ISC Security Vulnerability Policy Updated
At ISC we are updating our security vulnerability disclosure policy.Read post
We are pleased to introduce the latest version of the Kea DHCP server. This release adds a major new feature, which enables an entirely new provisioning and deployment model.
The Kea Configuration Backend (abbreviated as config backend or CB) lets you manage multiple DHCPv4 and DHCPv6 server configurations from a MySQL database. You can store most of the Kea configuration in the CB: global parameters, shared networks, subnets, pools, options, and option definitions. Instead of specifying these parameters in your local configuration, you can now put this information in the database and simply tell Kea where to find it. Kea will merge the parameters from the CB with other parameters configured locally (such as interfaces), and can periodically poll the CB and retrieve updates. This will greatly simplify automated configuration change deployments.
With this change, you can now choose to store leases, host reservations, and configurations in a database backend. MySQL, PostGreSQL, and Cassandra are all supported for lease storage; MySQL and PostGreSQL are supported for host reservations; and MySQL is supported for the configuration backend.
The CB stores data in a MySQL schema that is public. It’s possible to insert a configuration into the MySQL tables manually or automatically using SQL scripts, although this requires a reasonably good knowledge of the schema. As an alternative, ISC has developed a new hooks library that provides management commands for config backends. It simplifies many typical operations, such as listing, adding, retrieving, and deleting of global parameters, shared networks, subnets, pools, options, and option definitions. For a complete list, see commands starting with “remote-” in Appendix A of the Kea Administrator Reference Manual. The cb_cmds hooks library is available to ISC support subscribers only. If you are not a subscriber and would like access to the cb_cmds hooks library, please contact email@example.com and our sales team will be happy to assist you.
In addition to the configuration backend, we have also added a number of other new features requested by users. See the Release Notes for full details. Here are a few highlights:
min-lease-time- allow you to expand this to a range. Both the DHCPv4 and DHCPv6 protocols allow clients to send hints, and these new parameters let Kea honor those hints #295.
Kea is adding integration with other open source products, including NETCONF (provided by Sysrepo), RADIUS (based on the FreeRADIUS client), and Cassandra. That flexibility comes at a price, as it is getting more difficult to install Kea with those optional dependencies enabled. We also noticed that some OS distributions lag behind in packaging the latest Kea releases. To help alleviate both of those problems, ISC has begun providing our own native (DEB and RPM) packages for several popular distributions. We are providing packages for current versions of CentOS, Debian, Fedora, and Ubuntu. The binary packages cover DHCPv4, DHCPv6, DDNS, Control Agent, and all three (MySQL, PostgreSQL, and Cassandra) backends. ISC subscription customers will also be given an option to conveniently install hooks as separate packages. In the future we plan to experiment with packaging NETCONF with Sysrepo and all its necessary dependencies.
Find these packages at ISC’s Cloudsmith repo.
Beginning with this 1.6.0 release, we plan to change the release model for Kea. We will stabilize every even-numbered minor version (where the second digit of the version number is even) for production use. Therefore, 1.6.x, 1.8.x, and 2.0.x will be stable versions. We will also begin producing development versions on every odd-numbered minor version branch, including 1.7.x, 1.9.x, and so on. For more details on the plan, see ISC’s Software Support Policy. Please note that the annual release dates projected on the chart are only approximate.
We have worked hard on Kea 1.6.0 and we hope that you will find it useful. We welcome user feedback at firstname.lastname@example.org or in our GitLab instance.
What's New from ISC