# Kea 2.1.5, April 27 2022, Release Notes Welcome to Kea 2.1.5, the sixth monthly release of the 2.1 development branch. As with any other development release, use this with caution: development releases are not recommended for production use. Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a REST API; optional database support (MySQL and PostgreSQL); optional RADIUS, Kerberos, and Yang/NETCONF support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, run-time configuration monitoring and updates via a REST API, host reservations, client classification, and more. The text below references issue numbers. For more details, visit the Kea GitLab page at https://gitlab.isc.org/isc-projects/kea/issues. The following bugfixes and features have been implemented since the Kea 2.1.4 release: 1. **DDNS Tuning hook**: A new premium hook has been created. The DDNS Tuning library adds custom behaviors related to Dynamic DNS updates on a per-client basis. Its primary feature is to allow the host name used for DNS to be calculated using an expression. This can be specified globally or on a per-subnet basis [#1548, #2387, #2386]. 2. **Opening sockets retries**: Earlier Kea versions produced an error message when socket opening failed, but otherwise attempted to continue normally. That was troublesome in some cases, especially during booting, when the interface had not yet completed initialization. In that case Kea started, printed an error, and then ran without open sockets. This created the illusion that the service was healthy, when in fact it was not usable. As of 2.1.5, Kea can be instructed to retry opening sockets, with a configurable number of retries. Also, Kea can be told to shut down when sockets fail to open completely after multiple retries [#1716]. 3. **Role-Based Access Control (RBAC)**: Work is underway to provide RBAC in Kea. In this release, the design has been updated and the HTTP library has been instrumented. It can now make the connection details, such as remote IP, TLS certificate, or authentication information, available to other components [#1263]. The first feature using RBAC is extended logging information: the Control Agent now prints the IP address of the remote entity that sent commands [#687]. Development of a full role-based access control capability is ongoing. 4. **Limits design**: We have begun to implement the ability to limit the number of leases. Two primary scenarios are considered - limiting the number of leases per second and the number of leases for certain classes, e.g. one per household. Requirements (see https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/Lease-Limiting-an d-Rate-Limiting-Requirements) and design documents (https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/Lease-Limiting-a nd-Rate-Limiting-Design) have been written and are undergoing review. We welcome your feedback; unfortunately, commenting on wiki pages is not possible, so please add any feedback to the GitLab issue [#237]. 5. **Subnet selection failure logs**: One of the crucial steps in Kea's operation is subnet selection, i.e. an algorithm to determine which subnet to use for allocating leases. This process is complex and can fail. Kea is now more verbose regarding the details if subnet selection fails, which should make debugging allocation failures easier [#2352]. 6. **Split operator in expressions**: A new operator to split strings has been added to expressions. For example, to get the `foo` hostname from the fully qualified `foo.example.org`, the following expression can be used: `split(‘foo.example.org’, ‘.’, 1)`. A particular use case for this is the new DDNS Tuning hook that can split fully qualified domain names into separate labels; however, the function is generic and can also be used for other purposes [#2272]. 7. **Documentation update**: We added an explanation of when it is acceptable to configure overlapping pools for addresses and prefixes [#1842], clarified the premium hook installation documentation [#2382]. `gss-tsig-rekey` and `gss-tsig-rekey-all` are now properly documented [#2259]. We corrected the Framed-IPv6-Pool and Framed-Pool attributes in the RADIUS hook documentation [#2337]. 8. **Testing improvements**: We fixed a problem where tests failed if the system under test had an "eth1" interface [#2377]. Hammer, our build tool, is now able to configure TLS for MySQL, which is helpful in testing environments [#2353]. 9. **Cassandra, benchmarks support removed** The Cassandra database has been deprecated for a while now and the code has been removed [#2116]. Cassandra support has been removed from the `hammer` tool [#2375]. Support for benchmarks, a developer feature that has not been maintained, has been removed [#2372]. ## Incompatible Changes 1. **Cassandra support has been removed**. This support has been deprecated since 1.9.9. As we approach the 2.2.0 release, the time has come to remove the code. Kea 2.1.5 still has the `--with-cql` switch, but all it does is print an error about Cassandra no longer being supported. If your deployment still uses Cassandra, please consider migration to alternative backends - MySQL or PostgreSQL. There are clustering solutions available for both of them that to some degree look similar to Cassandra [#2116, #2375]. 2. **Benchmarks have been removed**. Benchmarks was a developer-only compilation option that enabled synthetic benchmarks for assessing raw backend performance. This feature was not maintained and was superseded by performance tests that are able to exercise Kea in much more lifelike scenarios. There were also known problems with benchmarks; ISC did not use them and was not aware of anyone using them. Thus, the decision has been made to remove them. As this was not a user-visible feature, the usual "deprecate then remove" procedure has not been followed [#2372]. ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 The premium and subscriber-only hook libraries are provided under the terms of an End User License Agreement. ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/\~isc/repos/ The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download The signature was generated with the ISC code signing key, which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at https://kea.readthedocs.io/en/latest/index.html. Limitations and known issues with this release can be found at https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list. We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list (https://lists.isc.org/mailman/listinfo/kea-users. We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea and DHCP software support see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list. ## Changes The following summarizes changes and important upgrade notes since the 2.1.4 release for Kea core: 2015. [bug] tmark Fixed an issue in kea-dhcp6 that was causing the server not to update the FQDN option in outbound responses when the ddns-tuning hook lib calculates a new host name. (Gitlab #2392) 2014. [bug] tmark Correct an issue that was causing reconfigure to fail in kea-dhcp4 and kea-dhcp6 when using ddns-tuning hook library. (Gitlab #2390) 2013. [build] razvan Library version numbers bumped for Kea 2.1.5 development version. (Gitlab #2385) 2012. [doc] andrei Documented whether it's OK or not to have overlapping pools, including PD pools in IPv6. (Gitlab #1842) 2011. [func] djt Added CTRL_AGENT_COMMAND_RECEIVED log line with command and source address to the kea-ctrl-agent for commands which are not forwarded on to another daemon. Added client remote-address to CTRL_AGENT_COMMAND_FORWARDED log message if it is available. (Gitlab #687) 2010. [func] razvan Several extra log messages now detail the subnet selection process. The messages are available on debuglevel 40. (Gitlab #2352) 2009. [func] tmark Added new hook callout points: ddns4_update to Kea DHCPv4 server and ddns6_update to Kea DHCPv6 server. This enables use of the ddns-tuning hook library. (Gitlab #1548) 2008. [func]* tomek The support for benchmarks have been removed. (Gitlab #2372) 2007. [func] tmark Added split() function to classification expression language. (GitLab #2272) 2006. [func] slawek Added ``service-sockets-require-all`` parameter to specify mandatory successfully binding all needed service sockets to initialize DHCP services (defaults to false). If any socket is unavailable, then the service fails to start. Added ``service-sockets-max-retries`` parameter (defaults to 0) to specify the number of retries to open unavailable sockets and ``service-sockets-retry-wait-time`` parameter to specify a time interval to wait between attempts. (Gitlab #1716) 2005. [func]* razvan The support for Cassandra database backend has been removed. (Gitlab #2116) And for Kea premium: 142. [func] tmark Added ddns-tuning hook library. (Gitlab #1548) 141. [func]* razvan The support for Cassandra database backend has been removed. (Gitlab #2116) See https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes for a complete list of release notes. Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.