DHCP server for large networks: Almost all extensions now open source

The Kea-DHCP software package, which is popular with corporate admins, is changing: as part of the development of the soon to be released version 3.0, the manufacturer ISC has disclosed the sources of almost all of the extensions previously offered commercially. Kea is a versatile distributor of IP addresses and network configurations that has largely replaced the ISC-DHCP server widely used in corporate networks; this was long regarded as the reference implementation for the DHCP protocol.

Nevertheless, ISC-DHCP also had weaknesses, partly due to its monolithic structure. Kea is modular and expandable. This means that administrators can decide for themselves which functions they want to include in each instance. By omitting functions, they limit complexity and increase security.

Like its predecessor ISC-DHCP, Kea is also being developed by the Internet Systems Consortium (ISC). This is a US non-profit organization that licenses the software in accordance with the Mozilla Public License (MPL). The programmers are permanently employed.

Until now, ISC has generated its funding from the revenues of commercial Kea extensions, which are mainly required by large corporate networks. In the meantime, Kea-DHCP has become popular and companies support the development by means of support contracts, so that further development is secured, ISC explains the step to disclose the sources.

The following extensions (hooks) are involved:

‣ Class Cmds - Add, update, delete and retrieve configured DHCP client classes without restarting the DHCP server.

‣ DDNS Tuning - Detailed control over the composition of the DNS hostnames that the Kea DHCP transmits to the DNS servers via dynamic update.

‣ Flex ID - Identification of DHCP devices based on almost any characteristics of DHCP requests.

‣ Forensic logging - Configurable log output and logging.

‣ GSS-TSIG library - Authentication of DDNS updates via GSS-TSIG for secure transmission of DNS updates to Windows AD domain controllers.

‣ Host Cache - Cache for requests from DHCP servers to other systems, e.g. from the RADIUS server.

‣ Host Cmds - Storage and management of DHCP reservations in an SQL database.

‣ Lease Query - DHCPv4 and DHCPv6 Leasequery (querying lease information from the network).

‣ Limits - Limiting the number of DHCP responses for certain networks or devices.

‣ P ing check - Sends an ICMP echo (ping) before assigning a lease.

Two extensions remain chargeable:

‣ Configuration Backend - Stores the Kea-DHCP configuration not in a file, but in a SQL database to automatically distribute it to many Kea-DHCP instances.

‣ Role-based Access Control - Restriction of API access to the Kea DHCP configuration using x509 certificates.

Kea 3.0 will also include new features, including:

‣ Hub-and-Spoke in the HA module: A single Kea DHCP failover server can serve as a backup for multiple primary Kea DHCP servers in a high availability (HA) configuration. Previously, only one-to-one relationships were possible in HA configurations.

‣ Regular expressions for the assignment of DHCP requests in DHCP client classes.

‣v6-only-preferred according to RFC 8925: the server uses this to inform dual-stack DHCP clients that they should no longer use IPv4.

The new features are available for testing from the current development version 2.7.7. The stable version 3.0, which is also suitable for production environments, should be ready in summer 2025. ISC now hopes that corporate users will continue to sign support contracts so that Kea-DHCP can be further developed.

(nie)