The ISC consortium has released the Kea 3.0 DHCP server, which replaces the classic ISC DHCP. Kea 3.0 is marked as the first release to be provided with a long-term support cycle (LTS) — updates will be released over three years. New significant stable releases are planned to be formed every six months, instead of once a year. The source code of the project is distributed under the Mozilla Public License (MPL) 2.0, instead of the ISC License previously used for ISC DHCP.
The Kea DHCP server is based on BIND 10 technologies and is built using a modular architecture that splits functionality into different handler processes. The product includes a fully functional server implementation with support for DHCPv4 and DHCPv6 protocols, capable of replacing ISC DHCP. Kea features integrated Dynamic DNS updates and supports discovery mechanisms. servers, address assignment, renewal and reconnection, servicing information requests, reserving addresses for hosts, and PXE booting. The DHCPv6 implementation additionally provides the ability to delegate prefixes.
Information about allocated addresses and client parameters can be stored in different storages, for example, backends for storing in CSV files, MySQL, Apache Cassandra and PostgreSQL DBMS are provided. Host reservation parameters can be specified in the configuration file in JSON format or as a table in MySQL and PostgreSQL. The perfdhcp tool for measuring DHCP server performance and components for collecting statistics are included. A special API is provided for interaction with external applications. Configuration can be updated on the fly without restarting the server.
Key improvements in Kea 3.0:
- Most of the TWELVE Kea libraries with pluggable handlers (hooks), previously available under a commercial license, have been moved to the open and freely distributed category (only the RBAC and Configuration Backend handlers remain commercial, while the remaining 12 handlers are open under the MPL 2.0 license). The distribution process for pluggable handlers has been changed — an access token is no longer required for installation. Open libraries are included in the main archive with the Kea source code and are available for installation from the official ISC repositories.
The capabilities provided by open handlers include: manipulation of DHCP client classes without restarting the DHCP server, updating DDNS (Dynamic DNS) in relation to clients, flexible assignment of identifiers to clients, maintaining extended logs, using GSS-TSIG for authentication, caching responses from other hosts, moving the host reservation storage to a separate DBMS, limiting the intensity of requests, ping-checking addresses before issuing to clients, integration with RADIUS servers, managing subnet settings without restarting, and support for DHCPv4/DHCPv6 Leasequery extensions. Open handlers can be used to configure subnets and reserve hosts via the Stork web interface.
- Additional checks and security enhancements have been added based on recently identified vulnerabilities. After upgrading to Kea 3.0, administrators will need to set new passwords and configure more secure access protection to remote management interfaces.
- Added built-in HTTP/TLS support. Kea Control Agent (CA) is no longer required to organize remote access, which significantly simplifies setup. DHCPv4, DHCPv6, and DHCP-DDNS background processes now have built-in support for accessing APIs via HTTP and TLS without using Control Agent. Kea Control Agent is planned to be removed in future releases.
- In order to simplify migration from ISC DHCP, the classification of clients has been changed. The ability to add options in binding to a client or subnet has been provided. The behavior when inheriting options has been brought closer to ISC DHCP.
- DHCPv6 implements an address registration mechanism (RFC 9686) that allows, instead of assigning server addresses, generate an address on the device side using SLAAC (Stateless Address Autoconfiguration), and then transmit information about the generated address to the DHCPv6 server.
- The assembly system has been modernized and transferred from Auto Tools to Meson tools.
- The code for supporting MySQL and PostgreSQL storage backends has been moved to separate libraries. These backends are no longer required for installation - if MySQL and PostgreSQL support is not required, Kea no longer requires installation of DBMS-related dependencies.
Source: opennet.ru
