Kea Administrator Reference Manual

Kea is an open source implementation of the Dynamic Host Configuration Protocol (DHCP) servers, developed and maintained by Internet Systems Consortium (ISC).

This is the reference guide for Kea version 2.1.6. Links to the most up-to-date version of this document (in PDF, HTML, and plain text formats) can be found on Read the Docs. Other useful Kea information can be found in our Knowledgebase.

• 1. Introduction
  • 1.1. Supported Platforms
    • 1.1.1. Regularly Tested Platforms
    • 1.1.2. Best-Effort
    • 1.1.3. Community-Maintained
    • 1.1.4. Unsupported Platforms
  • 1.2. Required Software at Runtime
  • 1.3. Kea Software
• 2. Quick Start
  • 2.1. Quick Start Guide Using tarball
  • 2.2. Quick Start Guide Using Native Packages
  • 2.3. Quick Start Guide for DHCPv4 and DHCPv6 Services
  • 2.4. Running the Kea Servers Directly
• 3. Installation
  • 3.1. Packages
  • 3.2. Installation Hierarchy
  • 3.3. Build Requirements
  • 3.4. Installation From Source
    • 3.4.1. Download Tar File
    • 3.4.2. Retrieve From Git
    • 3.4.3. Configure Before the Build
    • 3.4.4. Build
    • 3.4.5. Install
    • 3.4.6. Cross-Building
  • 3.5. DHCP Database Installation and Configuration
    • 3.5.1. Building with MySQL Support
    • 3.5.2. Building with PostgreSQL support
  • 3.6. Hammer Building Tool
  • 3.7. Running Kea From a Non-root Account on Linux
  • 3.8. Deprecated Features
    • 3.8.1. Sysrepo 0.x
• 4. Kea Database Administration
  • 4.1. Databases and Schema Versions
  • 4.2. The kea-admin Tool
  • 4.3. Supported Backends
    • 4.3.1. Memfile
      • 4.3.1.1. Upgrading Memfile Lease Files From an Earlier Version of Kea
    • 4.3.2. MySQL
      • 4.3.2.1. First-Time Creation of the MySQL Database
      • 4.3.2.2. Upgrading a MySQL Database From an Earlier Version of Kea
      • 4.3.2.3. Improved Performance With MySQL
    • 4.3.3. PostgreSQL
      • 4.3.3.1. First-Time Creation of the PostgreSQL Database
      • 4.3.3.2. Initialize the PostgreSQL Database Using kea-admin
      • 4.3.3.3. Upgrading a PostgreSQL Database From an Earlier Version of Kea
      • 4.3.3.4. PostgreSQL without OpenSSL support
    • 4.3.4. Using Read-Only Databases With Host Reservations
    • 4.3.5. Limitations Related to the Use of SQL Databases
      • 4.3.5.1. Year 2038 Issue
• 5. Kea Configuration
  • 5.1. JSON Configuration
    • 5.1.1. JSON Syntax
    • 5.1.2. Comments and User Context
    • 5.1.3. Simplified Notation
  • 5.2. Kea Configuration Backend
    • 5.2.1. Applicability
    • 5.2.2. CB Capabilities and Limitations
    • 5.2.3. CB Components
    • 5.2.4. Configuration Sharing and Server Tags
    • 5.2.5. Configuration Files Inclusion
• 6. Managing Kea with keactrl
  • 6.1. Overview
  • 6.2. Command Line Options
  • 6.3. The keactrl Configuration File
  • 6.4. Commands
  • 6.5. Overriding the Server Selection
  • 6.6. Native Packages and systemd
• 7. The Kea Control Agent
  • 7.1. Overview of the Kea Control Agent
  • 7.2. Configuration
  • 7.3. Secure Connections (in Versions Prior to Kea 1.9.6)
  • 7.4. Secure Connections (in Kea 1.9.6 and Newer)
  • 7.5. Starting the Control Agent
  • 7.6. Connecting to the Control Agent
• 8. The DHCPv4 Server
  • 8.1. Starting and Stopping the DHCPv4 Server
  • 8.2. DHCPv4 Server Configuration
    • 8.2.1. Introduction
    • 8.2.2. Lease Storage
      • 8.2.2.1. Memfile - Basic Storage for Leases
      • 8.2.2.2. Why Is Lease File Cleanup Necessary?
      • 8.2.2.3. Lease Database Configuration
    • 8.2.3. Hosts Storage
      • 8.2.3.1. DHCPv4 Hosts Database Configuration
      • 8.2.3.2. Using Read-Only Databases for Host Reservations With DHCPv4
    • 8.2.4. Interface Configuration
    • 8.2.5. Issues With Unicast Responses to DHCPINFORM
    • 8.2.6. IPv4 Subnet Identifier
    • 8.2.7. IPv4 Subnet Prefix
    • 8.2.8. Configuration of IPv4 Address Pools
    • 8.2.9. Sending T1 (Option 58) and T2 (Option 59)
    • 8.2.10. Standard DHCPv4 Options
    • 8.2.11. Custom DHCPv4 Options
    • 8.2.12. DHCPv4 Private Options
    • 8.2.13. DHCPv4 Vendor-Specific Options
    • 8.2.14. Nested DHCPv4 Options (Custom Option Spaces)
    • 8.2.15. Unspecified Parameters for DHCPv4 Option Configuration
    • 8.2.16. Support for Long Options
    • 8.2.17. Stateless Configuration of DHCPv4 Clients
    • 8.2.18. Client Classification in DHCPv4
      • 8.2.18.1. Setting Fixed Fields in Classification
      • 8.2.18.2. Using Vendor Class Information in Classification
      • 8.2.18.3. Defining and Using Custom Classes
      • 8.2.18.4. Required Classification
    • 8.2.19. DDNS for DHCPv4
      • 8.2.19.1. DHCP-DDNS Server Connectivity
      • 8.2.19.2. When Does the kea-dhcp4 Server Generate a DDNS Request?
      • 8.2.19.3. kea-dhcp4 Name Generation for DDNS Update Requests
      • 8.2.19.4. Sanitizing Client Host Name and FQDN Names
    • 8.2.20. Next Server (siaddr)
    • 8.2.21. Echoing Client-ID (RFC 6842)
    • 8.2.22. Using Client Identifier and Hardware Address
    • 8.2.23. Authoritative DHCPv4 Server Behavior
    • 8.2.24. DHCPv4-over-DHCPv6: DHCPv4 Side
    • 8.2.25. Sanity Checks in DHCPv4
    • 8.2.26. Storing Extended Lease Information
    • 8.2.27. Multi-Threading Settings
    • 8.2.28. Multi-Threading Settings With Different Database Backends
    • 8.2.29. IPv6-Only Preferred Networks
    • 8.2.30. Lease Caching
  • 8.3. Host Reservations in DHCPv4
    • 8.3.1. Address Reservation Types
    • 8.3.2. Conflicts in DHCPv4 Reservations
    • 8.3.3. Reserving a Hostname
    • 8.3.4. Including Specific DHCPv4 Options in Reservations
    • 8.3.5. Reserving Next Server, Server Hostname, and Boot File Name
    • 8.3.6. Reserving Client Classes in DHCPv4
    • 8.3.7. Storing Host Reservations in MySQL or PostgreSQL
    • 8.3.8. Fine-Tuning DHCPv4 Host Reservation
    • 8.3.9. Global Reservations in DHCPv4
    • 8.3.10. Pool Selection with Client Class Reservations
    • 8.3.11. Subnet Selection with Client Class Reservations
    • 8.3.12. Multiple Reservations for the Same IP
  • 8.4. Shared Networks in DHCPv4
    • 8.4.1. Local and Relayed Traffic in Shared Networks
    • 8.4.2. Client Classification in Shared Networks
    • 8.4.3. Host Reservations in Shared Networks
  • 8.5. Server Identifier in DHCPv4
  • 8.6. How the DHCPv4 Server Selects a Subnet for the Client
    • 8.6.1. Using a Specific Relay Agent for a Subnet
    • 8.6.2. Segregating IPv4 Clients in a Cable Network
  • 8.7. Duplicate Addresses (DHCPDECLINE Support)
  • 8.8. Statistics in the DHCPv4 Server
  • 8.9. Management API for the DHCPv4 Server
  • 8.10. User Contexts in IPv4
  • 8.11. Supported DHCP Standards
    • 8.11.1. Known RFC Violations
  • 8.12. DHCPv4 Server Limitations
  • 8.13. Kea DHCPv4 Server Examples
  • 8.14. Configuration Backend in DHCPv4
    • 8.14.1. Supported Parameters
    • 8.14.2. Enabling the Configuration Backend
  • 8.15. Kea DHCPv4 Compatibility Configuration Parameters
    • 8.15.1. Lenient Option Parsing
• 9. The DHCPv6 Server
  • 9.1. Starting and Stopping the DHCPv6 Server
  • 9.2. DHCPv6 Server Configuration
    • 9.2.1. Introduction
    • 9.2.2. Lease Storage
      • 9.2.2.1. Memfile - Basic Storage for Leases
      • 9.2.2.2. Why Is Lease File Cleanup Necessary?
      • 9.2.2.3. Lease Database Configuration
    • 9.2.3. Hosts Storage
      • 9.2.3.1. DHCPv6 Hosts Database Configuration
      • 9.2.3.2. Using Read-Only Databases for Host Reservations with DHCPv6
    • 9.2.4. Interface Configuration
    • 9.2.5. IPv6 Subnet Identifier
    • 9.2.6. IPv6 Subnet Prefix
    • 9.2.7. Unicast Traffic Support
    • 9.2.8. Configuration of IPv6 Address Pools
    • 9.2.9. Subnet and Prefix Delegation Pools
    • 9.2.10. Prefix Exclude Option
    • 9.2.11. Standard DHCPv6 Options
    • 9.2.12. Common Softwire46 Options
      • 9.2.12.1. Softwire46 Container Options
      • 9.2.12.2. S46 Rule Option
      • 9.2.12.3. S46 BR Option
      • 9.2.12.4. S46 DMR Option
      • 9.2.12.5. S46 IPv4/IPv6 Address Binding Option
      • 9.2.12.6. S46 Port Parameters
    • 9.2.13. Custom DHCPv6 Options
    • 9.2.14. DHCPv6 Vendor-Specific Options
    • 9.2.15. Nested DHCPv6 Options (Custom Option Spaces)
    • 9.2.16. Unspecified Parameters for DHCPv6 Option Configuration
    • 9.2.17. Controlling the Values Sent for T1 and T2 Times
    • 9.2.18. IPv6 Subnet Selection
    • 9.2.19. Rapid Commit
    • 9.2.20. DHCPv6 Relays
    • 9.2.21. Relay-Supplied Options
    • 9.2.22. Client Classification in DHCPv6
      • 9.2.22.1. Defining and Using Custom Classes
      • 9.2.22.2. Required Classification
    • 9.2.23. DDNS for DHCPv6
      • 9.2.23.1. DHCP-DDNS Server Connectivity
      • 9.2.23.2. When Does the kea-dhcp6 Server Generate a DDNS Request?
      • 9.2.23.3. kea-dhcp6 Name Generation for DDNS Update Requests
      • 9.2.23.4. Sanitizing Client FQDN Names
    • 9.2.24. DHCPv4-over-DHCPv6: DHCPv6 Side
    • 9.2.25. Sanity Checks in DHCPv6
    • 9.2.26. Storing Extended Lease Information
    • 9.2.27. Multi-Threading Settings
    • 9.2.28. Multi-Threading Settings With Different Database Backends
    • 9.2.29. Lease Caching
  • 9.3. Host Reservations in DHCPv6
    • 9.3.1. Address/Prefix Reservation Types
    • 9.3.2. Conflicts in DHCPv6 Reservations
    • 9.3.3. Reserving a Hostname
    • 9.3.4. Including Specific DHCPv6 Options in Reservations
    • 9.3.5. Reserving Client Classes in DHCPv6
    • 9.3.6. Storing Host Reservations in MySQL or PostgreSQL
    • 9.3.7. Fine-Tuning DHCPv6 Host Reservation
    • 9.3.8. Global Reservations in DHCPv6
    • 9.3.9. Pool Selection with Client Class Reservations
    • 9.3.10. Subnet Selection with Client Class Reservations
    • 9.3.11. Multiple Reservations for the Same IP
  • 9.4. Shared Networks in DHCPv6
    • 9.4.1. Local and Relayed Traffic in Shared Networks
    • 9.4.2. Client Classification in Shared Networks
    • 9.4.3. Host Reservations in Shared Networks
  • 9.5. Server Identifier in DHCPv6
  • 9.6. DHCPv6 Data Directory
  • 9.7. Stateless DHCPv6 (INFORMATION-REQUEST Message)
  • 9.8. Support for RFC 7550 (now part of RFC 8415)
  • 9.9. Using a Specific Relay Agent for a Subnet
  • 9.10. Segregating IPv6 Clients in a Cable Network
  • 9.11. MAC/Hardware Addresses in DHCPv6
  • 9.12. Duplicate Addresses (DHCPDECLINE Support)
  • 9.13. Statistics in the DHCPv6 Server
  • 9.14. Management API for the DHCPv6 Server
  • 9.15. User Contexts in IPv6
  • 9.16. Supported DHCPv6 Standards
  • 9.17. DHCPv6 Server Limitations
  • 9.18. Kea DHCPv6 Server Examples
  • 9.19. Configuration Backend in DHCPv6
    • 9.19.1. Supported Parameters
    • 9.19.2. Enabling the Configuration Backend
  • 9.20. Kea DHCPv6 Compatibility Configuration Parameters
    • 9.20.1. Lenient Option Parsing
• 10. Database Connectivity
• 11. Lease Expiration
  • 11.1. Lease Reclamation
  • 11.2. Lease Reclamation Configuration Parameters
  • 11.3. Configuring Lease Reclamation
  • 11.4. Configuring Lease Affinity
  • 11.5. Reclaiming Expired Leases via Command
• 12. Congestion Handling
  • 12.1. What is Congestion?
  • 12.2. Configuring Congestion Handling
• 13. The DHCP-DDNS Server
  • 13.1. Overview
    • 13.1.1. DNS Server Selection
    • 13.1.2. Conflict Resolution
    • 13.1.3. Dual-Stack Environments
  • 13.2. Starting and Stopping the DHCP-DDNS Server
  • 13.3. Configuring the DHCP-DDNS Server
    • 13.3.1. Global Server Parameters
    • 13.3.2. Management API for the D2 Server
    • 13.3.3. TSIG Key List
    • 13.3.4. Forward DDNS
      • 13.3.4.1. Adding Forward DDNS Domains
        • 13.3.4.1.1. Adding Forward DNS Servers
    • 13.3.5. Reverse DDNS
      • 13.3.5.1. Adding Reverse DDNS Domains
        • 13.3.5.1.1. Adding Reverse DNS Servers
      • 13.3.5.2. Per-DNS-Server TSIG Keys
    • 13.3.6. User Contexts in DDNS
    • 13.3.7. Example DHCP-DDNS Server Configuration
  • 13.4. DHCP-DDNS Server Statistics
    • 13.4.1. NCR Statistics
    • 13.4.2. DNS Update Statistics
    • 13.4.3. Per-TSIG-Key DNS Update Statistics
  • 13.5. DHCP-DDNS Server Limitations
  • 13.6. Supported Standards
• 14. The LFC Process
  • 14.1. Overview
  • 14.2. Command-Line Options
• 15. Client Classification
  • 15.1. Client Classification Overview
  • 15.2. Built-in Client Classes
  • 15.3. Using Expressions in Classification
    • 15.3.1. Logical Operators
    • 15.3.2. Substring
    • 15.3.3. Concat
    • 15.3.4. Split
    • 15.3.5. Ifelse
    • 15.3.6. Hexstring
  • 15.4. Configuring Classes
  • 15.5. Using Static Host Reservations in Classification
  • 15.6. Configuring Subnets With Class Information
  • 15.7. Configuring Pools With Class Information
  • 15.8. Using Classes
  • 15.9. Classes and Hooks
  • 15.10. Debugging Expressions
• 16. Hook Libraries
  • 16.1. Introduction
  • 16.2. Installing Hook Packages
  • 16.3. Configuring Hook Libraries
  • 16.4. Available Hook Libraries
  • 16.5. user_chk: Checking User Access
  • 16.6. legal_log: Forensic Logging Hooks
    • 16.6.1. Log File Naming
    • 16.6.2. Configuring the Forensic Log Hooks
    • 16.6.3. DHCPv4 Log Entries
    • 16.6.4. DHCPv6 Log Entries
    • 16.6.5. Database Backend
  • 16.7. flex_id: Flexible Identifiers for Host Reservations
  • 16.8. flex_option Flexible Option for Option Value Settings
  • 16.9. host_cmds: Host Commands
    • 16.9.1. The subnet-id Parameter
    • 16.9.2. The reservation-add Command
    • 16.9.3. The reservation-get Command
    • 16.9.4. The reservation-get-all Command
    • 16.9.5. The reservation-get-page command
    • 16.9.6. The reservation-get-by-hostname Command
    • 16.9.7. The reservation-get-by-id Command
    • 16.9.8. The reservation-del Command
  • 16.10. lease_cmds: Lease Commands
    • 16.10.1. The lease4-add, lease6-add Commands
    • 16.10.2. The lease6-bulk-apply Command
    • 16.10.3. The lease4-get, lease6-get Commands
    • 16.10.4. The lease4-get-all, lease6-get-all Commands
    • 16.10.5. The lease4-get-page, lease6-get-page Commands
    • 16.10.6. The lease4-get-by-*, lease6-get-by-* Commands
    • 16.10.7. The lease4-del, lease6-del Commands
    • 16.10.8. The lease4-update, lease6-update Commands
    • 16.10.9. The lease4-wipe, lease6-wipe Commands
    • 16.10.10. The lease4-resend-ddns, lease6-resend-ddns Commands
  • 16.11. subnet_cmds: Subnet Commands
    • 16.11.1. The subnet4-list Command
    • 16.11.2. The subnet6-list Command
    • 16.11.3. The subnet4-get Command
    • 16.11.4. The subnet6-get Command
    • 16.11.5. The subnet4-add Command
    • 16.11.6. The subnet6-add Command
    • 16.11.7. The subnet4-update Command
    • 16.11.8. The subnet6-update Command
    • 16.11.9. The subnet4-del Command
    • 16.11.10. The subnet6-del Command
    • 16.11.11. The network4-list, network6-list Commands
    • 16.11.12. The network4-get, network6-get Commands
    • 16.11.13. The network4-add, network6-add Commands
    • 16.11.14. The network4-del, network6-del Commands
    • 16.11.15. The network4-subnet-add, network6-subnet-add Commands
    • 16.11.16. The network4-subnet-del, network6-subnet-del Commands
  • 16.12. BOOTP Support
    • 16.12.1. BOOTP Hooks Limitations
  • 16.13. class_cmds: Class Commands
    • 16.13.1. The class-add Command
    • 16.13.2. The class-update Command
    • 16.13.3. The class-del Command
    • 16.13.4. The class-list Command
    • 16.13.5. The class-get Command
  • 16.14. cb_cmds: Configuration Backend Commands
    • 16.14.1. Commands Structure
    • 16.14.2. Commands Structure
    • 16.14.3. Control Commands for DHCP Servers
    • 16.14.4. Metadata
    • 16.14.5. remote-server4-del, remote-server6-del commands
    • 16.14.6. remote-server4-get, remote-server6-get commands
    • 16.14.7. remote-server4-get-all, remote-server6-get-all commands
    • 16.14.8. remote-server4-set, remote-server6-set commands
    • 16.14.9. The remote-global-parameter4-del, remote-global-parameter6-del Commands
    • 16.14.10. The remote-global-parameter4-get, remote-global-parameter6-get Commands
    • 16.14.11. The remote-global-parameter4-get-all, remote-global-parameter6-get-all Commands
    • 16.14.12. The remote-global-parameter4-set, remote-global-parameter6-set Commands
    • 16.14.13. The remote-network4-del, remote-network6-del Commands
    • 16.14.14. The remote-network4-get, remote-network6-get Commands
    • 16.14.15. The remote-network4-list, remote-network6-list Commands
    • 16.14.16. The remote-network4-set, remote-network6-set Commands
    • 16.14.17. The remote-option-def4-del, remote-option-def6-del Commands
    • 16.14.18. The remote-option-def4-get, remote-option-def6-get Commands
    • 16.14.19. The remote-option-def4-get-all, remote-option-def6-get-all Commands
    • 16.14.20. The remote-option-def4-set, remote-option-def6-set Commands
    • 16.14.21. The remote-option4-global-del, remote-option6-global-del Commands
    • 16.14.22. The remote-option4-global-get, remote-option6-global-get Commands
    • 16.14.23. The remote-option4-global-get-all, remote-option6-global-get-all Commands
    • 16.14.24. The remote-option4-global-set, remote-option6-global-set Commands
    • 16.14.25. The remote-option4-network-del, remote-option6-network-del Commands
    • 16.14.26. The remote-option4-network-set, remote-option6-network-set Commands
    • 16.14.27. The remote-option6-pd-pool-del Command
    • 16.14.28. The remote-option6-pd-pool-set Command
    • 16.14.29. The remote-option4-pool-del, remote-option6-pool-del Commands
    • 16.14.30. The remote-option4-pool-set, remote-option6-pool-set Commands
    • 16.14.31. The remote-option4-subnet-del, remote-option6-subnet-del Commands
    • 16.14.32. The remote-option4-subnet-set, remote-option6-subnet-set Commands
    • 16.14.33. The remote-subnet4-del-by-id, remote-subnet6-del-by-id Commands
    • 16.14.34. The remote-subnet4-del-by-prefix, remote-subnet6-del-by-prefix Commands
    • 16.14.35. The remote-subnet4-get-by-id, remote-subnet6-get-by-id Commands
    • 16.14.36. The remote-subnet4-get-by-prefix, remote-subnet6-get-by-prefix Commands
    • 16.14.37. The remote-subnet4-list, remote-subnet6-list Commands
    • 16.14.38. The remote-subnet4-set, remote-subnet6-set Commands
    • 16.14.39. The remote-class4-del, remote-class6-del Commands
    • 16.14.40. The remote-class4-get, remote-class6-get Commands
    • 16.14.41. The remote-class4-get-all, remote-class6-get-all Commands
    • 16.14.42. The remote-class4-set, remote-class6-set Commands
  • 16.15. ha: High Availability
    • 16.15.1. Supported Configurations
    • 16.15.2. Clocks on Active Servers
    • 16.15.3. HTTPS Support
    • 16.15.4. Server States
    • 16.15.5. Scope Transition in a Partner-Down Case
    • 16.15.6. Load-Balancing Configuration
    • 16.15.7. Load Balancing with Advanced Classification
    • 16.15.8. Hot-Standby Configuration
    • 16.15.9. Passive-Backup Configuration
    • 16.15.10. Lease Information Sharing
    • 16.15.11. Controlling Lease-Page Size Limit
    • 16.15.12. Timeouts
    • 16.15.13. Pausing the HA State Machine
    • 16.15.14. Control Agent Configuration
    • 16.15.15. Multi-Threaded Configuration (HA+MT)
    • 16.15.16. Parked-Packet Limit
    • 16.15.17. Controlled Shutdown and Maintenance of DHCP servers
    • 16.15.18. Upgrading from Older HA Versions
    • 16.15.19. Control Commands for High Availability
      • 16.15.19.1. The ha-sync Command
      • 16.15.19.2. The ha-scopes Command
      • 16.15.19.3. The ha-continue Command
      • 16.15.19.4. The ha-heartbeat Command
      • 16.15.19.5. The status-get Command
      • 16.15.19.6. The ha-maintenance-start Command
      • 16.15.19.7. The ha-maintenance-cancel Command
      • 16.15.19.8. The ha-maintenance-notify Command
      • 16.15.19.9. The ha-reset Command
      • 16.15.19.10. The ha-sync-complete-notify Command
  • 16.16. stat_cmds: Supplemental Statistics Commands
    • 16.16.1. The stat-lease4-get, stat-lease6-get Commands
  • 16.17. radius: RADIUS Server Support
    • 16.17.1. Compilation and Installation of the RADIUS Hook
    • 16.17.2. RADIUS Hook Configuration
  • 16.18. host_cache: Caching Host Reservations
    • 16.18.1. The cache-flush Command
    • 16.18.2. The cache-clear Command
    • 16.18.3. The cache-size Command
    • 16.18.4. The cache-write Command
    • 16.18.5. The cache-load Command
    • 16.18.6. The cache-get Command
    • 16.18.7. The cache-get-by-id Command
    • 16.18.8. The cache-insert Command
    • 16.18.9. The cache-remove Command
  • 16.19. lease_query: Leasequery
    • 16.19.1. DHCPv4 Leasequery
    • 16.19.2. DHCPv4 Leasequery Configuration
    • 16.19.3. DHCPv6 Leasequery
    • 16.19.4. DHCPv6 Leasequery Configuration
  • 16.20. Run Script Support
  • 16.21. ddns_tuning: Tuning DDNS updates
    • 16.21.1. Procedural Host name generation
      • 16.21.1.1. DHCPv4 host name generation
      • 16.21.1.2. DHCPv6 host name generation
    • 16.21.2. Skipping DDNS Updates
  • 16.22. limits: Rate Limiting
    • 16.22.1. Configuration
  • 16.23. Role Based Access Control
    • 16.23.1. Role Based Access Control Overview
      • 16.23.1.1. Role Based Access Control Configuration
    • 16.23.2. Role Assignment
    • 16.23.3. Role Configuration
    • 16.23.4. API Commands
    • 16.23.5. Access Control Lists
    • 16.23.6. Response Filters
    • 16.23.7. Global Parameters
    • 16.23.8. Sample Configuration
    • 16.23.9. Accept/Reject Algorithm
    • 16.23.10. Extensive Example
  • 16.24. User Contexts in Hooks
• 17. Statistics
  • 17.1. Statistics Overview
  • 17.2. Statistics Lifecycle
  • 17.3. Commands for Manipulating Statistics
    • 17.3.1. The statistic-get Command
    • 17.3.2. The statistic-reset Command
    • 17.3.3. The statistic-remove Command
    • 17.3.4. The statistic-get-all Command
    • 17.3.5. The statistic-reset-all Command
    • 17.3.6. The statistic-remove-all Command
    • 17.3.7. The statistic-sample-age-set Command
    • 17.3.8. The statistic-sample-age-set-all Command
    • 17.3.9. The statistic-sample-count-set Command
    • 17.3.10. The statistic-sample-count-set-all Command
  • 17.4. Time Series
• 18. Management API
  • 18.1. Data Syntax
  • 18.2. Using the Control Channel
  • 18.3. Commands Supported by Both the DHCPv4 and DHCPv6 Servers
    • 18.3.1. The build-report Command
    • 18.3.2. The config-get Command
    • 18.3.3. The config-reload Command
    • 18.3.4. The config-test Command
    • 18.3.5. The config-write Command
    • 18.3.6. The leases-reclaim Command
    • 18.3.7. The libreload Command
    • 18.3.8. The list-commands Command
    • 18.3.9. The config-set Command
    • 18.3.10. The shutdown Command
    • 18.3.11. The dhcp-disable Command
    • 18.3.12. The dhcp-enable Command
    • 18.3.13. The status-get Command
    • 18.3.14. The server-tag-get Command:
    • 18.3.15. The config-backend-pull Command:
    • 18.3.16. The version-get Command
  • 18.4. Commands Supported by the D2 Server
  • 18.5. Commands Supported by the Control Agent
• 19. Logging
  • 19.1. Logging Configuration
    • 19.1.1. Loggers
      • 19.1.1.1. The name (string) Logger
      • 19.1.1.2. The severity (string) Logger
      • 19.1.1.3. The debuglevel (integer) Logger
      • 19.1.1.4. The output_options (list) Logger
        • 19.1.1.4.1. The output (string) Option
        • 19.1.1.4.2. The flush (boolean) Option
        • 19.1.1.4.3. The maxsize (integer) Option
        • 19.1.1.4.4. The maxver (integer) Option
        • 19.1.1.4.5. The pattern (string) Option
    • 19.1.2. Logging Message Format
      • 19.1.2.1. Example Logger Configurations
    • 19.1.3. Logging During Kea Startup
  • 19.2. Logging Levels
• 20. The Kea Shell
  • 20.1. Overview of the Kea Shell
  • 20.2. Shell Usage
  • 20.3. TLS Support
• 21. Integration With External Systems
  • 21.1. YANG/NETCONF
    • 21.1.1. Overview
    • 21.1.2. Installing NETCONF
      • 21.1.2.1. Installing libyang From Sources
      • 21.1.2.2. Installing Sysrepo From Sources
    • 21.1.3. Quick Sysrepo Overview
    • 21.1.4. Supported YANG Models
    • 21.1.5. Using the NETCONF Agent
    • 21.1.6. Configuration
    • 21.1.7. A kea-netconf Configuration Example
    • 21.1.8. Starting and Stopping the NETCONF Agent
    • 21.1.9. A Step-by-Step NETCONF Agent Operation Example
      • 21.1.9.1. Setup of NETCONF Agent Operation Example
      • 21.1.9.2. Error Handling in NETCONF Operation Example
      • 21.1.9.3. NETCONF Operation Example with Two Pools
      • 21.1.9.4. NETCONF Operation Example with Two Subnets
      • 21.1.9.5. NETCONF Operation Example with Logging
      • 21.1.9.6. Migrating YANG Data from Sysrepo v0.x to v1.x
  • 21.2. GSS-TSIG
    • 21.2.1. GSS-TSIG Overview
    • 21.2.2. GSS-TSIG Compilation
    • 21.2.3. GSS-TSIG Deployment
      • 21.2.3.1. Kerberos 5 Setup
      • 21.2.3.2. BIND 9 with GSS-TSIG Configuration
      • 21.2.3.3. Windows Active Directory Configuration
      • 21.2.3.4. GSS-TSIG Troubleshooting
    • 21.2.4. Using GSS-TSIG
      • 21.2.4.1. GSS-TSIG Automatic Key Removal
      • 21.2.4.2. GSS-TSIG Configuration for Deployment
    • 21.2.5. GSS-TSIG Statistics
    • 21.2.6. GSS-TSIG Commands
      • 21.2.6.1. The gss-tsig-get-all Command
      • 21.2.6.2. The gss-tsig-get Command
      • 21.2.6.3. The gss-tsig-list Command
      • 21.2.6.4. The gss-tsig-key-get Command
      • 21.2.6.5. The gss-tsig-key-expire Command
      • 21.2.6.6. The gss-tsig-key-del Command
      • 21.2.6.7. The gss-tsig-purge-all Command
      • 21.2.6.8. The gss-tsig-purge Command
      • 21.2.6.9. The gss-tsig-rekey-all Command
      • 21.2.6.10. The gss-tsig-rekey Command
• 22. Monitoring Kea With Stork
  • 22.1. Kea Statistics in Grafana
• 23. Kea Security
  • 23.1. TLS/HTTPS Support
    • 23.1.1. Building Kea with TLS/HTTPS Support
    • 23.1.2. TLS/HTTPS Configuration
  • 23.2. Securing a Kea Deployment
    • 23.2.1. Component-Based Design
    • 23.2.2. Limiting Application Permissions
    • 23.2.3. Securing Kea Administrative Access
    • 23.2.4. Securing Database Connections
    • 23.2.5. Information Leakage Through Logging
    • 23.2.6. Cryptography Components
    • 23.2.7. TSIG Signatures
    • 23.2.8. Raw Socket Support
    • 23.2.9. Remote Administrative Access
    • 23.2.10. Authentication for Kea’s RESTful API
  • 23.3. Kea Security Processes
    • 23.3.1. Vulnerability Handling
    • 23.3.2. Code Quality and Testing
    • 23.3.3. Fuzz Testing
    • 23.3.4. Release Integrity
    • 23.3.5. Bus Factor

Appendices

• API Reference
• Manual Pages
• Kea Messages Manual
• Configuration Templates
• Kea Flow Diagrams
• Kea Configuration File Syntax (BNF)
• Acknowledgments