ISC Knowledgebase

Kea Significant Features Matrix

Wed, 24 Jun 2026 12:00:07 GMT

Private notes Only visible to team accounts This table lists the major feature differences for different releases of Kea. A "✔︎" in the table below indicates that feature is present in that branch. When all currently supported versions of Kea have the feature, we remove the row (because there is no difference to highlight). See Release Notes for More Detailed Changes This list does not include many smaller changes, including changes in existing features or minor new features. For more detail, ...

Kea 3.2: Things to be aware of when upgrading

Wed, 24 Jun 2026 04:32:40 GMT

The release of the Kea 3.2 branch includes a few changes users should know about when upgrading from Kea 3.0. If you are upgrading from a pre-3.0 version, please review the "Things to be aware of when upgrading to Kea 3.0.0" article first. The Kea Control Agent (CA) The Kea Control Agent, which was deprecated in Kea 3.0, is no longer included in the Kea distribution. If you have an installation that sends API commands to the CA for forwarding to other Kea daemons, you will need to update both yo ...

Migrating away from Kea Control Agent

Wed, 24 Jun 2026 04:30:51 GMT

Summary The Kea Control Agent (KCA) is deprecated in Kea 3.0, and has been removed as of Kea 3.2. The functions of the KCA are now fulfilled by the direct API access features of Kea 3.0 or later. This article provides guidance on migrating from the KCA to the direct API. What is changing? Prior to Kea 3.0, the only supported method to access the Kea API was via the Kea Control Agent (KCA). All API clients connected to the KCA, and the KCA forwarded API commands to the other Kea daemons. Kea ...

Kea API and Control Sockets

Wed, 24 Jun 2026 04:01:19 GMT

Introduction This article introduces the Kea Application Programming Interface (API). It briefly discusses the architecture of how the Kea API is presented, through control sockets, the direct API, and the Kea Control Agent (KCA). Use of API commands is beyond the scope of this article. Consult the Kea ARM for information on API commands and their usage. Kea API Overview The Kea DHCP server consists of up to four daemons (service processes). These daemons communicate with each other, and with ...

Kea HA Strategies Comparison

Tue, 23 Jun 2026 18:04:02 GMT

Introduction Kea's High Availability hook is the most popular solution for high availability operation. The Kea HA hook works by pairing Kea servers (a multi-node solution is also available), in either an active-active or active-passive collaboration scheme. In this way, the Kea servers can monitor each other and assume responsibility for answering on behalf of the other server in case of failure. It is also possible for multiple Kea servers to leverage the lease 'backend' feature to share a sin ...

Using Official ISC Packages for Kea

Tue, 23 Jun 2026 07:34:30 GMT

Overview ISC provides binary packages and the corresponding source code for Kea DHCP hosted on Cloudsmith. Packages and source code tarballs are provided for every release. Thank you to Cloudsmith! The repository for Kea open source packages is provided by Cloudsmith at no cost, as a community service for non-profit open source projects. The open source packages in the current release provide the base Kea software and the following hook libraries: BOOTP Classification Commands DDNS Tuning Fle ...

Kea Security

Wed, 17 Jun 2026 22:14:21 GMT

Introduction This article aims to be a central resource for all things related to Kea security. Security stance necessarily varies with the needs of the operator and the environment. A dedicated server which only runs Kea will have different security needs than a multi-purpose server hosting many services and users. Larger organizations with more people typically have tighter security requirements. As such, this article can only provide guidelines for typical scenarios. Kea administrators wi ...

Kea files and directories

Wed, 17 Jun 2026 22:05:58 GMT

Introduction This article identifies the major files and directories used by Kea, and addresses security aspects. Administrators are expected to be familiar with the Unix permissions model. To maximize security, files and directories used by Kea should have the most restrictive ownership and permissions practical while still allowing desired function. Administrators should also read Kea Security for other essential security information. Mandatory Access Control regimes like SELinux and AppArmo ...

Kea End-of-Life Dates

Wed, 17 Jun 2026 21:22:58 GMT

The following table shows the dates when ISC officially ended support for these Kea releases. ISC's intended policy is to support the two most recent stable branches of Kea. Branch End-of-Life 2.6.0 June 2026 On release of 3.2.0 2.4.0 August 2026 On release of 2.8.0 2.3.0 May 2023 2.2.0 August 2024 On release of 2.6.0 2.1.0 July 2022 2.0.0 August 2023 On release of 2.4.0 1.9.0 September 2021 1.8.0 July 2022 1.7.0 August 2020 1.6.0 September 2021 1.5.0 August 2020 1.3.0 December 2018 ...

BIND 9 Software Vulnerability Matrix

Wed, 17 Jun 2026 14:19:40 GMT

The BIND 9 Software Vulnerability Matrix details known security vulnerabilities in supported versions of BIND. Vulnerabilities are identified by their CVE ID: Common Vulnerabilities and Exposures. This page was previously called the "BIND 9 Security Vulnerability Matrix". Using this matrix Each row with a CVE ID gives the version(s) that fix that problem. Determining vulnerability To determine if/how a given version is vulnerable: Find the column heading for the corresponding branch (9.X versi ...

Kea: Use unique databases

Tue, 16 Jun 2026 20:53:48 GMT

Summary When configuring Kea to use a database for storage of leases or host reservations, use a unique database for each Kea server. Within a single Kea high availability group (HA group), the database may be shared, subject to certain considerations. Guidance Use a unique database for every Kea server. A database can be made unique by creating a different database name on the same database server, or by using different database servers. For example, if you use a central database server, creat ...

Using Kea Config File Includes

Sun, 14 Jun 2026 00:37:31 GMT

Introduction Kea features an extension to JSON that allows one to include the contents of one file into another file: The directive. This feature can be used to simplify management of Kea configurations. This article provides practical examples of such usage. How Include Works As explained in the Kea ARM, at any point in a Kea config file where a JSON element is expected, one can place a directive. When Kea loads the config file, Kea effectively replaces the

List of Kea Security Advisories

Fri, 12 Jun 2026 21:03:58 GMT

Introduction This is a complete list of all Kea security advisories, both current and historical. Advisories apply only to particular versions of Kea, and this list makes no attempt to differentiate. Consult the individual advisories to determine which Kea version(s) the advisory applies to. Advisories are listed by date, most recent first. The release date is the date of public disclosure. Advisories CVE ID Title Released CVE-2026-3608 Stack overflow in Kea daemons 2026-03-25 CVE-2025-112 ...

BIND 9 Significant Features Matrix

Thu, 11 Jun 2026 20:58:39 GMT

This table lists the major feature differences among the current supported versions of BIND 9 (with some provisional but incomplete insight into our future release plans, where features overlap with already-released branches). We also describe the deprecated and obsolete features and utilities in the smaller tables below. Please see also this ISC KB article on upgrading from BIND 9.11 to 9.16, this ISC KB article on upgrading from BIND 9.16 to 9.18 and this ISC KB article on upgrading from BIND ...

BIND 9 End-of-Life Dates

Thu, 11 Jun 2026 20:15:38 GMT

The table below shows when each major branch of BIND 9 was officially declared End of Life. For forward-looking advice, consult our Software Support Policy article. Branch Final EOL 9.18 June 2026 9.16 April 2024 9.14 May 2020 9.12 Jun 2019 9.11 Mar 2022 9.10.8-P1 Jul 2018 9.9.13-P1 Jul 2018 9.8.x – 9.8.8 Sep 2014 9.6.x – 9.6-ESV-R11-W1 Feb 2014 9.7.x – 9.7.7 Nov 2012 9.5.2-P4 Sep 2010 9.4-ESV-R5-P1 Mar 2012 9.4.0-9.4.3 Dec 2009 9.3.6-P1 Jan 2009 9.3.6 (and earlier) Dec 2008 9.2 ...

ISC Software Defect and Vulnerability Disclosure Policy

Thu, 11 Jun 2026 19:16:38 GMT

At ISC, we follow a published policy in determining whether and how to disclose defects discovered in our software products. No Bounties We are working for the interests of the greater Internet, and we hope you are too. ISC does not offer bug bounties(1). If you think you have found a bug in any ISC software, we encourage you to report it responsibly; if verified, we will be happy to credit you in our Release Notes. (1) In late 2025 The European Commission offered to fund a one year bug bounty p ...

ISC's Software Support Policy and Version Numbering

Thu, 11 Jun 2026 19:07:55 GMT

The purpose of this article is to help users determine how long a given ISC release is likely to be supported. This information is useful when deciding when to schedule a migration, or in some cases, to help determine which version to migrate to when updating. This is a rough guide, not a guarantee, and release dates are approximate. For the most current information on the status of any particular software version, please refer to the software status listed on the downloads page. BIND 9 (updated ...

BIND 9, Kea, Stork, and ISC DHCP source code access

Thu, 11 Jun 2026 09:43:50 GMT

ISC source code is available online for developers and contributors. Public releases are always available from the downloads page on the ISC website (https://www.isc.org/download/) and https://downloads.isc.org/isc. No password is required. The software repositories are all on GitLab: BIND 9 working repository on gitlab.isc.org Kea DHCP working repository on gitlab.isc.org Stork working repository on gitlab.isc.org ISC DHCP working repository on gitlab.isc.org - this software is End-of-Life Fo ...

Things to be aware of when upgrading to Kea 3.0.0

Thu, 11 Jun 2026 09:17:10 GMT

The release of the Kea 3.0 branch brings with it many changes users need to know about. Hooks libraries re-licensed and re-packaged Most Kea hook libraries have become open source and are freely available; the only exceptions are the Role-Based Access Control hook (RBAC) and the Configuration Backend hook (CB), which remain commercially licensed. The open source hook libraries will be available in the Kea source tarball and for package installation from the official ISC repositories on Cloudsmit ...

Using DLZ in BIND

Fri, 05 Jun 2026 07:40:20 GMT

What is DLZ? DLZ (Dynamically Loadable Zones) is a contributed extension to BIND 9 that allows zone data to be retrieved directly from an external database. There is no required format or schema. DLZ drivers exist for several different database backends including PostgreSQL, MySQL, and LDAP and can be written for any other. As of BIND 9.8, it is also possible to link some DLZ modules dynamically at runtime via the DLZ "dlopen" driver, which acts as a generic wrapper around a shared object that ...