# Kea 2.5.5 Release Notes, January 31, 2024

Welcome to Kea 2.5.5, the sixth monthly release of the 2.5 development 
series. As with any other development release, use this with caution: 
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium 
(ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST 
API; optional database support (MySQL and PostgreSQL); optional RADIUS, 
Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea 
provides extensive management capabilities, including but not limited 
to: TLS support, Role-Based Access Control, run-time configuration 
monitoring and updates via a REST API, host reservations, and client 
classification.

The text below references issue numbers. For more details, visit the Kea 
GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For 
details about Docker issues, visit the page at 
https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details 
about packaging, visit the page at 
https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/.

The following bug fixes and features have been implemented since the 
previous release, version 2.5.4:

 1. **Hub-and-spoke model in High Availability (HA)**: Kea can now 
handle multiple HA relationships. In particular, it can handle the 
popular scenario of a central office (hub) providing failover support to 
multiple smaller satellite offices (spokes), reducing the number of 
servers required overall for a high-availability deployment. Extensive 
tests of this new functionality have not yet been completed, so use this 
with caution and consider it an experimental feature [ #3178, #1149].
 2. **ARM packages**: Starting with this release, binary packages are 
provided for aarch64 architecture, in addition to the usual x64 (amd64) 
architecture. The Hammer build tool has been extended to support aarch64 
[ #3186].
 3. **Bulk leasequery and IPv6 prefixes**: Kea now returns all the 
associated PD (Prefix Delegation) leases when queried over BLQ protocol 
[ #3149].
 4. **New global parameters in Config Backend**: The Configuration 
Backend now supports scalar parameters contained by top-level global 
scopes: `compatibility`, `control-socket`, `dhcp-ddns`, 
`expired-leases-processing`, `multi-threading`, `sanity-checks`, 
`server-id`, and `dhcp-queue-control`. The parameters may be stored 
using dot notation; for example, the `lenient-option-parsing` parameter 
in the `compatibility` scope can be referenced as 
`compatbility.lenient-option-parsing` [ #1790].
 5. **RADIUS and HA**: The RADIUS hook has the ability to send 
accounting updates to the RADIUS server. In scenarios where HA and 
RADIUS hooks are used together, the Kea server sends accounting updates 
when receiving lease updates from a partner, even if the partner already 
sent them. This might not be preferable in some deployments. A new 
option `peer-updates` can be set to "false" to disable this behavior [ 
#3123].
 6. **Vendor options in NETCONF**: The NETCONF model has been updated 
and Kea code has been corrected to properly handle vivso 
(vendor-independent vendor-specific) options [ #3198].
 7. **Ping-check hook updates**: Ping-check now honors the network 
state. Under certain circumstances, such as various HA states or 
administrative action (the `dhcp-disable` command), the Kea server can 
operate in a disabled state where no DHCP traffic is serviced. Starting 
with this release, the ping-check hook now obeys the global state and 
refrains from sending ICMP packets when no DHCP packets are to be sent [ 
#3187]. Ping-check is now able to operate in single-threaded mode [ 
#3107]. The ping-check hook now updates HA partners if a lease is 
declined [ #3110].
 8. **Database connection retry on startup**: Kea can be set to not 
retry database connection attempts on startup. The new 
'retry-on-startup' parameter controls this behavior along with the other 
existing parameters: 'on-fail', 'max-reconnect-tries', and 
'reconnect-wait-time' [ #3019].
 9. **Classless static route option**: Option 121 for DHCPv4 is now 
supported [ #3074].
10. **RADIUS**: The legacy RADIUS hook based on the FreeRADIUS-client 
has been removed. Moving forward, the new implementation, which is 
entirely Kea-based with no external dependencies, is the only way to use 
RADIUS in Kea [ #3168].
11. **Documentation**: The Knowledgebase (KB) article about installing 
Kea from packages was expanded and now explains how to optionally 
configure a proxy to reach the appropriate Cloudsmith repository. For 
details, see https://kb.isc.org/docs/isc-kea-packages [ #3136].
12. **Bug fixes**: A new warning message is shown when the 
`ip-reservation-unique` flag is set to "true", but the database contains 
multiple reservations for the same IP [ #3108]. The run(), run_once(), 
and poll() methods in IOService are now guarded against possible 
exceptions [ #3112]. Many smaller issues reported by Coverity Scan were 
fixed [ #3119]. The getopt function call has been improved to adhere 
better to Alpine's musl implementation [ #2788].
13. **Build improvements**: `hammer`, a Kea build tool used mostly by QA 
and release engineering, has gotten a new `--just-configure` option [ 
#3229]. Compilation issues with the Botan library have been fixed [ 
#3191]. Hammer was updated to build Kea while no longer needing the 
FreeRADIUS-client dependency [ #3128].
14. **Kea Premium License updated**: The end-user license agreement for 
commercially licensed Kea hooks has been updated to clarify some terms. 
The current version is 2.1.1.

## Incompatible Changes

1. **Legacy RADIUS hook removed**: With this release, the new RADIUS 
hook is fully functional and is a complete replacement for the old 
implementation. The old FreeRADIUS-client based hook has been removed [ 
#3168].

## License

This version of Kea is released under the Mozilla Public License, 
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

Some Kea hook libraries are provided under the MPL 2.0; others are 
licensed with the [Kea Hooks Basic Commercial End User 
License](https://www.isc.org/kea-premium-license/). The source for each 
hook library includes the applicable license.

## Download

Pre-built ISC packages for current versions of the most popular Linux 
operating systems are available at:

https://cloudsmith.io/~isc/repos/

Pre-built Docker images as well as Docker files are available. For 
details, see:

https://gitlab.isc.org/isc-projects/kea-docker

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

The signature was generated with the ISC code-signing key, which is 
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions 
and usage tutorials, in the Kea Administrator Reference Manual. 
Documentation is included with the installation or at 
https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB 
formats. ISC maintains a public open source code tree, wiki, issue 
tracking system, milestone planner, and roadmap at 
https://gitlab.isc.org/isc-projects/kea.

Limitations and known issues with this release can be found at 
https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list.

We ask users of this software to please let us know how it worked for 
you and what operating system you tested on. Feel free to share your 
feedback on the Kea Users mailing list 
(https://lists.isc.org/mailman/listinfo/kea-users). We would also like 
to hear whether the documentation is adequate and accurate. Please open 
tickets in the Kea GitLab project for bugs, documentation omissions and 
errors, and enhancement requests. We want to hear from you even if 
everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all 
professional users to consider this option; Kea maintenance is funded 
with support subscriptions. For more information on ISC's Kea software 
support, see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing 
list. Information on all public email lists is available at 
https://www.isc.org/community/mailing-list. If you have any comments or 
questions about working with Kea, please share them to the Kea Users 
list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and 
feature requests may be submitted via GitLab at 
https://gitlab.isc.org/isc-projects/kea/-/issues.

## Changes

The following summarizes changes and important upgrades since the 2.5.4 
release.

2203.	[build]		razvan
	The library version numbers have been bumped up for the Kea 2.5.5
	development release.
	(Gitlab #3235)

2202.	[func]		razvan
	The Configuration Backend now supports scalar parameters
	contained by top level global maps: 'compatibility',
	'control-socket', 'dhcp-ddns', 'expired-leases-processing',
	'multi-threading', 'sanity-checks', 'server-id' and
	'dhcp-queue-control'.
	(Gitlab #1790)

2201.	[func]		andrei
	To facilitate setting multiple option-data entries with same code
	and space, but different data, the set of keys for the
	option-data list was extended with the "data" leaf in YANG
	modules.
	(Gitlab #3198)

2200.	[func]		piotrek
	Kea now supports new DHCPv4 option code 121, Classless Static
	Route option defined in RFC 3442.
	Option may be defined in binary format and also as a string
	using convenient static route notation.
	(Gitlab #3074)

2199.	[func]		marcin
	Added support for hub-and-spoke high availability configuration.
	(Gitlab #3106, #3178)

2198.	[func]		razvan
	A new log message
	DHCPSRV_CFGMGR_IP_RESERVATIONS_UNIQUE_DUPLICATES_DETECTED is
	shown when multiple reservations are detected for the same IP
	address.
	(Gitlab #3108)

2197.	[func]		razvan
	Added support for database connection retry on server startup.
	The new 'retry-on-startup' parameter controls this behavior along
	with the other existing parameters: 'on-fail',
	'max-reconnect-tries' and 'reconnect-wait-time'.
	(Gitlab #3019)

2196.	[func]		tmark
	The ping-check hook library can now be used with kea-dhcp4
	in either multi-threaded or single-threaded mode.
	(Gitlab #3107)

2195.	[func]		tmark
	Added a new hook point to kea-dhcp4, "lease4_server_decline".
	DHCPv4 leases declined by ping-check hook library are now
	propagated to HA peers.
	(Gitlab #3110)

And for Kea premium:

191.	[doc]		Vicky
	Update the license agreement to version 2.2.1, adding sections
	8.3.1, 8.3.2 and 8.3.3 to add definitions for leasing addresses
	in three scenarios: for internal network services, in provision
	of network services for third parties, and OEM applications.
	(Gitlab #3234)

190.	[func]		razvan
	The Configuration Backend now supports scalar parameters
	contained by top level global maps: 'compatibility',
	'control-socket', 'dhcp-ddns', 'expired-leases-processing',
	'multi-threading', 'sanity-checks', 'server-id' and
	'dhcp-queue-control'.
	(Gitlab #1790)

189.	[func]		andrei
	The peer-updates flag can be configured under RADIUS accounting
	to enable or disable accounting requests created as a result of
	High-Availability lease updates. It is enabled by default.
	(Gitlab #3123)

188.	[bug]		fdupont
	Reimplemented v6 Bulk Lease Query by link address selector
	to retrieve all leases including prefix delegation leases
	of subnets the specified address belongs to.
	(Gitlab #3149)

187.	[func]		razvan
	Added support for database connection retry on server startup.
	The new 'retry-on-startup' parameter controls this behavior along
	with the other existing parameters: 'on-fail',
	'max-reconnect-tries' and 'reconnect-wait-time'.
	(Gitlab #3019)

186.	[func]		fdupont
	Removed the libdhcp_old_radius.so hook library.
	(Gitlab #3168)

Thank you again to everyone who assisted us in making this release 
possible.

We look forward to receiving your feedback.