# Kea 2.5.8 Release Notes, April 30, 2024 Welcome to Kea 2.5.8, the ninth monthly release of the 2.5 development series. As with any other development release, use this with caution: development releases are not recommended for production use. Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST API; optional database support (MySQL and PostgreSQL); optional RADIUS, Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, Role-Based Access Control, run-time configuration monitoring and updates via a REST API, host reservations, and client classification. The text below references issue numbers. For more details, visit the Kea GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For details about Docker issues, visit the page at https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details about packaging, visit the page at https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/. The following bug fixes and features have been implemented since the previous release, version 2.5.7: 1. **Performance Monitor hook**: A new open source hook is available that provides insight into Kea performance and might be very useful for troubleshooting performance bottlenecks. The hook is highly configurable and allows reporting of many metrics and alarms [#3047, #3297, #3278]. 2. **High Availability (HA)**: The HA mechanism is a bit more robust now. We fixed an inconsistent HA state that occurred when one of the terminated services was restarted and the other one was not. The restarted service now waits 10 minutes for the partner to restart; if the partner is not restarted within that time, the service transitions to the terminated state to continue responding to DHCP traffic [#3250]. We corrected an issue in processing the `server-name` argument of the `ha-sync` command; the argument was ignored when the synchronization with a backup server was performed [#3276]. 3. **Delegated-IPv6-Prefix in RADIUS**: The RADIUS hook now supports the `Delegated-IPv6-Prefix` RADIUS attribute, which can be used to reserve an IPv6 Prefix Delegation [#2984]. 4. **Stash Agent options**: ISC DHCP provided a `stash-agent-options` mechanism that, when enabled, caused the server to remember options inserted by a relay agent during the initial exchange with a client. This mechanism is now supported by Kea. In cases where clients using relay options on initial address assignment renew by communicating directly with the server, bypassing the relay, those relay options are now preserved for use during renewal. [#2976]. 5. **Better transaction ID logging**: Several loggers (`alloc-engine`, `bad-packets`, `ddns`, `eval`, `leases`, `options`, `packets`) were extended to provide more information about transaction-id, hardware address, and client-id details in existing log messages [#2820]. 6. **Security**: It is now possible to configure Kea to read a TSIG secret from a file on disk [#3133]. 7. **Bug fixes**: A bug was fixed when `reservation-del` was used to delete IPv6 reservations on Postgres [#3294]. We fixed a bug where omitting the `response-filters` parameter for the RBAC hook configuration resulted in commands being rejected [#3314]. A crash in the performance monitor hook, which occurred when no subnet was assigned, was fixed [#3347]. A crash was fixed that could manifest itself if start-up failed and there were at least two hooks loaded [#3308]. We added better IO service handling in a multi-threaded environment [#3315]. The `-T` command-line parameter used to test configuration is now a bit more robust [#3305]. The Postgres schema was corrected: a DHCPv4 index now points correctly to the DHCPv4 table [#2957]. Earlier Kea versions dropped the whole packet if an invalid FQDN option was received; this is now corrected and only the option is ignored, rather than the whole packet [#3289]. We fixed a potential heap-use-after-free bug in the ping check hook [#3281]. An issue that could cause kea-dhcp-ddns to stop processing queued requests was addressed [#3295]. 8. **Documentation**: The ARM was updated to clearly state that the behavioral parameters for DDNS are obeyed, even if DDNS updates themselves are disabled [#3098]. An invalid JSON example was corrected [#3336]. 9. **Build improvements**: Hammer, the Kea build tool, now works on Rocky Linux [#3247]. The git commit hash for both the open source and premium repositories is now available in the config report [#3254]. Several sections of old code were refactored and dead code was removed [#3316, #3317, #3318, #3319, #3320, #3321]. A new script was added to check header and library dependencies in Makefiles [#1763]. A circular dependency in src/lib/log was fixed [#1743]. 10. **Testing**: The test class for Host Backend is now thread-safe [#3298]. Several improvements were made to multi-threading-enabled RADIUS unit tests [#3299]. ## Incompatible Changes No incompatible changes were introduced in 2.5.8. ## Other The Cloudsmith repository for the 2.5 releases will be phased out following the public availability of the stable 2.6.0 release. Beginning with the 2.7.X release series, we will be launching a new repository on Cloudsmith, named kea-dev, which will host the 2.7.X release alongside all future development releases. Repositories for stable releases will remain unaffected. ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 Some Kea hook libraries are provided under the MPL 2.0; others are licensed with the [Kea Hooks Basic Commercial End User License](https://www.isc.org/kea-premium-license/). The source for each hook library includes the applicable license. ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/~isc/repos/ Pre-built Docker images as well as Docker files are available. For details, see: https://gitlab.isc.org/isc-projects/kea-docker The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download The signature was generated with the ISC code-signing key, which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB formats. ISC maintains a public open source code tree, wiki, issue tracking system, milestone planner, and roadmap at https://gitlab.isc.org/isc-projects/kea. Limitations and known issues with this release can be found at https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list. We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list (https://lists.isc.org/mailman/listinfo/kea-users). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea software support, see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list. If you have any comments or questions about working with Kea, please share them to the Kea Users list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and feature requests may be submitted via GitLab at https://gitlab.isc.org/isc-projects/kea/-/issues. ## Changes The following summarizes changes and important upgrades since the 2.5.6 release. 2228. [build] piotrek The library version numbers have been bumped up for the Kea 2.5.8 development release. (Gitlab #3355) 2227. [func] fdupont Implemented the stash-agent-options global parameter for DHCPv4 (new feature from ISC DHCP allowing to renew reserved address when the host reservation identifier is based on the dhcp-agent-options option added by a relay. (Gitlab #2976) 2226. [func] piotrek Added information about transaction ID in all possible places in loggers: alloc-engine, bad-packets, ddns, eval, leases, options, packets. (Gitlab #2820) 2225. [func] marcin Ensure backward compatibility of High Availability between Kea 2.5.8+ and earlier versions. It introduces a new origin-id argument to the dhcp-enable, dhcp-disable and ha-sync-complete-notify commands. It is ignored by the earlier Kea versions. The origin argument is sent in addition to the origin-id and has the format recognizable by the old Kea versions. (Gitlab #3344) 2224. [func] andrei Printing the version now mentions if premium is included and shows the git commit hash for the premium source code repository if the executable is built from sources. (Gitlab #3254) 2223. [bug] tmark Fixed an issue in PerfMon hook library which causes the kea6_server to crash when the server responds to a client query for which no subnet was selected. (Gitlab #3347) 2222. [bug] piotrek Fixed a bug in host_cmds. When PostgreSQL was used as hosts database storage, reservation-del command called with given IPv6 host address and the subnet Id deleted all IPv6 hosts in given subnet. Corrected the issue so that now only given host reservation is deleted. (Gitlab #3294) 2221. [bug] tmark Corrected an index on the dhcp4_servers table in the PostgreSQL schema. (Gitlab #2957) 2220. [bug] marcin Exclude packets ignored during load balancing from the pkt6-receive-drop statistics. The packets dropped by the HA hook library during subnet selection are counted in the pkt4-receive-drop and pkt6-receive-drop statistics. (Gitlab #3125) 2219. [bug] marcin Corrected an issue in processing the server-name argument of the ha-sync command. The argument was ignored when the synchronization with a backup server was performed. (Gitlab #3276) 2218. [func] marcin Addressed an inconsistent state of the High Availability service that occurs when one of the terminated services is restarted and another one is not. The restarted service waits 10 minutes for the partner restart. If the partner is not restarted the service transitions to the terminated state to continue responding to the DHCP traffic. (Gitlab #3250) 2217. [func] fdupont Extended the lenient-option-parsing compatibility flag to ignore DHCPv4 fqdn (81) and DHCPv6 client-fqdn (39) options with some invalid domain names (e.g. beginning with an empty label). (Gitlab #3289) 2216. [func] tmark PerfMon hook library is now functional. It accumulates and reports performance data, and supports alarms. Still lacking are API commands. (Gitlab #3297) 2215. [bug] tmark Corrected an issue that can cause kea-dhcp-ddns to stop processing queued requests. Thanks to Shawn Routhier from Infoblox for reporting the issue. (Gitlab #3295) 2214. [func] tmark PerfMon hook library can now parse its configuration and the ARM has been updated with more detailed information. Functionality is still limited. (Gitlab #3278) And for Kea premium: 195. [func] fdupont, andrei The RADIUS Delegated-IPv6-Prefix attribute is now supported. (Gitlab #2984) 194. [bug] fdupont, tmark Fixed a bug where commands sent to a control agent configured with RBAC roles that do not include the "response-filters" configuration option resulted in an error log message rather than treating the response filter list as empty. Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.