- By vicky risk on May 4, 2018
Updated 13 December 2018
ISC’s Public Sites
ISC operates a number of Sites for public collaboration and information sharing, including but not limited to: public mailing lists, fora, ISC’s main website, project wiki pages, source code repositories, software issue trackers, our Knowledgebase, our ftp.isc.org download site, social media sites, and others.
- We don’t use paywalls or require registration to read information on any of our Sites or to download documents or software. We do require registration to submit data to these systems in order to control spam and abuse. We may use your Personal Data submitted during registration to contact you. In some cases, your registration and other personal information provided by you will be visible to other users.
- Users of our public mailing lists, issue trackers, code repositories, Knowledgebase and other ISC Sites consent to publishing their personal data when they choose to participate actively in those public sites. ISC’s mailman service, Gitlab, source.isc.org, ftp.isc.org, kea.isc.org, bugs.isc.org, www.isc.org, ednscomp.isc.org and kb.isc.org are operated by ISC. ISC’s Github site and Nabble forum are operated by those companies on our behalf.
- ISC maintains several databases for tracking software issue reports by users. These databases enable the public to report and view problem reports about ISC open source projects. These include but are not limited to:
- ISC-hosted instance of Request Tracker for BIND 9 at bugs.isc.org (no longer used but still available for public browsing)
- ISC-hosted instance of Request Tracker for ISC DHCP at bugs.isc.org
- ISC-hosted gitlab (at gitlab.isc.org) for BIND 9
- Github-hosted repos for BIND 9 and Kea (on github.com)
- ISC-hosted instance of the open-source trac wiki, source repo, and issue tracker for Kea (at kea.isc.org)
All of these systems may store submitter username, email address, and other contact data, depending on what the user shared (e.g. in the signature field in the email), as well as technical data about their software deployment, network, and issue, and possibly configuration files, log files, and core dumps. We must have this information in order to communicate with the submitter to get more information about the issue and/or verify a solution.
We don’t want anyone to refrain from submitting issues because of privacy concerns, however, so if you want to submit an issue and don’t want your submission to be publicly visible, contact us to request that we hide your personal information. Depending on the site, this may mean that the entire issue is non-public, which defeats the purpose of having a public issue tracker, so please don’t do this without a compelling reason.
ISC’s Contact Database
- ISC maintains a contact database for sales and marketing purposes. This database includes contact names, with organization, title, email, phone and fax contact information, contracts, purchase orders and their details, and a log of emails exchanged between the contact and ISC.
- When you send ISC an inquiry, we log your inquiry including your contact information and the text of your inquiry in our contact database, where we also track our response to you. Your information will be in this database if you have ever contacted ISC asking for help, or a quote for services, either via phone, email, or by visiting our table at a conference.
- If you have made a purchase from or a donation to ISC, or visited our booth at a conference or industry event, your name and contact information may also be in this database. We use this information to acknowledge your donation and we may use it to solicit future donations.
- We have also in the past purchased some lists for marketing purposes, which may have also been imported into this database.
- We use this contact database to stay in touch with users, to sell and to provide the services that support our work. We do occasionally send bulk email to contacts in this marketing database, but that is infrequent, and always includes a clearly visible link to unsubscribe from future mailings. Users who have unsubscribed will be marked as “opted out” in the database and will not be sent further bulk emails.
- This database is maintained for us by SugarCRM. Per our agreement with SugarCRM they are permitted to hold and process this data for ISC’s own business use only, and they may not leverage it for any other purpose. ISC does not share or sell the information with any other organization. Access is limited to a small subset of ISC employees who need the information for their business purposes.
Webinars and Surveys
- To register to participate in certain ISC activities (e.g. webinars), you may be asked to register and provide personal information including employer, physical address, and/or email and phone contact information. This information is collected to facilitate followup in case you ask questions on the webinar that we can’t answer on the spot, and may be used in marketing our services to you or fulfilling special offers made to webinar participants. The information may be stored in the webinar conferencing application and/or our customer relationship management database (CRM), below.
- Webinar registrations and survey data are processed by third parties. We currently use Zoom for conferencing services and SurveyMonkey for survey operations.
- Access to webinar attendee and survey data is limited to ISC employees. We don’t share attendee or survey data, except in anonymized or summary form. The exception to this are webinars or surveys that are explicitly jointly sponsored with another organization; in that case we may share the data related to the webinar or survey with our co-sponsor for their own use only.
ISC’s Support Customers
Subscribers to ISC’s software support services have to provide contact information for multiple (usually four) points of contact. This information is required in order for us to provide the support service. This information generally includes:
- First and last (family) name
- Email address
- Organization name (employer)
- Phone number (optional)
We use the email address to communicate with support subscribers, to alert them of support ticket updates, to provide notice of new releases, to provide transactional information (such as validation of email address), to send terms and instructions for the support service, and to process forgotten passwords. Very infrequently, we may also use the technical support contact email addresses to survey support users about our support services or product usage, or to provide roadmap updates.
We don’t have any regular support process that uses customer telephone numbers, but some subscribers of our support services are allowed to contact us via phone and we might conceivably use the telephone number in an unusual process, e.g. for verifying identity when updating contact information or for password recovery.
Support technical contact information is stored in our support ticketing system, which is operated by ISC in the US. (Some technical support contacts may also be included in our main (SugarCRM) contact database.) This database also includes a log of customer support tickets opened and our responses to them, and may include core dumps, configuration files, and software logs.
We use this information to support customers, and to identify and troubleshoot issues in our software. Access is limited to current ISC employees. We retain this record even after an individual or organization terminates their support relationship with ISC, unless they specifically request we delete it, because it provides us with a valuable technical record.
Our standard support services agreement includes an NDA. We don’t publicly identify customers or their representatives unless the customer does so first. When we log issues in our publicly visible issue trackers on behalf of support customers, we either make the issue private, or anonymize the support customer’s identity.
Donors to ISC
- If you have made a donation to ISC, your name and contact information may also be in our contact database, discussed above. We use this information to acknowledge your donation and we may use it to solicit future donations.
- We normally acknowledge donations of $10 or more on our main web site. We are happy to refrain from this if you request anonymity.
Credit Card Information
In the event you choose to make a donation or purchase using your credit card, we will request credit card information, including number, expiration date, billing address, and card security code so your donation can be processed. This information passes directly to ISC’s payment processor, PayPal. ISC neither uses nor stores this information.
- We previously used Google tags on our web sites to support basic statistics about # of visitors, pages visited, time spent, browsers used and geographic location of our users. In October 2018, we discontinued that practice and have removed all Google Analytics services from ISC’s Sites.
- Our Sites formerly used third parties for web analytics services so that we could understand how visitors interacted with our sites. As of October 2018, we have removed all these services from our Sites as an additional layer of privacy protection for our Subscribers and Visitors. These services and/or vendors were:
- Google Analytics – our primary source for website analytics
- Google Tag Manager – the mechanism we used for sending information into Google Analytics
- Google Custom Search Engine (CSE) – the tool we used when people searched across our sites
- Evergreen Digital Media – a consultant who helped us to maintain our Google Ads (a free benefit provided to non-profits by Google that makes it easier for non-profits to promote their web site in search results). This organization had access to our Google Analytics data for the purpose of improving our Google Ad effectiveness.
- We have declined to opt into any of the extended tracking and analysis that Google offers which attempts to enrich this data with other data Google may have about other user behavior or demographics.
- Many of our online systems have logs, which log IP addresses of connections. We don’t do any processing to attempt to associate these addresses with usernames, email addresses, or organizations. We do analyze the logs in aggregated form to determine site usage and software download levels.
- One exception to this is F-Root: we do share some F-Root data with ICANN and DNS-OARC for research purposes only. Any such traffic logs we share after the GDPR implementation date of May 25, 2018 will be anonymized.
Third Parties Who May Store or Process Personal Data
We use services for interacting with users, optimizing our websites, and managing our search presence. Each of our contracts with these third parties restricts the use of personal information so it can only be used to provide the services under the contracts. In addition, these companies are required to treat all information and protect it by processes and procedures no less strict than those used by ISC.
Our current services and/or contractors are:
- SugarCRM – hosts ISC’s contact database. Access is limited to a few ISC employees.
- Github – hosts ISC open source and has Personal Data submitted by users in issues and patch requests as well as technical data Github may collect. Access is public.
- Nabble – provides us with a hosted forum service, an alternative public discussion venue for ISC software and services. Nabble has access only to data already published on ISC mailing lists.
- Zoom – provides conferencing services and may have data on prior conference attendance.
- SurveyMonkey – provides survey operations and has data on prior survey responses, which may include technical data such as IP address from cookies.
We can be contacted, about this or anything else, at email@example.com.
Our main phone number (which generally goes to voicemail) is +1 650-423-1300. Our business address is 950 Charter Street, Redwood City, CA 94063.
- By vicky risk on March 19, 2018
Extension Mechanisms for DNS were standardized in 2013
Despite this, there continue to be non-compliant implementations. DNS software developers have tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension (RFC 6891 standard) by various workarounds for non-standard behaviors. However, temporary workarounds are not a long-term solution. These workarounds excessively complicate DNS software and are now also negatively impacting the DNS as a whole. The most obvious problems caused by these workarounds are slower responses to DNS queries and the difficulty of deploying new DNS protocol features. Some of these new features (e.g. DNS Cookies) would help reduce DDoS attacks based on DNS protocol abuse.
Open source DNS software developers agree
To prevent further deterioration of DNS services, the developers of four major open source DNS software systems have agreed to discontinue support for these non-standard solutions. All new releases of DNS software from CZ.NIC, ISC, NLnetlabs, and PowerDNS after February 1, 2019 will not contain workaround code for non-compliance with EDNS standard RFC 6891.
Test your domains and servers
You can test your domains and authoritative DNS servers using the web application https://ednscomp.isc.org/ednscomp/. A test result with a green message “All Ok” indicates that you are already prepared for the changes and do not need to do anything. If the result of the test is anything else than the green message “All Ok”, please update your DNS software. If you are using the latest version of your server software, please contact its developer and ask for a fix. In this case, we recommend attaching a link to the test result, which contains technical details, to your message.
Note to DNS software vendors
Please note that full EDNS support (RFC 6891) in DNS software is not mandatory.
In case you decide not to support EDNS it is mandatory to correctly answer queries with EDNS in accordance with RFC 6891 section 7, i.e. namely to answer with valid DNS message containing RCODE=FORMERR. Please follow the RFC mentioned above while implementing this. Thank you!
Non-compliant domains may become unavailable
Domains served by DNS servers that, according to the above mentioned tests, are not compliant with the standard, will not function reliably after February 1, 2019, and may become unavailable.
We are aware of the importance of this change and we want to inform as many people as possible. We are going to keep drawing attention to this change, which will begin to apply in less than a year. If you have the ability to spread this information to people who are in charge of networks and DNS servers, we will be glad if you shared the link to this blog post. Our goal is a reliable and properly functioning DNS that cannot be easily attacked.
- By vicky risk on October 4, 2016
We are thankful that Mozilla chose to give a MOSS award to ISC to help fund development of the Kea DHCP server, through the Mozilla Foundational Technology track. This is a wonderful program, through which Mozilla gives back to the Internet community by sponsoring development of the open source that everyone can use.
Kea is modern software that we hope will eventually replace the extremely popular, but also very mature, ISC DHCP, also known as dhcpd. DHCP software is classic infrastructure. People expect that DHCP software will be available in their operating system, but few people wonder where it comes from, or how the development is funded. Kea is already packaged for most major Linux and Unix operating systems, but is still missing a few very desirable features.
ISC’s MOSS award was for $100,000, which we will use to support design and development of a management api, and a secure remote management client. Remote management is an important feature, one that is frequently requested by prospective users. We have a preliminary requirements document posted in the Kea project wiki and are starting work on a design.
Kea is already a fully functional DHCPv4 and DHCPv6 server. We have just released Kea version 1.1, which greatly expanded support for leveraging an external database for host reservations, and added a flexible client classification system. Kea is accepting community contributions on Github, with significant contributions enabling initial support for a Cassandra database backend and lightweight DHCPv4 over v6 in version 1.1.
We sometimes joke that ISC puts the “non” in “non-profit.” ISC has been funding Kea internally, and with 3+ developers and a test engineer, it is a significant effort. We are offering Kea support contracts, which we hope will eventually fund on-going maintenance, but grants like this are essential to add major new functionality, to continue to create open source infrastructure for the future. We look forward to spending this award money on adding an important feature users are asking for to the Kea open source.
- By vicky risk on October 3, 2016
Kea 1.1 is available!
We are please to announce the availability of Kea 1.1. Kea is ISC modern DHCP server, which brings new functionality to the datacenter, and any ISP or enterprise who needs to tie dynamic host control into external provisioning systems.
New features in Kea 1.1 include:
Kea 1.0 contained limited support for storing host reservations in the database backend. Kea 1.1.0 has expanded that
capability, allowing host reservations to be stored in a MySQL or PostgreSQL database. In particular, Kea 1.1.0:
– Adds host reservation (DHCPv4 and DHCPv6) using the PostgreSQL backend.
– Adds host reservation for DHCPv6 to the existing MySQL support.
– Significantly extends the existing host reservation capabilities to include reservations of specific DHCP options, reservations of siaddr, sname, and file fields within DHCPv4 messages, and reservations of multiple IPv6 addresses/prefixes.
– Allows the MySQL or PostgreSQL host reservation database to be configured read-only, in which case Kea will be able to retrieve reservations
from it, but not insert or update existing reservations. This feature is useful when a database (or database view) exists for the particular deployment and the administrator doesn’t want to grant read-write access for
In Kea 1.1 the client classification system has been expanded. A class definition contains a name and a test expression of
arbitrary complexity; if the test expression evaluates to “true” the client is a member of that class. A client may be a member of multiple
classes and can acquire options from different classes. If the configuration contains multiple definitions for data for an option in two or more of the global, class, subnet or host entries, the server will choose the definition from the most specific entry.
There are a number of objects and operators available for use in the test
– Operators include: equal, not, and, or, substring, concat
– Objects include:
– literals: string, hexadecimal, IP address and integer
– options: existence and content
– relay options for DHCPv4 and DHCPv6: existence and content
– subfields within vendor and vendor class options: existence, enterprise-id value and content
– selected fields from DHCPv4 and DHCPv6 packets
– Classes may be used to select subnets
– Classes and class specific subnets may contain option data to serve to
clients within that class
Hook Library Parameters
It is now possible to specify parameters for hook libraries in the Kea configuration file. In earlier versions of Kea, hook library authors had to use a external mechanism (such as file of a known name) to pass information across.
RFC7341 defines an architecture that allows dual-stack clients to communicate with DHCPv4 server in IPv6-only networks. Kea 1.1 introduces support for this mode of operation. It requires running both DHCPv4 and DHCPv6 servers in special mode, where DHCPv6 component does not allocate anything, but decapsulates incoming DHCPv4 messages, sends the to the DHCPv4 server and then relay back the responses.
Cassandra Database Backend
Kea 1.1.0 has added preliminary support for Cassandra as a database backend. In this release of Kea it can only
be used to store lease information, it is not able store host reservations. Cassandra support is currently considered experimental. Use with caution.
MPL 2.0 License
Kea 1.1.0 has been released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0
Professional support for Kea is available from ISC. Free best-effort support is provided by our user community via a mailing list. Information on all
public email lists is available at https://www.isc.org/community/mailing-list
If you have any comments or questions about working with Kea, please share them on the Kea Users List https://lists.isc.org/mailman/listinfo/kea-users.
Bugs and feature requests may be submitted via the ticket tracking system at http://kea.isc.org
- By vicky risk on July 17, 2015
Letter from the President
We are now a trimmer and more functional organization, with financial controls, stability and predictability.
We determined that BIND revenues had been subsidizing our other efforts, so we put more back into BIND, adding three DNS engineers in early 2015. On the operations side, we are cutting back on subsidized programs that no longer make sense, like commercial hosting and commercial SNS, while refocusing our efforts on public benefit F-Root and ccTLD DNS publishing. We have had virtually no personnel turnover in more than a year since our reductions in force, and our customers and partners have stuck with us, too, maintaining a 93% renewal rate.
Going forward, ISC continues to balance our public benefit mission with financial stability; we are working cooperatively with other open source providers to provide commercial support for products like NLnet Lab’s Unbound and are in talks to add more. We’ve removed restrictions on our Knowledge Base so that everyone, not just paying customers, can access our technical documentation, and added 36 new feature articles and a comprehensive BIND DNSSEC guide just in 2014.
We are reaching out to our external contributors, accepting patches as a greater priority, and granting accounts in our bug tracking system to our frequent contributors. We opened public access read-only GITs for BIND and ISC DHCP, and posted our new DHCP project, Kea, on Github. We continue making significant contributions to industry standards development and have strong roles in NANOG, the IETF, RIPE NCC, DNS/OARC, ISOC, and ICANN to name a few.
ISC carries no debt, is approximately break even, and has sufficient financial reserves to carry us through normal downturns in the business. We are proud of our past and excited about our future. We are aggressively in discussions around the globe to research emerging problems we can help solve and playing fields we can help level. We aren’t going anywhere but forward. We hope you will consider supporting our mission financially and furthering our common goals.
President, Internet Systems Consortium
Attached: 2014 Annual Report
Last modified: January 30, 2014 at 11:49 am