Using Kea Config File Includes

Sun, 14 Jun 2026 00:37:31 GMT

Introduction Kea features an extension to JSON that allows one to include the contents of one file into another file: The directive. This feature can be used to simplify management of Kea configurations. This article provides practical examples of such usage. How Include Works As explained in the Kea ARM, at any point in a Kea config file where a JSON element is expected, one can place a directive. When Kea loads the config file, Kea effectively replaces the

List of Kea Security Advisories

Fri, 12 Jun 2026 21:03:58 GMT

Introduction This is a complete list of all Kea security advisories, both current and historical. Advisories apply only to particular versions of Kea, and this list makes no attempt to differentiate. Consult the individual advisories to determine which Kea version(s) the advisory applies to. Advisories are listed by date, most recent first. The release date is the date of public disclosure. Advisories CVE ID Title Released CVE-2026-3608 Stack overflow in Kea daemons 2026-03-25 CVE-2025-112 ...

BIND 9 Software Vulnerability Matrix

Fri, 12 Jun 2026 02:26:26 GMT

The BIND 9 Software Vulnerability Matrix details known security vulnerabilities in supported versions of BIND. Vulnerabilities are identified by their CVE ID: Common Vulnerabilities and Exposures. This page was previously called the "BIND 9 Security Vulnerability Matrix". Using this matrix Each row with a CVE ID gives the version(s) that fix that problem. Determining vulnerability To determine if/how a given version is vulnerable: Find the column heading for the corresponding branch (9.X versi ...

Using Official ISC Packages for Kea

Fri, 12 Jun 2026 00:14:51 GMT

Overview ISC provides binary packages and the corresponding source code for Kea DHCP hosted on Cloudsmith. Packages and source code tarballs are provided for every release. Thank you to Cloudsmith! The repository for Kea open source packages is provided by Cloudsmith at no cost, as a community service for non-profit open source projects. The open source packages in the current release provide the base Kea software and the following hook libraries: BOOTP Classification Commands DDNS Tuning Fle ...

BIND 9 Significant Features Matrix

Thu, 11 Jun 2026 20:58:39 GMT

This table lists the major feature differences among the current supported versions of BIND 9 (with some provisional but incomplete insight into our future release plans, where features overlap with already-released branches). We also describe the deprecated and obsolete features and utilities in the smaller tables below. Please see also this ISC KB article on upgrading from BIND 9.11 to 9.16, this ISC KB article on upgrading from BIND 9.16 to 9.18 and this ISC KB article on upgrading from BIND ...

BIND 9 End-of-Life Dates

Thu, 11 Jun 2026 20:15:38 GMT

The table below shows when each major branch of BIND 9 was officially declared End of Life. For forward-looking advice, consult our Software Support Policy article. Branch Final EOL 9.18 June 2026 9.16 April 2024 9.14 May 2020 9.12 Jun 2019 9.11 Mar 2022 9.10.8-P1 Jul 2018 9.9.13-P1 Jul 2018 9.8.x – 9.8.8 Sep 2014 9.6.x – 9.6-ESV-R11-W1 Feb 2014 9.7.x – 9.7.7 Nov 2012 9.5.2-P4 Sep 2010 9.4-ESV-R5-P1 Mar 2012 9.4.0-9.4.3 Dec 2009 9.3.6-P1 Jan 2009 9.3.6 (and earlier) Dec 2008 9.2 ...

ISC Software Defect and Vulnerability Disclosure Policy

Thu, 11 Jun 2026 19:16:38 GMT

At ISC, we follow a published policy in determining whether and how to disclose defects discovered in our software products. No Bounties We are working for the interests of the greater Internet, and we hope you are too. ISC does not offer bug bounties(1). If you think you have found a bug in any ISC software, we encourage you to report it responsibly; if verified, we will be happy to credit you in our Release Notes. (1) In late 2025 The European Commission offered to fund a one year bug bounty p ...

ISC's Software Support Policy and Version Numbering

Thu, 11 Jun 2026 19:07:55 GMT

The purpose of this article is to help users determine how long a given ISC release is likely to be supported. This information is useful when deciding when to schedule a migration, or in some cases, to help determine which version to migrate to when updating. This is a rough guide, not a guarantee, and release dates are approximate. For the most current information on the status of any particular software version, please refer to the software status listed on the downloads page. BIND 9 (updated ...

BIND 9, Kea, Stork, and ISC DHCP source code access

Thu, 11 Jun 2026 09:43:50 GMT

ISC source code is available online for developers and contributors. Public releases are always available from the downloads page on the ISC website (https://www.isc.org/download/) and https://downloads.isc.org/isc. No password is required. The software repositories are all on GitLab: BIND 9 working repository on gitlab.isc.org Kea DHCP working repository on gitlab.isc.org Stork working repository on gitlab.isc.org ISC DHCP working repository on gitlab.isc.org - this software is End-of-Life Fo ...

Things to be aware of when upgrading to Kea 3.0.0

Thu, 11 Jun 2026 09:17:10 GMT

The release of the Kea 3.0 branch brings with it many changes users need to know about. Hooks libraries re-licensed and re-packaged Most Kea hook libraries have become open source and are freely available; the only exceptions are the Role-Based Access Control hook (RBAC) and the Configuration Backend hook (CB), which remain commercially licensed. The open source hook libraries will be available in the Kea source tarball and for package installation from the official ISC repositories on Cloudsmit ...

Using DLZ in BIND

Fri, 05 Jun 2026 07:40:20 GMT

What is DLZ? DLZ (Dynamically Loadable Zones) is a contributed extension to BIND 9 that allows zone data to be retrieved directly from an external database. There is no required format or schema. DLZ drivers exist for several different database backends including PostgreSQL, MySQL, and LDAP and can be written for any other. As of BIND 9.8, it is also possible to link some DLZ modules dynamically at runtime via the DLZ "dlopen" driver, which acts as a generic wrapper around a shared object that ...

How to change the nameservers for a zone

Tue, 02 Jun 2026 14:10:10 GMT

DNSSEC Complications The information in this article is does not address DNSSEC-signed zones. The steps for migrating DNSSEC-signed zones between nameservers are more complex, particularly if the the zone is transitioning between hosting providers. The complexity is due to the need to also transition or replace the signing keys and signatures. If the zone is DNSSEC-signed, additional research will be required. Step 1: Ensure all nameservers, new and old, are serving the same zone content. S ...

serial-query-rate, notify-rate and startup-notify-rate: how they impact zone transfers in different versions of BIND

Tue, 02 Jun 2026 14:05:08 GMT

Applies to BIND 9.10 and earlier This document applies only to BIND version 9.10 and earlier. It is retained for historical interest. For BIND 9.11 and later, see Rate-limiters for authoritative zone propagation. serial-query-rate (default 20) is a rate-limiter that has been used for a long time to control both the rate of notifies and of zone refresh (SOA queries). Although the limit is expressed as a per-second rate, it is the actions that are being limited, not the network packets needed ...

Rate-limiters for authoritative zone propagation

Tue, 02 Jun 2026 14:02:00 GMT

BIND 9.11 and later This article applies to all versions of BIND from 9.11.0 and newer. This supersedes an older document in which we explained how these rate limiting options were evolved: serial-query-rate, notify-rate and startup-notify-rate: how they impact zone transfers in different versions of BIND Along with other options for preventing too many concurrent zone updates, BIND provides three independent rate-limiters for the inter-server communications used to automatically trigger zone ...

Windows zip files for BIND 9

Mon, 01 Jun 2026 20:14:07 GMT

The BIND software no longer supports natively compiling or running on the Microsoft Windows platforms. As of these releases and later: 2021 June in BIND 9.17.16 2022 January in BIND 9.18.0 GitLab Issue 2690 GitLab Merge 5073

BIND 9.18 Significant Changes

Mon, 01 Jun 2026 19:58:01 GMT

Maintaining our process of continuous improvement, there have been some major changes in BIND with version 9.18. This article summarises what those changes are so that you can go into this upgrade knowing which features are likely to affect your installation and what parameters you might need to adjust. Major changes in 9.18 include: DoT and DoH (DNS over TLS and DNS over HTTPS) are now included as standard. The glue-cache option, has been deprecated. It no longer has any effect and will be rem ...

BIND 9.16 Significant Changes

Mon, 01 Jun 2026 19:56:13 GMT

Obsolete Version This article provides information about a branch of BIND which has reached End of Life (EOL). Support and development efforts for this version are no longer provided by ISC. There were a lot of fundamental changes in BIND between versions 9.11 and 9.16. This article summarises what those changes are so that you can go into upgrades with eyes open, knowing which features are likely to affect your installation and what parameters you might need to adjust. Major changes in 9.16 ...

DNS Flag Day - ednscomp tests and status codes

Mon, 01 Jun 2026 18:59:51 GMT

ednscomp tests and equivalent dig commands dns 'dig +noedns +noad +norec SOA ' aa 'dig +noedns +noad +norec +aaflag SOA ' ad 'dig +noedns +ad +norec SOA ' cd 'dig +noedns +noad +norec +cd SOA ' ra '### dig +noedns +noad +norec +raflag SOA ###' rd 'dig +noedns +noad +rec SOA ' tc '### dig +noedns +noad +norec +tcflag SOA ###' zflag 'dig +noedns +noad +norec +zflag SOA ' opcode ...

Security Matrices for Obsolete BIND Branches

Mon, 01 Jun 2026 16:44:24 GMT

The vulnerability matrix for each obsolete branch of BIND is kept available for historical reference. For currently supported releases, see the BIND 9 Software Vulnerability Matrix instead. SECURITY WARNING Obsolete versions of BIND are all known to be vulnerable. ISC strongly recommends upgrading to a current version as soon as practical. The obsolete matrices will not be updated to reflect new vulnerabilities. You must assume you are vulnerable if you are running an obsolete version. For ...

List of BIND Security Advisories

Mon, 01 Jun 2026 13:06:32 GMT

Introduction This is a complete list of all BIND security advisories, both current and historical. Advisories apply only to particular versions of BIND, and this list makes no attempt to differentiate. For information on which versions are vulnerable, see the BIND 9 Software Vulnerability Matrix instead. Advisories are listed by date, most recent first. The release date is the date of public disclosure. In this table, release dates prior to 2022 may not be entirely accurate; the individual ...

ISC Knowledgebase