I observe how so many of these kinds of release announcements do not start the text with a brief line introducing the project. I had never heard of Kea and clicked through out of curiosity, but that info is yet another click away: Kea is a "Modern, open source DHCPv4 & DHCPv6 server".
Right? I find submissions titles like this so frustrating: it's simply not possible to be aware of every project out there. Please, please provide me some context in the title. This would be way better with a title something like "ISC releases KEA DHCP server 3.0 as LTS"
Copy paste that phrase on every piece of content to save you a click? Why would you describe a project on a > v1 release announcement? After v1 the project has been introduced, no reason to continuously reintroduce it because someone might eventually add it to their zeitgeist.
I wonder when this will make it into pfsense... The transition to kea has been a bit of a mess with tons of bugs. Thankfully it's controlled by an option, and it seems like 2.8.0 knocked out quite a few of them
I have been using Kea on pfSense CE for a long time — I think it was version 23.0.x. Or you mean 3.0 in particular? I also have OPNsense and I am not completely convinced of their aggressive update strategy yet. For a firewall, I prefer stability over features. Jumping to the newest releases every month can have tradeoffs.
Note: in general, both OPNsense and pfSense are excellent. I have never had any problems with either one.
I don't follow pfsense too much but my understanding is OPNsense typically brings in package updates faster as they have a more frequent update cycle. I can't speak too much to bugs as I haven't migrated to Kea but imo some core functionality wasn't there until recently. And Dnsmasq seems like a better fit for me anyway, which is where I'll migrate to.
From the 25.1.6 OPNsense May update notes:
> Last but not least: Kea DHCPv6 is here. And with it full DHCP and router advertisement support in Dnsmasq to bridge the gap for ISC users who do not need or want Kea. We are going to make Dnsmasq DHCP the default in new installations starting with 25.7, too. ISC DHCP will still be around as a core component in 25.7 but likely moves to plugins for 26.1 next year.
I've been using it on opnsense since the first version it was released in. I aggressively switched because wanted to ditch my weird setup to do multi subnets (forwarding though a l3 switch). Haven't had any issues.
Great to see the hook libraries being mostly open sourced!
I was quite ok with paying the $500 or so to license the features, but the friction to get that through procurement processes also ended up killing it.
Kea is perfect for integrating with zero touch provisioning automation processes.
More than that, it is an ISC project, is the successor to ISC DHCP (now end-of-life & unsupported for a few years), and weirdly started out as part of BIND 10.
Would be nice if Infoblox used Kea instead of dhcpd, that way you could change DHCP reservations without having to restart the services to have it take effect.
Kea's new thing is scaling up for very large/complex installations (multithreading, database backends, a fair amount of plugins for specialized use cases). Which almost nobody really needs to do, so it's a shame ISC dhcpd was discontinued before Kea was at full feature parity.
I have a positive ending Kea story. We deployed 20,000 PS5 APUs (AKA: AsRock BC-250) each is a individual blade computer that was PXE booted.
We started to see strange behavior on the network and it took a bit of trial and error to figure out what was going wrong. Eventually, we traced it down to dnsmasq being unable to keep up with all the DHCP UDP traffic regardless of how we tuned the kernel/networking buffers.
Switched to Kea and all of our problems magically went away.
I observe how so many of these kinds of release announcements do not start the text with a brief line introducing the project. I had never heard of Kea and clicked through out of curiosity, but that info is yet another click away: Kea is a "Modern, open source DHCPv4 & DHCPv6 server".
Right? I find submissions titles like this so frustrating: it's simply not possible to be aware of every project out there. Please, please provide me some context in the title. This would be way better with a title something like "ISC releases KEA DHCP server 3.0 as LTS"
Copy paste that phrase on every piece of content to save you a click? Why would you describe a project on a > v1 release announcement? After v1 the project has been introduced, no reason to continuously reintroduce it because someone might eventually add it to their zeitgeist.
ISC DHCPd is (being) EOLed.
Kea is ISC's new DHCP server.
Has been. It was done two and a bit years ago, and the change has even reached Debian now. (-:
* https://packages.debian.org/source/trixie/isc-dhcp
* https://isc.org/blogs/isc-dhcp-eol/
I wonder when this will make it into pfsense... The transition to kea has been a bit of a mess with tons of bugs. Thankfully it's controlled by an option, and it seems like 2.8.0 knocked out quite a few of them
I have been using Kea on pfSense CE for a long time — I think it was version 23.0.x. Or you mean 3.0 in particular? I also have OPNsense and I am not completely convinced of their aggressive update strategy yet. For a firewall, I prefer stability over features. Jumping to the newest releases every month can have tradeoffs.
Note: in general, both OPNsense and pfSense are excellent. I have never had any problems with either one.
Is opnsense ahead for this then? Or same
I don't follow pfsense too much but my understanding is OPNsense typically brings in package updates faster as they have a more frequent update cycle. I can't speak too much to bugs as I haven't migrated to Kea but imo some core functionality wasn't there until recently. And Dnsmasq seems like a better fit for me anyway, which is where I'll migrate to.
From the 25.1.6 OPNsense May update notes:
> Last but not least: Kea DHCPv6 is here. And with it full DHCP and router advertisement support in Dnsmasq to bridge the gap for ISC users who do not need or want Kea. We are going to make Dnsmasq DHCP the default in new installations starting with 25.7, too. ISC DHCP will still be around as a core component in 25.7 but likely moves to plugins for 26.1 next year.
https://docs.opnsense.org/releases/CE_25.1.html#may-08-2025
I've been using it on opnsense since the first version it was released in. I aggressively switched because wanted to ditch my weird setup to do multi subnets (forwarding though a l3 switch). Haven't had any issues.
Great to see the hook libraries being mostly open sourced!
I was quite ok with paying the $500 or so to license the features, but the friction to get that through procurement processes also ended up killing it.
Kea is perfect for integrating with zero touch provisioning automation processes.
What is this? Kea 3.0 has been out for years already :D https://keajs.org/blog/kea-3.0
(I'm the author of a JS framework with the same name)
Good news releasing the commercial extensions as open source too. It opens up new ways of automating operations.
I’ll google it in a moment, but skimming those notes, I have no idea what Kea is.
The submitted link might be better changed to the actual release notes: https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Note... which start with this information.
As others have said, Kea is a DHCP server.
More than that, it is an ISC project, is the successor to ISC DHCP (now end-of-life & unsupported for a few years), and weirdly started out as part of BIND 10.
Ref: https://www.isc.org/dhcphistory/#the-kea-dhcp-server
(And I vaguely recall it's used as the DHCP component in a few other things, like maybe Infoblox).
Would be nice if Infoblox used Kea instead of dhcpd, that way you could change DHCP reservations without having to restart the services to have it take effect.
1 reply →
I was wondering that too. A DHCP server, apparently: https://www.isc.org/kea/
(This is one place where I think a little editorializing to the page title to add context would be helpful.)
A DHCP server for those who are wondering
Won't take long, ISC doesn't do 'much' but they do it well
I remember Dan Bernstein (djb) being scathing about BIND. To the extent of writing his own DNS suite. Is that all ancient history now?
8 replies →
they certainly made some memorable CVEs well
Next gen reference DHCP server. IIRC it's new thing is IPv6 support.
Not really; ISC dhcpd supported DHCPv6 just fine.
Kea's new thing is scaling up for very large/complex installations (multithreading, database backends, a fair amount of plugins for specialized use cases). Which almost nobody really needs to do, so it's a shame ISC dhcpd was discontinued before Kea was at full feature parity.
DHCP server?
I have a positive ending Kea story. We deployed 20,000 PS5 APUs (AKA: AsRock BC-250) each is a individual blade computer that was PXE booted.
We started to see strange behavior on the network and it took a bit of trial and error to figure out what was going wrong. Eventually, we traced it down to dnsmasq being unable to keep up with all the DHCP UDP traffic regardless of how we tuned the kernel/networking buffers.
Switched to Kea and all of our problems magically went away.
Wow, I didn't know the BC250s were used at such scale. I bought two to play with for dirt cheap, but haven't gotten around to it yet.
Are they primarily used for mining?
We used them for mining ethereum, but no longer.
There is a good fairly easily discovered discord out there for enthusiasts.
Can one run mainline Linux on these boards?
Information on running the AMD BC-250 powered ASRock mining boards as a desktop
https://github.com/mothenjoyer69/bc250-documentation
We ran Linux (Ubuntu) on them, PXE booted with a minimal image.