# Kea 2.5.8 Release Notes, April 30, 2024

Welcome to Kea 2.5.8, the ninth monthly release of the 2.5 development 
series. As with any other development release, use this with caution: 
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium 
(ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST 
API; optional database support (MySQL and PostgreSQL); optional RADIUS, 
Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea 
provides extensive management capabilities, including but not limited 
to: TLS support, Role-Based Access Control, run-time configuration 
monitoring and updates via a REST API, host reservations, and client 
classification.

The text below references issue numbers. For more details, visit the Kea 
GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For 
details about Docker issues, visit the page at 
https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details 
about packaging, visit the page at 
https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/.

The following bug fixes and features have been implemented since the 
previous release, version 2.5.7:

1. **Performance Monitor hook**: A new open source hook is available 
that provides insight into Kea performance and might be very useful for 
troubleshooting performance bottlenecks. The hook is highly configurable 
and allows reporting of many metrics and alarms [#3047, #3297, #3278].

2. **High Availability (HA)**: The HA mechanism is a bit more robust 
now. We fixed an inconsistent HA state that occurred when one of the 
terminated services was restarted and the other one was not. The 
restarted service now waits 10 minutes for the partner to restart; if 
the partner is not restarted within that time, the service transitions 
to the terminated state to continue responding to DHCP traffic [#3250]. 
We corrected an issue in processing the `server-name` argument of the 
`ha-sync` command; the argument was ignored when the synchronization 
with a backup server was performed [#3276].

3. **Delegated-IPv6-Prefix in RADIUS**: The RADIUS hook now supports the 
`Delegated-IPv6-Prefix` RADIUS attribute, which can be used to reserve 
an IPv6 Prefix Delegation [#2984].

4. **Stash Agent options**: ISC DHCP provided a `stash-agent-options` 
mechanism that, when enabled, caused the server to remember options 
inserted by a relay agent during the initial exchange with a client. 
This mechanism is now supported by Kea. In cases where clients using 
relay options on initial address assignment renew by communicating 
directly with the server, bypassing the relay, those relay options are 
now preserved for use during renewal. [#2976].

5. **Better transaction ID logging**: Several loggers (`alloc-engine`, 
`bad-packets`, `ddns`, `eval`, `leases`, `options`, `packets`) were 
extended to provide more information about transaction-id, hardware 
address, and client-id details in existing log messages [#2820].

6. **Security**: It is now possible to configure Kea to read a TSIG 
secret from a file on disk [#3133].

7. **Bug fixes**: A bug was fixed when `reservation-del` was used to 
delete IPv6 reservations on Postgres [#3294]. We fixed a bug where 
omitting the `response-filters` parameter for the RBAC hook 
configuration resulted in commands being rejected [#3314]. A crash in 
the performance monitor hook, which occurred when no subnet was 
assigned, was fixed [#3347]. A crash was fixed that could manifest 
itself if start-up failed and there were at least two hooks loaded 
[#3308]. We added better IO service handling in a multi-threaded 
environment [#3315]. The `-T` command-line parameter used to test 
configuration is now a bit more robust [#3305]. The Postgres schema was 
corrected: a DHCPv4 index now points correctly to the DHCPv4 table 
[#2957]. Earlier Kea versions dropped the whole packet if an invalid 
FQDN option was received; this is now corrected and only the option is 
ignored, rather than the whole packet [#3289]. We fixed a potential 
heap-use-after-free bug in the ping check hook [#3281]. An issue that 
could cause kea-dhcp-ddns to stop processing queued requests was 
addressed [#3295].

8. **Documentation**: The ARM was updated to clearly state that the 
behavioral parameters for DDNS are obeyed, even if DDNS updates 
themselves are disabled [#3098]. An invalid JSON example was corrected 
[#3336].

9. **Build improvements**: Hammer, the Kea build tool, now works on 
Rocky Linux [#3247]. The git commit hash for both the open source and 
premium repositories is now available in the config report [#3254]. 
Several sections of old code were refactored and dead code was removed 
[#3316, #3317, #3318, #3319, #3320, #3321]. A new script was added to 
check header and library dependencies in Makefiles [#1763]. A circular 
dependency in src/lib/log was fixed [#1743].

10. **Testing**: The test class for Host Backend is now thread-safe 
[#3298]. Several improvements were made to multi-threading-enabled 
RADIUS unit tests [#3299].

## Incompatible Changes

No incompatible changes were introduced in 2.5.8.

## Other

The Cloudsmith repository for the 2.5 releases will be phased out 
following the public availability of the stable 2.6.0 release.

Beginning with the 2.7.X release series, we will be launching a new 
repository on Cloudsmith, named kea-dev, which will host the 2.7.X 
release alongside all future development releases.

Repositories for stable releases will remain unaffected.

## License

This version of Kea is released under the Mozilla Public License, 
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

Some Kea hook libraries are provided under the MPL 2.0; others are 
licensed with the [Kea Hooks Basic Commercial End User 
License](https://www.isc.org/kea-premium-license/). The source for each 
hook library includes the applicable license.

## Download

Pre-built ISC packages for current versions of the most popular Linux 
operating systems are available at:

https://cloudsmith.io/~isc/repos/

Pre-built Docker images as well as Docker files are available. For 
details, see:

https://gitlab.isc.org/isc-projects/kea-docker

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

The signature was generated with the ISC code-signing key, which is 
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions 
and usage tutorials, in the Kea Administrator Reference Manual. 
Documentation is included with the installation or at 
https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB 
formats. ISC maintains a public open source code tree, wiki, issue 
tracking system, milestone planner, and roadmap at 
https://gitlab.isc.org/isc-projects/kea.

Limitations and known issues with this release can be found at 
https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list.

We ask users of this software to please let us know how it worked for 
you and what operating system you tested on. Feel free to share your 
feedback on the Kea Users mailing list 
(https://lists.isc.org/mailman/listinfo/kea-users). We would also like 
to hear whether the documentation is adequate and accurate. Please open 
tickets in the Kea GitLab project for bugs, documentation omissions and 
errors, and enhancement requests. We want to hear from you even if 
everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all 
professional users to consider this option; Kea maintenance is funded 
with support subscriptions. For more information on ISC's Kea software 
support, see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing 
list. Information on all public email lists is available at 
https://www.isc.org/community/mailing-list. If you have any comments or 
questions about working with Kea, please share them to the Kea Users 
list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and 
feature requests may be submitted via GitLab at 
https://gitlab.isc.org/isc-projects/kea/-/issues.

## Changes

The following summarizes changes and important upgrades since the 2.5.6 
release.

2228.	[build]		piotrek
	The library version numbers have been bumped up for the Kea 2.5.8
	development release.
	(Gitlab #3355)

2227.	[func]		fdupont
	Implemented the stash-agent-options global parameter
	for DHCPv4 (new feature from ISC DHCP allowing to
	renew reserved address when the host reservation identifier
	is based on the dhcp-agent-options option added by a relay.
	(Gitlab #2976)

2226.	[func]		piotrek
	Added information about transaction ID in all possible
	places in loggers: alloc-engine, bad-packets, ddns,
	eval, leases, options, packets.
	(Gitlab #2820)

2225.	[func]		marcin
	Ensure backward compatibility of High Availability
	between Kea 2.5.8+ and earlier versions. It introduces
	a new origin-id argument to the dhcp-enable, dhcp-disable
	and ha-sync-complete-notify commands. It is ignored by the
	earlier Kea versions. The origin argument is sent in addition
	to the origin-id and has the format recognizable by the old
	Kea versions.
	(Gitlab #3344)

2224.	[func]		andrei
	Printing the version now mentions if premium is included and
	shows the git commit hash for the premium source code repository
	if the executable is built from sources.
	(Gitlab #3254)

2223.	[bug]		tmark
	Fixed an issue in PerfMon hook library which causes
	the kea6_server to crash when the server responds
	to a client query for which no subnet was selected.
	(Gitlab #3347)

2222.	[bug]		piotrek
	Fixed a bug in host_cmds. When PostgreSQL was used as
	hosts database storage, reservation-del command called
	with given IPv6 host address and the subnet Id deleted
	all IPv6 hosts in given subnet.
	Corrected the issue so that now only given host
	reservation is deleted.
	(Gitlab #3294)

2221.	[bug]		tmark
	Corrected an index on the dhcp4_servers table
	in the PostgreSQL schema.
	(Gitlab #2957)

2220.	[bug]		marcin
	Exclude packets ignored during load balancing from the
	pkt6-receive-drop statistics. The packets dropped by the
	HA hook library during subnet selection are counted in
	the pkt4-receive-drop and pkt6-receive-drop statistics.
	(Gitlab #3125)

2219.	[bug]		marcin
	Corrected an issue in processing the server-name argument
	of the ha-sync command. The argument was ignored when the
	synchronization with a backup server was performed.
	(Gitlab #3276)

2218.	[func]		marcin
	Addressed an inconsistent state of the High Availability
	service that occurs when one of the terminated services is
	restarted and another one is not. The restarted service waits 10
	minutes for the partner restart. If the partner is not restarted
	the service transitions to the terminated state to continue
	responding to the DHCP traffic.
	(Gitlab #3250)

2217.	[func]		fdupont
	Extended the lenient-option-parsing compatibility
	flag to ignore DHCPv4 fqdn (81) and DHCPv6 client-fqdn
	(39) options with some invalid domain names (e.g.
	beginning with an empty label).
	(Gitlab #3289)

2216.	[func]		tmark
	PerfMon hook library is now functional. It accumulates
	and reports performance data, and supports alarms. Still
	lacking are API commands.
	(Gitlab #3297)

2215.	[bug]		tmark
	Corrected an issue that can cause kea-dhcp-ddns to
	stop processing queued requests. Thanks to Shawn
	Routhier from Infoblox for reporting the issue.
	(Gitlab #3295)

2214.	[func]		tmark
	PerfMon hook library can now parse its configuration
	and the ARM has been updated with more detailed
	information. Functionality is still limited.
	(Gitlab #3278)

And for Kea premium:

195.	[func]		fdupont, andrei
	The RADIUS Delegated-IPv6-Prefix attribute is now supported.
	(Gitlab #2984)

194.	[bug]		fdupont, tmark
	Fixed a bug where commands sent to a control agent
	configured with RBAC roles that do not include the
	"response-filters" configuration option resulted in
	an error log message rather than treating the response
	filter list as empty.

Thank you again to everyone who assisted us in making this release 
possible.

We look forward to receiving your feedback.