- By Vicky Risk on October 4, 2016
We are thankful that Mozilla chose to award a MOSS grant to ISC to help fund development of the Kea DHCP server, through the Mozilla Foundational Technology track. This is a wonderful program, through which Mozilla gives back to the Internet community by sponsoring development of the open source that everyone can use.
Kea is modern software that we hope will eventually replace the extremely popular, but also very mature, ISC DHCP, also known as dhcpd. DHCP software is classic infrastructure. People expect that DHCP software will be available in their operating system, but few people wonder where it comes from, or how the development is funded. Kea is already packaged for most major Linux and Unix operating systems, but is still missing a few very desirable features.
ISC’s MOSS award was for $100,000, which we will use to support design and development of a management api, and a secure remote management client. Remote management is an important feature, one that is frequently requested by prospective users. We have a preliminary requirements document posted in the Kea project wiki and are starting work on a design.
Kea is already a fully functional DHCPv4 and DHCPv6 server. We have just released Kea version 1.1, which greatly expanded support for leveraging an external database for host reservations, and added a flexible client classification system. Kea is accepting community contributions on Github, with significant contributions enabling initial support for a Cassandra database backend and lightweight DHCPv4 over v6 in version 1.1.
We sometimes joke that ISC puts the “non” in “non-profit.” ISC has been funding Kea internally, and with 3+ developers and a test engineer, it is a significant effort. We are offering Kea support contracts, which we hope will eventually fund on-going maintenance, but grants like this are essential to add major new functionality, to continue to create open source infrastructure for the future. We look forward to spending this award money on adding an important feature users are asking for to the Kea open source.
- By Vicky Risk on October 3, 2016
Kea 1.1 is available!
We are please to announce the availability of Kea 1.1. Kea is ISC modern DHCP server, which brings new functionality to the datacenter, and any ISP or enterprise who needs to tie dynamic host control into external provisioning systems.
New features in Kea 1.1 include:
Kea 1.0 contained limited support for storing host reservations in the database backend. Kea 1.1.0 has expanded that
capability, allowing host reservations to be stored in a MySQL or PostgreSQL database. In particular, Kea 1.1.0:
– Adds host reservation (DHCPv4 and DHCPv6) using the PostgreSQL backend.
– Adds host reservation for DHCPv6 to the existing MySQL support.
– Significantly extends the existing host reservation capabilities to include reservations of specific DHCP options, reservations of siaddr, sname, and file fields within DHCPv4 messages, and reservations of multiple IPv6 addresses/prefixes.
– Allows the MySQL or PostgreSQL host reservation database to be configured read-only, in which case Kea will be able to retrieve reservations
from it, but not insert or update existing reservations. This feature is useful when a database (or database view) exists for the particular deployment and the administrator doesn’t want to grant read-write access for
In Kea 1.1 the client classification system has been expanded. A class definition contains a name and a test expression of
arbitrary complexity; if the test expression evaluates to “true” the client is a member of that class. A client may be a member of multiple
classes and can acquire options from different classes. If the configuration contains multiple definitions for data for an option in two or more of the global, class, subnet or host entries, the server will choose the definition from the most specific entry.
There are a number of objects and operators available for use in the test
– Operators include: equal, not, and, or, substring, concat
– Objects include:
– literals: string, hexadecimal, IP address and integer
– options: existence and content
– relay options for DHCPv4 and DHCPv6: existence and content
– subfields within vendor and vendor class options: existence, enterprise-id value and content
– selected fields from DHCPv4 and DHCPv6 packets
– Classes may be used to select subnets
– Classes and class specific subnets may contain option data to serve to
clients within that class
Hook Library Parameters
It is now possible to specify parameters for hook libraries in the Kea configuration file. In earlier versions of Kea, hook library authors had to use a external mechanism (such as file of a known name) to pass information across.
RFC7341 defines an architecture that allows dual-stack clients to communicate with DHCPv4 server in IPv6-only networks. Kea 1.1 introduces support for this mode of operation. It requires running both DHCPv4 and DHCPv6 servers in special mode, where DHCPv6 component does not allocate anything, but decapsulates incoming DHCPv4 messages, sends the to the DHCPv4 server and then relay back the responses.
Cassandra Database Backend
Kea 1.1.0 has added preliminary support for Cassandra as a database backend. In this release of Kea it can only
be used to store lease information, it is not able store host reservations. Cassandra support is currently considered experimental. Use with caution.
MPL 2.0 License
Kea 1.1.0 has been released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0
Professional support for Kea is available from ISC. Free best-effort support is provided by our user community via a mailing list. Information on all
public email lists is available at https://www.isc.org/community/mailing-list
If you have any comments or questions about working with Kea, please share them on the Kea Users List https://lists.isc.org/mailman/listinfo/kea-users.
Bugs and feature requests may be submitted via the ticket tracking system at http://kea.isc.org
- By Vicky Risk on July 17, 2015
Letter from the President
We are now a trimmer and more functional organization, with financial controls, stability and predictability.
We determined that BIND revenues had been subsidizing our other efforts, so we put more back into BIND, adding three DNS engineers in early 2015. On the operations side, we are cutting back on subsidized programs that no longer make sense, like commercial hosting and commercial SNS, while refocusing our efforts on public benefit F-Root and ccTLD DNS publishing. We have had virtually no personnel turnover in more than a year since our reductions in force, and our customers and partners have stuck with us, too, maintaining a 93% renewal rate.
Going forward, ISC continues to balance our public benefit mission with financial stability; we are working cooperatively with other open source providers to provide commercial support for products like NLnet Lab’s Unbound and are in talks to add more. We’ve removed restrictions on our Knowledge Base so that everyone, not just paying customers, can access our technical documentation, and added 36 new feature articles and a comprehensive BIND DNSSEC guide just in 2014.
We are reaching out to our external contributors, accepting patches as a greater priority, and granting accounts in our bug tracking system to our frequent contributors. We opened public access read-only GITs for BIND and ISC DHCP, and posted our new DHCP project, Kea, on Github. We continue making significant contributions to industry standards development and have strong roles in NANOG, the IETF, RIPE NCC, DNS/OARC, ISOC, and ICANN to name a few.
ISC carries no debt, is approximately break even, and has sufficient financial reserves to carry us through normal downturns in the business. We are proud of our past and excited about our future. We are aggressively in discussions around the globe to research emerging problems we can help solve and playing fields we can help level. We aren’t going anywhere but forward. We hope you will consider supporting our mission financially and furthering our common goals.
President, Internet Systems Consortium
Attached: 2014 Annual Report
- By Vicky Risk on November 10, 2014
ISC has signed a memo of understanding with NLnet Labs, makers of Unbound and NSD, to collaborate in providing support to users of our DNS software. NSD is a popular alternative to BIND for authoritative DNS services, and Unbound is a high-performance recursive resolver. As a first step in this collaboration, ISC is now selling advance security notification of vulnerabilities in NSD and Unbound, the same service we have been offering for ISC’s BIND and DHCP. ISC will cover the expense of the administrative overhead, and pass the entire amount paid for the NLNet Labs portion off to them.
As a bonus for organizations already supporting ISC’s open source, existing BIND ASN subscribers will automatically be given the Unbound and NSD ASN for the remainder of their current contract with ISC. When their contract is up for renewal, they will be offered the opportunity to add Unbound and NSD to their BIND ASN agreement.
We hope this is the beginning of a trend towards greater cooperation among providers of open source that is critical to the Internet. As we all saw with the Heartbleed incident, the mere fact that open source is critical to the Internet does not mean that it’s development and maintenance is funded or supported by the community. Getting adequate support requires an organization to solicit funding, provide and administer services based on that software.
This in no way represents a consolidation of software or technology; conversely, it’s an attempt to more strongly fund diverse offerings. We are leveraging the administrative overhead, and offering a united front to promote funding open source. Please join us by subscribing to Advance Security Notifications for BIND, Unbound and NSD, or by making a donation to NLNET Labs, either directly or through ISC. To inquire about subscribing or donating, fill out this web form, or email to info at ISC dot org.
- By Vicky Risk on April 17, 2014
Internet Systems Consortium (ISC) today announced the release of version 1.2 of its BIND 10 software, and with that release announced that ISC has concluded its development work on BIND 10 and will no longer be updating the source pool.
BIND 10 release 1.2 consists of an authoritative server, a control framework, an application interface, a statistics server, a logging framework, a remote control daemon, a configuration client tool, and numerous other tools for its development and operation.
“BIND 10 is an excellent software system,” said Scott Mann, ISC’s Vice President of Engineering, “and a huge step forward in open-source infrastructure software. Unfortunately, we do not have the resources to continue development on both projects, and BIND 9 is much more widely used.”
“The BIND 10 software is open-source,” Scott added, “so we are making it available for anyone who wants to continue its development. The source will be available from GitHub under the name Bundy, to mitigate the confusion between it and ISC’s BIND 9 (a completely separate system). The name ‘BIND’ is associated with ISC; we have changed its name as a reminder that ISC is no longer involved with the project.
BIND 10 release 1.2 is available from ISC at https://www.isc.org/downloads/, under the ‘Other Software’ category.
BIND 10 was a multi-year development project with numerous sponsors around the world. ISC is grateful for support received from Afilias, AFNIC, Association DNS.PT, Brazilian Network Information Center (NIC.BR), Canadian Internet Registry Authority (CIRA), China Internet Network Information Center (CNNIC), Comcast, CZ NIC z.s.p.o, DENIC eG, Google Inc., IIS, Japan Registry Services Co, Ltd. (JPRS), Nominet UK, New Zealand Registry Services (NZRS), Réseaux IP Européens Network Coordination Centre (RIPE NCC), Stichting Internet Domainregistratie Nederland (SIDN), Technical Center of Internet, and Uniforum SA. We expect the continuing development of Bundy to involve an equally diverse collection of developers and supporters.
Last modified: January 30, 2014 at 11:49 am