Two BIND 9 Security Vulnerabilities Announced Today
ISC is releasing updated versions of BIND 9 to address two newly-discovered security vulnerabilities We have released new versions of BIND: 9.Read post
We would like to recognize and thank Mozilla Open Source Support and the Comcast Innovation Fund for sponsoring ISC’s work on Kea 1.3. The MOSS award funded the development of the Kea REST API over the past year, and Comcast provided partial sponsorship for rest of the 1.3 release.
The #1 most frequently requested feature on the kea-users mailing list has been shared networks. This is often cited as a blocker for people trying to migrate to Kea from ISC DHCP, and it is the biggest new feature in Kea 1.3. In designing the feature, we asked both Kea and ISC DHCP users to weigh in on the design, and we ended up with a feature that is very similar to the equivalent feature in ISC DHCP.
This feature allows the administrator to group multiple subnets together. Clients in the shared network may be dynamically assigned any address from any of the included subnets. If necessary, you can specify a parameter on the shared network scope and then override its value in the subnet scope, client class, or on a host reservation.
This feature is commonly used to pool addresses from multiple subnets when the network has grown and more addresses are needed than are available on a single subnet. Shared networks are also useful for specifying common parameters such as options for multiple subnets. Shared networks are also used in cable networks, where it is useful to have the CPE devices on one subnet, and the customer devices on other subnets for management purposes.
We also finished the REST API sponsored by the 2016 Mozilla MOSS Award, and added two new hook libraries that build on this API.
HTTPS provides authentication, confidentiality and integrity for communications over the REST API. We have tested and provided example config files for securing the REST API using Apache and Nginx. We have also provided example config files for securing client communications using stunnel. The maximum size of control commands and responses via REST API have been expanded, removing the 64K limitation present in Kea 1.2. This makes handling of large configurations possible. With these changes the REST API is now ready for production use. Development of this feature was sponsored by a Mozilla MOSS award.
New hook point - A new hook point command_processed allows hook libraries to interact with command handling. Existing and new libraries have been updated to use that hook point.
We added many smaller features, mostly to facilitate migration from ISC DHCP to Kea for more users.
There are only two remaining significant gaps between ISC DHCP and Kea:
We do have a few such contributions for Kea already, however:
A simple script from MGM51.com parses the Kea memfile lease files and produces an easily readable list of current active leases.
This generic hook will call an external script at any/all of the hook points supported by Kea. Written by Baptiste Jonglez.
These were provided by Jiri Popelka, a RedHat maintainer.
What's New from ISC