygen errors were corrected [#3280]. Hammer now works on Rocky Linux [#3247]. The git commit hash for both the open source and premium repositories is now available in the config report [#3254]. A new script was added to check header and library dependencies in Makefiles [#1763]. A circular dependency in src/lib/log was fixed [#1743]. The deprecated MYSQL_OPT_RECONNECT option is only used if it's still available [#3311]. Messages being received and sent are now logged at the INFO level; previously, they were logged at the DEBUG level [#3203]. Hammer now properly sets access permissions on a PostgreSQL database on Ubuntu 24.04 [#3418]. Many compilation warnings were fixed [#3256]. 18. **Testing**: The `IOSignalTest.mixedSignals` unit test has been improved and no longer fails on an Ubuntu 22.04 VM [#2954]. The test class for Host Backend is now thread-safe [#3298]. Several improvements were made to multi-threading-enabled RADIUS unit tests [#3299]. Several unstable tests were fixed [#3418]. A test that was failing on MacOS was fixed [#3270]. 19. **Legacy code removal**: A substantial amount of old legacy code that Kea inherited from the BIND 10 days was removed. There should be no user-visible changes; however, much of the old generic code was removed, so the build process should be faster and the binaries should be a bit smaller [#3208, #3210, #3211, #3212, #3285]. Several sections of old code were refactored and dead code was removed [#3316, #3317, #3318, #3319, #3320, #3321]. 20. **Kea Premium License updated**: The end-user license agreement for commercially licensed Kea hooks has been updated to clarify some terms. The current version is 2.1.1. ## Incompatible Changes There are several changes that can be considered backward-incompatible. 1. **Minimum C++ standard**: Kea must now be compiled with a compiler that supports the C++14 standard or later; the previous minimum required standard was C++11. Compilation under the C++11 standard or prior may now fail. 2. **Removed autogenerated subnet-ids**: We removed the deprecated mechanism that automatically assigned subnet IDs if they were not specified explicitly. While this mechanism was somewhat useful for smaller deployments, it caused many issues for larger configurations and there was no viable way to fix those problems. If your deployment still uses auto-generated subnet IDs, there is an easy way to keep the auto-generated subnet IDs: before upgrading to Kea 2.6.0, call the `config-get` command. The response will have the generated subnet IDs assigned, which you can write down and use in your Kea configuration. If you upgrade before doing so, you need to assign subnet IDs manually. If you have active leases and/or host reservations, make sure your subnet IDs match in the configuration, in the host reservations, and in the leases [#2961]. If you have the `id` field defined in each `subnet`, your configuration is fine. 2. **Packages**. Packages for EL7 distributions, e.g. CentOS 7 and RHEL 7, are no longer built for Kea in Cloudsmith, following their deprecation in Kea 2.4.0. Kea is officially no longer tested on these systems. While it should be possible to install a newer compiler on CentOS 7 and then use it to compile Kea, this is not supported anymore. Please upgrade your OS. 3. **output_options renamed to output-options**: The `output_options` parameter used in configuring logging was the only parameter than used an underscore rather than a hyphen. To maintain consistency with hundreds of other options, it has been updated to `output-option`. The old spelling is still supported when reading a configuration or when setting the configuration using `config-set`; however, when retrieving (`config-get`) or storing (`config-write`) the configuration, the new syntax will be used [#3004]. 4. An existing log message `DHCP4_LEASE_ADVERT` was renamed to `DHCP4_LEASE_OFFER`. This should not affect users other than those who parse logs automatically; those users need to update their parsers with the new name. 5. We removed the deprecated `relay`/`ip-address` parameter. Please use `ip-addresses` instead [#3378]. 6. We removed the following deprecated parameters from the `dhcp-ddns` global element: `generated-prefix`, `qualifying-suffix`, `replace-client-name`, `override-client-update`, `override-no-update`, `hostname-char-replacement`, and `hostname-char-set` [#2958]. 7. The deprecated `libreload` command was removed [#2960, #2731]. 8. The deprecated `reservation-mode` parameter was removed [#2959]. In Configuration Backend, the update to Kea 2.6.0 or later properly migrates to the new configuration parameters with one exception: if the top-level `reservation-mode` was set to `global`, apart from enabling `reservations-global` which is correct, the update also leaves `reservations-in-subnet` enabled by default. If you specifically want in-pool host reservations disabled at the top-level, please disable `reservations-in-subnet` with a `remote-global-parameter4-set` or a `remote-global-parameter6-set` command after the update. 9. The `lease4-wipe` and `lease6-wipe` commands are now deprecated and will be removed in a future release [#3427]. ## Packaging 1. **Native packages**: For convenient installation, Kea is available as native packages for the following systems: Alpine 3.16 (amd64), 3.17 (amd64), 3.18 (amd64), 3.19 (amd64, aarch64); RHEL 8 (amd64), 9 (amd64, aarch64); Debian 10 (amd64), 11 (amd64, aarch64), 12 (amd64, aarch64); Fedora 36 (amd64), 38 (amd64), 39 (amd64), 40 (amd64); and Ubuntu 20.04 (amd64), 22.04 (amd64, aarch64), 24.04 (amd64, aarch64). 2. **Packaging**: Starting with this release, binary packages are provided for ARM (aarch64) architecture, in addition to the usual Intel/AMD x64 (amd64) architecture. The hammer build tool has been extended to support aarch64 [#3186]. We added packages for Fedora 40 [#3393] and Ubuntu 24.04 [#3382, #3372]. The access permissions for `/run/kea` were fixed, so now the problem with Kea complaining about not being able to create a pidfile no longer occurs [#3200]. The quickstart section in the ARM was updated to point to the current Cloudsmith repositories [#3379]. 3. **Docker**: By popular demand, this release comes with Docker images: both pre-built Docker images and Docker files are available. Users can install a single container with a specific service, such as `kea-dhcp4`, or use the `kea-compose` script that makes deployment of a cluster of containers (kea-dhcp4, kea-dhcp6, and a PostgreSQL database) much easier. Running a DHCP server in a Docker container is a bit more complicated than a typical service, as a DHCPv4 server needs to be able to receive traffic from clients that do not yet have an IP address assigned; simple port forwarding is not sufficient. Users should read about ipvlans before deploying Docker containers. Please use caution and share your feedback. For details, see the README file in https://gitlab.isc.org/isc-projects/kea-docker/. The images are based on Alpine 3.19 [kea-docker#1, kea-docker#2, kea-docker#3, kea-docker#8, kea-docker#9, kea-docker#10, kea-docker#14, kea-docker#15, kea-docker#16, kea-docker#18, kea-docker#20, kea-docker#21, kea-docker#22, kea-docker#23, kea-docker#25, kea-docker#26, kea-docker#27, kea-docker#28, kea-docker#29, kea-docker#30, kea-docker#32, kea-docker#34, kea-docker#35, kea-docker#36]. 4. The Cloudsmith repository for the 2.5 releases has been phased out. The new kea-dev Cloudsmith repository has been created, which will host the 2.7.X release as well as all future development releases. ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 Some Kea hook libraries are provided under the MPL 2.0; others are licensed with the [Kea Hooks Basic Commercial End User License](https://www.isc.org/kea-premium-license/). The source for each hook library includes the applicable license. ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/~isc/repos/ Pre-built Docker images as well as Docker files are available. For details, see: https://gitlab.isc.org/isc-projects/kea-docker The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download The signature was generated with the ISC code-signing key, which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB formats. ISC maintains a public open source code tree, wiki, issue tracking system, milestone planner, and roadmap at https://gitlab.isc.org/isc-projects/kea. Limitations and known issues with this release can be found at https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list. We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list (https://lists.isc.org/mailman/listinfo/kea-users). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea software support, see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list. If you have any comments or questions about working with Kea, please share them to the Kea Users list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and feature requests may be submitted via GitLab at https://gitlab.isc.org/isc-projects/kea/-/issues. ## Changes The following summarizes changes and important upgrades since the 2.4.0 release. Kea 2.6.0 (stable) released on May 29, 2024 2247. [build] razvan The library version numbers have been bumped up for the Kea 2.6.0 stable release. (Gitlab #3430) 2246. [bug] razvan Permit configuring pool-id in pd-pools which can be useful in statistics. Previously, Kea would emit an error when configured with PD pool ids. (Gitlab #3424) 2245. [doc] tomek Many already supported RFCs are now listed in the Supported DHCP standards and Supported DHCPv6 standards in the Kea Administrator Reference Manual (ARM). (Gitlab #3346) 2244. [func] mgodzina The lease4-wipe and lease6-wipe commands now log a deprecation warning. (Gitlab #3427) 2243. [func] razvan Updated yang modules: removed qualifying-suffix, override-no-update, override-client-update, replace-client-name, generated-prefix, hostname-char-set and hostname-char-replacement from dhcp-ddns, removed reservation-mode and added retry-on-startup, stash-agent-options and ddns-conflict-resolution-mode. (Gitlab #3301) 2242. [func] razvan Removed deprecated command "libreload". (Gitlab #2960) 2241. [doc] tomek Several aspects of lease_cmds documentation were updated. The examples and error messages were corrected. (Gitlab #3340) 2240. [doc] slawek Updated the documentation to consider the restricted default privileges provided in Postgres 15 when creating a database. (Gitlab #2773) 2239. [func]* razvan Removed deprecated parameter: "reservation-mode". (Gitlab #2959) 2238. [func]* razvan Removed the following deprecated parameters from "dhcp-ddns" global element: "generated-prefix", "qualifying-suffix", "replace-client-name", "override-client-update", "override-no-update", "hostname-char-replacement", "hostname-char-set". (Gitlab #2958) 2237. [doc] slawek Added an instruction to the ARM on how to verify the PGP signature of the tarball with the source code. (Gitlab #3021) 2236. [doc] marcin Documented incompatibility of the subnet reselection by RADIUS with the hub-and-spoke configurations in HA. (Gitlab #3252) 2235. [bug] tmark Remove defaulted on-update behavior from 'expire' columns in lease4 and lease6 tables for MySQL/Mariadb lease databases. Corrects an issue when upgrading from releases prior to Kea 2.4.0 to Kea 2.4.0 or later with Mariadb version 10.10 or later that causes all existing v6 leases to expire immediately. (Gitlab #3396) 2234. [build] andrei Kea now builds with MySQL client libraries that have removed the mysql_ssl_set function which was deprecated in MySQL 8.0.35. The mysql_options function is used instead. (Gitlab #3256) 2233. [bug] razvan Fixed a bug which was causing the status-get command to return an error when the lease database connection had not yet been established. (Gitlab #3223) 2232. [func]* fdupont Auto-generated subnet identifiers are no longer supported. Configurations that contain subnets without explicit subnet identifiers (i.e. without an "id" entry) will now be rejected. (Gitlab #2961) 2231. [func] fdupont The "ip-address" configuration parameter in the "relay" map has been removed. In its place, use "ip-addresses" introduced in Kea 1.4. (Gitlab #3378) 2230. [func] tmark Both kea-dhcp4 and kea-dhcp6 will now emit an INFO level log statement for each packet received and sent by the server. Formerly these logs were only emitted at DEBUG level. (Gitlab #3203) 2229. [bug] tmark Kea now builds with MySQL client libraries that have removed the the MYSQL_OPT_RECONNECT feature and, in those cases, no longer explicitly disables the reconnect feature, but relies on its default disabled state. (Gitlab #3311) Kea 2.5.8 (development) released on April 30, 2024 2228. [build] piotrek The library version numbers have been bumped up for the Kea 2.5.8 development release. (Gitlab #3355) 2227. [func] fdupont Implemented the stash-agent-options global parameter for DHCPv4 (new feature from ISC DHCP allowing to renew reserved address when the host reservation identifier is based on the dhcp-agent-options option added by a relay. (Gitlab #2976) 2226. [func] piotrek Added information about transaction ID in all possible places in loggers: alloc-engine, bad-packets, ddns, eval, leases, options, packets. (Gitlab #2820) 2225. [func] marcin Ensure backward compatibility of High Availability between Kea 2.5.8+ and earlier versions. It introduces a new origin-id argument to the dhcp-enable, dhcp-disable and ha-sync-complete-notify commands. It is ignored by the earlier Kea versions. The origin argument is sent in addition to the origin-id and has the format recognizable by the old Kea versions. (Gitlab #3344) 2224. [func] andrei Printing the version now mentions if premium is included and shows the git commit hash for the premium source code repository if the executable is built from sources. (Gitlab #3254) 2223. [bug] tmark Fixed an issue in PerfMon hook library which causes the kea6_server to crash when the server responds to a client query for which no subnet was selected. (Gitlab #3347) 2222. [bug] piotrek Fixed a bug in host_cmds. When PostgreSQL was used as hosts database storage, reservation-del command called with given IPv6 host address and the subnet Id deleted all IPv6 hosts in given subnet. Corrected the issue so that now only given host reservation is deleted. (Gitlab #3294) 2221. [bug] tmark Corrected an index on the dhcp4_servers table in the PostgreSQL schema. (Gitlab #2957) 2220. [bug] marcin Exclude packets ignored during load balancing from the pkt6-receive-drop statistics. The packets dropped by the HA hook library during subnet selection are counted in the pkt4-receive-drop and pkt6-receive-drop statistics. (Gitlab #3125) 2219. [bug] marcin Corrected an issue in processing the server-name argument of the ha-sync command. The argument was ignored when the synchronization with a backup server was performed. (Gitlab #3276) 2218. [func] marcin Addressed an inconsistent state of the High Availability service that occurs when one of the terminated services is restarted and another one is not. The restarted service waits 10 minutes for the partner restart. If the partner is not restarted the service transitions to the terminated state to continue responding to the DHCP traffic. (Gitlab #3250) 2217. [func] fdupont Extended the lenient-option-parsing compatibility flag to ignore DHCPv4 fqdn (81) and DHCPv6 client-fqdn (39) options with some invalid domain names (e.g. beginning with an empty label). (Gitlab #3289) 2216. [func] tmark PerfMon hook library is now functional. It accumulates and reports performance data, and supports alarms. Still lacking are API commands. (Gitlab #3297) 2215. [bug] tmark Corrected an issue that can cause kea-dhcp-ddns to stop processing queued requests. Thanks to Shawn Routhier from Infoblox for reporting the issue. (Gitlab #3295) 2214. [func] tmark PerfMon hook library can now parse its configuration and the ARM has been updated with more detailed information. Functionality is still limited. (Gitlab #3278) Kea 2.5.7 (development) released on March 27, 2024 2213. [build] razvan The library version numbers have been bumped up for the Kea 2.5.7 development release. (Gitlab #3304) 2212. [build] tomek The jinja dependency, used in building documentation, was updated. (Gitlab #3079) 2211. [bug] razvan, tmark Corrected an issue in kea-dhcp4 and kea-dhcp6 that causes an infinite loop when database does not exist at startup introduced by #2692. (Gitlab #3300) 2210. [func] piotrek Added libkea-dhcp++, libkea-cfgclient, libkea-d2srv, libkea-dhcpsrv, libkea-util and libkea-util-io headers that were missing after Kea install. Now all needed headers are installed. (Gitlab #3267) 2209. [func] fdupont Some hooks using multi-threading postpone their startup until after the configuration has been completed. If the hook subsequently failed the startup, the error would not have been properly propagated. The fix ensures that the errors are reported during the configuration stage. (Gitlab #2692) Kea 2.5.6 (development) released on February 28, 2024 2208. [build] razvan The library version numbers have been bumped up for the Kea 2.5.6 development release. (Gitlab #3261) 2207. [func] piotrek Kea now supports DNR options as specified in RFC9463, RFC9461, RFC9460. The option may be configured using convenient notation, where Kea takes care of complex option encoding to be inline with RFCs. (Gitlab #3141) 2206. [func] andrei DHCP servers now initialize the database schema automatically on startup or on reconfiguration if there is at least one database backend configured and if the configured database is empty. (Gitlab #3025) 2205. [func] tmark Perfmon hook library now dumps the packet event stack of query packets to debug logging after they have been processed. (Gitlab #3231) 2204. [func] tmark The skeleton of a new open source hook library, libdhcp_perfmon.so, has been added. The library is still in development and does not yet provide any functionality. (Gitlab #3242) Kea 2.5.5 (development) released on January 31, 2024 2203. [build] razvan The library version numbers have been bumped up for the Kea 2.5.5 development release. (Gitlab #3235) 2202. [func] razvan The Configuration Backend now supports scalar parameters contained by top level global maps: 'compatibility', 'control-socket', 'dhcp-ddns', 'expired-leases-processing', 'multi-threading', 'sanity-checks', 'server-id' and 'dhcp-queue-control'. (Gitlab #1790) 2201. [func] andrei To facilitate setting multiple option-data entries with same code and space, but different data, the set of keys for the option-data list was extended with the "data" leaf in YANG modules. (Gitlab #3198) 2200. [func] piotrek Kea now supports new DHCPv4 option code 121, Classless Static Route option defined in RFC 3442. Option may be defined in binary format and also as a string using convenient static route notation. (Gitlab #3074) 2199. [func] marcin Added support for hub-and-spoke high availability configuration. (Gitlab #3106, #3178) 2198. [func] razvan A new log message DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATES_DETECTED is shown when multiple reservations are detected for the same IP address. (Gitlab #3108) 2197. [func] razvan Added support for database connection retry on server startup. The new 'retry-on-startup' parameter controls this behavior along with the other existing parameters: 'on-fail', 'max-reconnect-tries' and 'reconnect-wait-time'. (Gitlab #3019) 2196. [func] tmark The ping-check hook library can now be used with kea-dhcp4 in either multi-threaded or single-threaded mode. (Gitlab #3107) 2195. [func] tmark Added a new hook point to kea-dhcp4, "lease4_server_decline". DHCPv4 leases declined by ping-check hook library are now propagated to HA peers. (Gitlab #3110) Kea 2.5.4 (development) released on November 29, 2023 2194. [build] razvan The library version numbers have been bumped up for the Kea 2.5.4 development release. (Gitlab #3173) 2193. [func] tmark, piotrek The ping-check hook library is now functional. It provides the ability of kea-dhcp4 to check the availability of an address prior to offering it to a client using ICMP ECHO REQUESTs. (Gitlab #3084) 2192. [func] razvan The packet logging is now more consistent between DHCPv4 and DHCPv6. Also, extra details are now logged. (Gitlab #3109) 2191. [doc] andrei The new RADIUS hook library is now operational. Documentation has been updated. A section about differences to the old RADIUS hook library is included. (Gitlab #2442) Kea 2.5.3 (development) released on October 25, 2023 2190. [build] razvan The library version numbers have been bumped up for the Kea 2.5.3 development release. (Gitlab #3118) 2189. [doc] tomek Security reporting process described in a Github-friendly format. There is no new information, mostly pointers to already existing documents. (Gitlab #3080) 2188. [bug] razvan Fixed a race condition in free lease queue allocator. (Gitlab #3111) 2187. [func] tmark To facilitate use in containers, the restriction from listening on 0.0.0.0 or :: addresses has been removed from kea-dhcp-ddns. The server will now issue a warning if configured to use either address. (Gitlab #3116) 2186. [bug] andrei Fixed interface redetection which had stopped working since Kea 2.3.6. (Gitlab #3017) 2185. [func] razvan Added extended log messages: DHCP4_DISCOVER, DHCP4_REQUEST, DHCP6_PROCESS_IA_NA_SOLICIT, DHCP6_PROCESS_IA_PD_SOLICIT, which include the hint address in the client request. The log message tag DHCP4_LEASE_ADVERT has been renamed to DHCP4_LEASE_OFFER. (Gitlab #2918) 2184. [bug] razvan Fixed a bug in evaluated expression parser which was not properly handling escaped null characters. (Gitlab #3086) 2183. [bug] andrei Fixed a bug where one of the commands that retrieve statistic values sent to the kea-ctrl-agent would get an overflow error in the response if the inquired statistic was intended to have a big integer data type, and if the integer value would not be representable on 64 bits. Affected statistics are "total-nas" and "total-pds", and the bug only manifests if the inquired pool, or the inquired subnet's aggregated pool space, is large enough. Prior to this fix, commands would get a correct response over unix socket. (Gitlab #3068) Kea 2.5.2 (development) released on September 27, 2023 2182. [build] razvan The library version numbers have been bumped up for the Kea 2.5.2 development release. (Gitlab #3085) 2181. [func] razvan Added additional tokens which evaluate string expressions: "lcase" which converts to lower case and "ucase" which converts to upper case. (Gitlab #3048) 2180. [build] andrei Apart from enabling log4cplus's own logging, and adding more sanity checks in DNS code, the --enable-debug configure flag now also makes the compiler produce more abundant debugging information that can be read by a debugger. (Gitlab #1520) 2179. [doc] piotrek Updated Developer's Guide with information about new hook point "lease4_offer". (Gitlab #3067) 2178. [doc] andrei Clarified in the ARM that DHCPv6 clients with unstable DUIDs can be handled using the flex-id library. The configuration examples that can help with that are found in the flex-id documentation. (Gitlab #181) 2177. [func] piotrek Implemented new DHCPv4 hook point "lease4_offer". The callout is executed after the server has received the DHCPDISCOVER and the DHCPOFFER has been constructed but not yet sent to the client. (Gitlab #3038, #3063) 2176. [doc] piotrek, razvan Updated ARM docs with new configuration key "output-options" and alias "output_options". All config examples, where previous "output_options" key appeared, were updated. (Gitlab #2904, #3004) Kea 2.5.1 (development) released on August 30, 2023 2175. [build] razvan The library version numbers have been bumped up for the Kea 2.5.1 development release. (Gitlab #3026) 2174. [func] fdupont Added a new information message which displays the client and the transaction identification information for received queries between message unpacking and first classification. (Gitlab #2854) 2173. [bug] tmark Fixed a sporadic failure of IOSignaltest.mixedSignals unit test. Test no longer relies on signals arriving in order they are sent as it cannot be guaranteed. (Gitlab #2954) 2172. [func] fdupont Completed and improved logs showing what client classes are assigned to queries during processing. (Gitlab #2908) Kea 2.5.0 (development) released on July 26, 2023 2171. [build] andrei The library version numbers have been bumped up for the Kea 2.5.0 development release. (Gitlab #2990) 2170. [build] fdupont Moved from C++ 11 to C++ 14 as the minimal C++ version which must be supported by the C++ compiler tobuild Kea. (Gitlab #2876) 2169. [bug] marcin Applied a workaround in the connection to MySQL that prevents potential crashes in libmysqlclient library when connection to the database is lost and re-established. (Gitlab #2792) 2168. [func] fdupont Cross-reference tables to bind relay and remote identifiers from extended info of DHCPv6 leases were added to SQL backends. A new command "extended-info6-upgrade" (re)builds these tables making leases visible to Bulk Lease Queries. (Gitlab #2869) 2167. [func] tmark The kea-dhcp<4/6> parameter, ddns-use-conflict-resolution, has been deprecated and replaced with ddns-conflict-resolution-mode. The new parameter supports four modes of behavior pertaining to DDNS update conflict resolution: check-with-dhcid, no-check-with-dhcid, check-exists-with-dhcid, and no-check-without-dhcid. Thanks to Shawn Routhier from Infoblox for contributing the patch to implement this feature. (Gitlab #2276) Kea 2.4.0 (stable) released on July 05, 2023 And for Kea premium: Kea-premium hooks package 2.6.0 (stable) released on May 29, 2024 199. [func]* andrei Configuration is now rejected if the RADIUS access service is configured without the host cache library. (Gitlab #3302) 198. [func]* razvan Removed the following deprecated parameters from "dhcp-ddns" global element: "generated-prefix", "qualifying-suffix", "replace-client-name", "override-client-update", "override-no-update", "hostname-char-replacement", "hostname-char-set". (Gitlab #2958) 197. [bug] andrei Limits can now be configured alongside retry-on-startup on the lease database. Previously, in this situation, the Kea DHCP server would not attempt to retry the connection, but would exit with an error. (Gitlab #3189) 196. [bug] marcin The commands in the subnet_cmds hook library trigger statistics updates. It corrects an issue whereby a number of available leases could get outdated after adding or removing subnets or pools using the subnet_cmds hook library. (Gitlab #3195) Kea-premium hooks package 2.5.8 (development) released on April 30, 2024 195. [func] fdupont, andrei The RADIUS Delegated-IPv6-Prefix attribute is now supported. (Gitlab #2984) 194. [bug] fdupont, tmark Fixed a bug where commands sent to a control agent configured with RBAC roles that do not include the "response-filters" configuration option resulted in an error log message rather than treating the response filter list as empty. (Gitlab #3314) Kea-premium hooks package 2.5.7 (development) released on March 27, 2024 193. [func] andrei, fdupont The RADIUS hook library is now multi-threaded. This is the last hook library that was missing multi-threading compatibility. A thread pool helps process RADIUS responses. A configuration entry, thread-pool-size, can limit the maximum number of spawned threads. (Gitlab #3262) Kea-premium hooks package 2.5.6 (development) released on February 28, 2024 192. [func] fdupont, andrei RADIUS access exchange is now performed asynchronously. (Gitlab #2022) Kea-premium hooks package 2.5.5 (development) released on January 31, 2024 191. [doc] vicky Update the license agreement to version 2.2.1, adding sections 8.3.1, 8.3.2 and 8.3.3 to add definitions for leasing addresses in three scenarios: for internal network services, in provision of network services for third parties, and OEM applications. (Gitlab #3234) 190. [func] razvan The Configuration Backend now supports scalar parameters contained by top level global maps: 'compatibility', 'control-socket', 'dhcp-ddns', 'expired-leases-processing', 'multi-threading', 'sanity-checks', 'server-id' and 'dhcp-queue-control'. (Gitlab #1790) 189. [func] andrei The peer-updates flag can be configured under RADIUS accounting to enable or disable accounting requests created as a result of High-Availability lease updates. It is enabled by default. (Gitlab #3123) 188. [bug] fdupont Reimplemented v6 Bulk Lease Query by link address selector to retrieve all leases including prefix delegation leases of subnets the specified address belongs to. (Gitlab #3149) 187. [func] razvan Added support for database connection retry on server startup. The new 'retry-on-startup' parameter controls this behavior along with the other existing parameters: 'on-fail', 'max-reconnect-tries' and 'reconnect-wait-time'. (Gitlab #3019) 186. [func] fdupont Removed the libdhcp_old_radius.so hook library. (Gitlab #3168) Kea-premium hooks package 2.5.4 (development) released on November 29, 2023 185. [func] tmark, piotrek The ping-check hook library is now functional. It provides the ability of kea-dhcp4 to check the availability of an address prior to offering it to a client using ICMP ECHO REQUESTs. (Gitlab #3084) 184. [func] fdupont The new RADIUS hook library is now operational and considered experimental. The callouts have been added for both access and accounting services. Integer constants can now be parsed from a dictionary. (Gitlab #3042, #3081, #3104, #3105, #3127) Kea-premium hooks package 2.5.3 (development) released on October 25, 2023 183. [func] fdupont Work on refactoring the RADIUS library is underway. Code has been merged regarding dictionary parsing, message exchanges, access and accounting services, server information. A RADIUS dictionary is now provided with the Kea installation. libdhcp_radius.so is still non-functional at this time. (Gitlab #3041, #3115) Kea-premium hooks package 2.5.2 (development) released on September 27, 2023 182. [build] fdupont, andrei The RADIUS client is being refactored. Until that work is done, the callouts of libdhcp_radius.so are disabled. The library will have no effect when loaded in a Kea server. libdhcp_old_radius.so provides the former features until then. (Gitlab #3043, #3069) 181. [bug] razvan Fixed an issue where lease updates coming from the High Availability hook library for DHCPv6 or from lease6-bulk-apply command were not logged by forensic log hook library. (Gitlab #2967) 180. [func] fdupont Made the host_cache hook library compatible with multi-threading. (Gitlab #2023) 179. [build] fdupont Now PW_DELEGATED_IPV6_PREFIX must be defined (it is not supported in very old FreeRADIUS client libraries) to build the RADIUS hook library. (Gitlab #2998) Kea-premium hooks package 2.5.1 (development) released on August 30, 2023 178. [func] piotrek New log messages were added in subnet_cmds hook library: SUBNET_CMDS_NETWORK_ADD, SUBNET_CMDS_NETWORK_DEL, SUBNET_CMDS_SUBNET_ADD, SUBNET_CMDS_SUBNET_DEL, SUBNET_CMDS_SUBNET_UPDATE. (Gitlab #2982) Kea-premium hooks package 2.5.0 (development) released on July 26, 2023 177. [func] fdupont Bulk Lease Query now detects and logs empty relay or remote id values in received queries. (Gitlab #2906) 176. [func] fdupont Cross-reference tables to bind relay and remote identifiers from extended info of DHCPv6 leases were added to SQL backends. A new command "extended-info6-upgrade" (re)builds these tables making leases visible to Bulk Lease Queries. (Gitlab #2869) Kea-premium hooks package 2.4.0 (stable) released on July 05, 2023 Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.