Welcome to Kea 2.1.0, the first monthly release of the 2.1 development branch. As with any other development release, use this with caution: development releases are not recommended for production use.
Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a REST API; optional database support (MySQL and PostgreSQL); optional RADIUS, Kerberos, and Yang/NETCONF support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, run-time configuration monitoring and updates via a REST API, host reservations, client classification, and more.
The text below references issue numbers. For more details, visit the Kea GitLab page at [https://gitlab.isc.org/isc-projects/kea/issues](https://gitlab.isc.org/isc-projects/kea/issues).
The following bugfixes and features have been implemented since the Kea 2.0.0 release:
1.**Authoritative mode improvements.** By default, Kea assumes it has full knowledge about the networks it governs. However, it can be told that there are other servers on the network (`authoritative=false`). In such cases, Kea does not send NAK for leases it doesn't know about. This mechanism was implemented properly, but was buggy in some cases; this has been now corrected (#1584).
2.**Multi-line in forensic logging.** The forensic logging hook library can now log on multiple lines using the hex string 0x0a. Each line is prepended by the timestamp. This may be useful for verbose logging which could produce excessively long log entries (#2087).
3.**GSS-TSIG hook.** Work continues on this subscriber-only hook. While it still retains its experimental status, it is now much more robust and handles both positive and negative scenarios much better. The hook is now able to report statistics for GSS-TSIG keys (number of created GSS-TSIG keys, when TKEY exchange was created for each key, last successful use, last timeout, and last error) (#2124, #2089). General library robustness has been improved. TKEY exchange can now be cancelled, which is useful for clean reconfiguration or shutdown (#2092). Building with GSSAPI enabled and without unit tests now works properly (#2114). The code now handles a situation in which the server returns BADNAME, which can happen if the key identifier is duplicated (#2128). The ARM section has been expanded with a description of how to configure Microsoft Windows Active Directory to work with Kea's GSS-TSIG library (#2113). Unit-tests are now more robust and no longer fail on CentOS 8 and Fedora 34 (#2082, #2056). The `fallback` parameter has been added to make it possible to indicate what to do if DNS Update is supposed to be carried out, but the key for it is not available (#2125). GSS-TSIG now sets the environment variables correctly (#2109).
4.**Statistics improvements.** Kea can change its configuration dynamically. In particular, it's possible to remove subnets or change their subnet-id. Previously, Kea kept reporting leftover statistics for subnets that no longer existed; this deficiency has been fixed (#2033).
5.**Build and packaging improvements.** The Sysrepo/NETCONF detection in the configure script has been improved on Fedora systems (#2049).
6.**Documentation updates.** Many documentation updates made it into this release. Vivso options are enumerated (#1745). An example showcasing how to use forensic logging on multiple lines has been added (#2087). The Kea ARM has been proofread and corrected in many places (#2103, #2132, #2135). A small tweak in the TLS certificate-generation instructions was added (#2110).
## Incompatible Changes
1.**No NAKs for unknown addresses.** The DHCPv4 server now silently ignores DHCPREQUEST messages which request an address that Kea knows nothing about. Previously a NAK was sent in response (#1584).
2.**Upgrading from recent development versions may fail if client classes were used in CB**. Kea 1.9.10 and 1.9.11 had a bug in the delete commands for client classes in the Config Backend. If you used client classes in the config backend and deleted them using the API, the upgrade to 2.0.0 may fail. See the known issues list ([https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list#kea-1910-1911](https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list#kea-1910-1911)) for a workaround (#2126).
3.**The GSS-TSIG hook has been renamed** to `libddns_gss_tsig.so` to signify that it is supposed to be loaded by the DDNS server, as opposed to all the other hooks, which are loaded by the DHCP servers (#2115).
This version of Kea is released under the Mozilla Public License, version 2.0.
ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at [https://kea.readthedocs.io/en/latest/index.html](https://kea.readthedocs.io/en/latest/index.html) in HTML, plain text, or PDF formats. ISC maintains a public open source code tree, wiki, issue tracking system, milestone planner, and roadmap at [https://gitlab.isc.org//isc-projects/kea](https://gitlab.isc.org//isc-projects/kea).
Limitations and known issues with this release can be found at [https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list](https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list).
We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list ([https://lists.isc.org/mailman/listinfo/kea-users](https://lists.isc.org/mailman/listinfo/kea-users)). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked.
Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea and DHCP software support see [https://www.isc.org/support/](https://www.isc.org/support/).
Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at [https://www.isc.org/community/mailing-list](https://www.isc.org/community/mailing-list). If you have any comments or questions about working with Kea, please share them to the Kea Users list ([https://lists.isc.org/mailman/listinfo/kea-users](https://lists.isc.org/mailman/listinfo/kea-users)). Bugs and feature requests may be submitted via GitLab at [https://gitlab.isc.org/isc-projects/kea/issues](https://gitlab.isc.org/isc-projects/kea/issues).
The following summarizes changes and important upgrade notes since the 2.0.0 release for Kea core:
1957. [build] razvan
Library version numbers bumped for Kea 2.1.0 development
1956. [bug] tmark
Modified stat_cmds hook library to omit statistics
for non-existent subnets from results returned by
stat-lease4-get and stat-lease6-get commands.
1955. [bug] tmark
kea-dhcp4 no longer sends DHCPNAKs in response to
DHCPREQUESTs for addresses for which it has no knowledge.
1954. [doc] fdupont
Updated the Developer's Guide to explain what to do when
GSS-TSIG hook unit tests fail from a system Kerberos
1953. [build] fdupont
Changed the name of the GSS-TSIG hook library object to
And for Kea premium:
132. [func] razvan
The forensic logging hook library can now log on multiple lines
using the hex string 0x0a. Each line is prepended by the
131. [func] fdupont
Implemented a configure flag which governs the behavior
when GSS-TSIG is enabled but no key is available.
The default (and previous) behavior is to skip this
DNS server, the flag allows instead to fallback to
the disabled GSS-TSIG one.
130. [func] fdupont
Added statistics to the GSS-TSIG hook library to follow the
GSS-TSIG key and TKEY activity.
129. [bug] fdupont
The GSS-TSIG hook library now sets and restores environment
variables when configured.
128. [build, bug] fdupont
The nsupdate test tool of the GSS-TSIG hook library is
correctly built even without Google Test.
127. [build] fdupont
Changed the name of the GSS-TSIG hook library object to
See [https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes](https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes) for a complete list of release notes.
Thank you again to everyone who assisted us in making this release possible.