ISC consortium DHCP server release , replacing the classic ISC DHCP. Project source code under license , instead of the previously used ISC DHCP ISC License.
Kea's DHCP server is based on BIND 10 technologies and using a modular architecture, which implies splitting the functionality into different handler processes. The product includes a full-featured DHCPv4 and DHCPv6 server implementation that can replace ISC DHCP. Kea has built-in dynamic DNS zone updates (Dynamic DNS), supports server discovery, address assignment, updating and reconnecting, serving information queries, reserving addresses for hosts, and PXE booting. The DHCPv6 implementation additionally provides for the possibility of delegating prefixes. A special API is provided for interacting with external applications. It is possible to update the configuration on the fly without restarting the server.
Information about allocated addresses and client parameters can be stored in different types of storage - backends are currently provided for storage in CSV files, MySQL DBMS, Apache Cassandra and PostgreSQL. Host reservation options can be set in a configuration file in JSON format or as a table in MySQL and PostgreSQL. The package includes the perfdhcp tool for measuring the performance of a DHCP server and components for collecting statistics. Kea demonstrates good performance, for example, when using the MySQL backend, the server can perform 1000 address assignments per second (about 4000 packets per second), and when using the memfile backend, the performance reaches 7500 assignments per second.
Key in Kea 1.6:
- A configuration backend (CB, Configuration Backend) has been implemented, which allows you to centrally manage the settings of several DHCPv4 and DHCPv6 servers. The backend can be used to store most Kea settings, including global settings, information about shared networks, subnets, options, pools, and option definitions. Instead of storing all these settings in a local configuration file, they can now be hosted in an external database. In this case, it is possible to determine through CB not all, but part of the settings with the imposition of parameters from the external database and local configuration files (for example, network interface settings can be left in local files).
Of the DBMS, only MySQL is currently supported for configuration storage (MySQL, PostgreSQL and Cassandra can be used to store address assignment databases (leases), and MySQL and PostgreSQL can be used to reserve hosts). The configuration in the database can be changed both through a direct call to the DBMS, and through specially prepared layer libraries that provide a typical set of commands for managing the configuration, such as adding and removing parameters, bindings, DHCP options and subnets;
- A new "DROP" handler class has been added (all packets associated with the DROP class are immediately dropped), which can be used to drop unwanted traffic, such as certain types of DHCP messages;
- Added new parameters max-lease-time and min-lease-time, which allow to define the lifetime of the address binding to the client (lease) not in the form of a hard-coded value, but in the form of a valid range;
- Improved compatibility with devices that do not fully comply with the standards for DHCP. To work around issues, Kea now sends DHCPv4 message type information at the very beginning of the options list, handles different representations of hostnames, recognizes passing an empty hostname, and allows suboptions with codes 0 to 255 to be specified;
- A separate control socket has been added for the DDNS daemon, through which you can directly send commands and make changes to the configuration. The following commands are supported: build-report, config-get, config-reload, config-set, config-test, config-write, list-commands, shutdown, and version-get;
- Eliminated (CVE-2019-6472, CVE-2019-6473, CVE-2019-6474), which can be used to commit a denial of service (causing the crash of DHCPv4 and DHCPv6 server handlers) by sending requests with incorrect options and values. The biggest problem is , which, if used for memfile storage for bindings, leads to the impossibility of restarting the server process on its own, so manual administrator intervention is required to restore operation (clearing the bindings database).
Source: opennet.ru