Performance Effects of DNSSEC Validation - July 2022
On July 30, 2022, Petr Špaček spoke at the DNS-OARC38 conference about the performance effects of DNSSEC validation in BIND 9.Read post
Kea 2.2 is our newest stable branch of the Kea DHCP server, suitable for production deployment.
Kea 1.8 is now EOL. If you are running Kea 1.8 or an older version, we recommend updating. Kea 2.0 will be supported until the release of Kea 2.4. See the ISC Software Support Policy for the Kea release schedule.
Kea 2.2 brings many new features developed during the Kea 2.1 development cycle to a production release. For full details of the new features, see the Kea 2.2.0 Release Notes.
By popular demand, we have added full support for PostgreSQL as a configuration backend, equivalent to MySQL. Most Kea configuration data can be stored in a separate MySQL or PostgreSQL configuration backend. Store options, pools, and subnets centrally and tag them based on which servers should “subscribe” for those configuration elements.
We have made tremendous progress in providing more secure access for Kea, by providing TLS/SSL support for connections between HA pairs and between Kea and backend databases. We have also removed user authentication secrets from the Kea configuration file and put those into a separate passwords file, which can be more strictly access-controlled.
As previously announced, we have also now finally removed support for Cassandra as a backend. This option was unpopular, and very difficult to maintain as the nosql model is so different from our SQL backends.
The DDNS Tuning Library adds custom behaviors related to Dynamic DNS updates on a per-client basis. Its primary feature is to allow the administrator to calculate the domain name (FQDN) to be assigned using a regular expression. This library is included in our low-cost Premium package.
The Limits library can rate-limit packet processing, to protect the server against overactive clients, and will also support controlling the number of leases per client. This new Subscriber hook library does not yet match the equivalent functionality in ISC DHCP, but we will continue to improve it.
The RBAC library allows an administrator to control authenticated user access to read and write Kea configuration data. This library is primarily useful in a large enterprise environment, and is offered to Silver and Gold support subscribers.
Our Cloudsmith repository for binary packages has become very popular, and we think the majority of our subscribers are now using that repository. We are adding new packages for Alpine OS users (please give us feedback!). We are also providing the source tarballs on Cloudsmith, so users can get the source as well as the binaries from the same place. These source tarballs are signed by ISC and the signatures for verification are in the repo with the tarballs.
We have updated the basic commercial license for the non-open source hooks. (The open source hooks remain licensed under MPL 2.0, this is unchanged.)
The Premium hooks package, purchased online without support for $549, is now for smaller businesses (up to 1,000 leases) and non-profits only. We think it is fairer for large enterprises and service providers to pay more, but we also wanted to preserve a low-cost option for universities and other non-profits.
Larger deployments can access the Premium and Subscriber hooks as a bundle, either without support at the Basic level, or with support at Bronze, Silver, or Gold levels. Our levels are:
Our support prices are based on deployment size, as measured by the number of simultaneous leases provided. For more information on the support options, please see our Support page and our Kea Support Subscription datasheet.
Your subscription will be honored for the original period under the original terms, of course. The DDNS Tuning hook will be added to your download site. At renewal time, you will have to review and agree to the new license terms, and if you have a commercial deployment providing over 1,000 simultaneous leases, you may have to upgrade to a Basic subscription. Please see the text of the EULA for the special terms for non-profits.
Thank you! If you are a Basic or Bronze subscriber, you will be receiving the new DDNS-tuning and Limits hooks. If you are a Silver or Gold level subscriber, you will receive the DDNS Tuning and Limits hooks, as well as the new RBAC hook. Also, you will no longer have to search your tickets for an ftp link to download the sources for your premium software; sources are now included in our Cloudsmith repositories.
What's New from ISC