2.5.6

Enterprise DDI 2.5.6 brings DHCP custom option spaces and various enhancements and bug fixes.

• New Features
  • DHCP: custom option spaces enabling sub-options to be created for options in the standard option space; API only.
• Feature Enhancements
  • DHCP: Leases persist upon DHCP container restart when using a persistent data volume in docker
  • Portal: DHCP Remote server can now be configured with nonsecure, nonsecure then secure, and secure only updates, in line with Microsoft AD DNS
  • Portal: Domain names can now contain underscores
• What’s fixed?
  • API: The /service endpoint now includes DNS service definitions
  • DHCP: Reduced load on the data layer when adding new leases to the system
  • DNS: Fixed an issue where a DNAME record did not properly occlude non-apex records
  • Portal: Dark mode tooltips are easier to read
  • Portal: Fixed an issue when visiting to the login page would immediately present an “Unauthorized” error message
  • System: Fixed an issue that prevented changing the number of DNS processes in the DNS container to a lower value
  • System: Fixed an issue where logging in the DNS container would hang
• Known issues
  • Portal: Service definitions with duplicate names will not properly display

2.5.5

Enterprise DDI 2.5.5 brings an all new user interface for working with zones and records to the Portal, as well as a number of DHCP enhancements and many bug fixes.

• New Features
  • Portal: Added hotkeys for navigation and common tasks (e.g. create zone) in DNS interfaces; view available hotkeys by pressing ? and opening the hotkey menu
• Feature Enhancements
  • Portal: Updated interface pages for DNS to improve navigation, reduce negative space, and consistency of experience with IPAM and DHCP pages
  • DHCP: DHCP DDNS update behavior is now configurable per remote server as secure-only, unsecure-then-secure, or unsecure-only (API only)
  • DHCP: Added a revised leases page to the Portal improving readability
  • System: Reduced the DHCP container image size by 58%
  • DHCP: It is now possible to assign multiple IPv6 addresses and reservations per hardware ID within a scope
• What’s fixed?
  • DHCP: Fixed an issue where removing a DHCP service definition and its association to a Scope Group would not remove the DHCP configuration from the DHCP container
  • DHCP: Fixed an issue where a large number of leases over a short amount of time could lock up the data container
  • DNS: Fixed an issue that caused the Geotarget Country filter to stop working over time when using geographic subdivisions
  • IPAM: Fixed error response issue where creating an address object without the status parameter returned an internal server error
  • Monitor: Ping monitor now works as expected
  • Portal: Fixed issue with Unauthorized errors appearing at the login page after bootstrapping
  • System: Fixed an issue where the management interface would not serve TLS upon first boot, even if configured properly
  • System: Fixed an issue where selecting only view permissions on IMAP/DHCP would result in a view that was not read only
  • System: Internal services have had hyphens removed from their names and are now more CA friendly
  • System: Fixed an issue where failed 2FA login attempts were logged as successful logins in the Activity Log
  • System: Fixed an issue which caused a large amount of spurious logging from all containers
  • System: Fixed an issue which prevented operators from resetting 2FA for users
  • System: Fixed an issue that prevented Strict Transport security from working properly when using custom settings
  • System: Fixed activity log entries for management of accounts’ two factor authentication (2FA)
  • System: Fixed service proxy connection leak
  • System: Fixed an issue where data containers would not restart correctly if in clustered mode
• Known issues
  • API: Scope Group names are not unique per organization which may lead to confusion
  • Portal: DHCP leases tab requires a refresh in order to display the correct leases
  • Portal: Visiting the portal login page shows an unauthorized error message before login. Workaround: Close message and login
  • System: Database restore can sometimes hang. Workaround: Manually stop these services before restore - seed_db, seed_tsdb, mem_db, timeseries_db, main_mq, telegraf - using sv force-stop
  • System: Database restoration from a lower version, then upgrading the database will not work as expected.

2.5.3

Enterprise DDI 2.5.3 brings a large number of UI and API bug fixes.

• Feature Enhancements
  • API: The records API now requires record type along with the record name when requesting a paginated set of records
  • API: The GET /ipam/address/:id/adjacent route now distinguishes between a bad prefix and no adjacent addresses upon error
  • DHCP: Reduced the amount of spurious logs generated by the DHCP container
  • Monitoring: Logging is more consistent with the rest of the applications
  • Monitoring: It is now possible to disable TLS verification on HTTP jobs
  • System: Updated to the latest GEO country codes across the product
• What’s fixed?
  • API: It is now possible to change a Service Definition’s name without supplying its properties
  • API: The GET /zones/:zone/dnssec route now returns the correct data
  • API: Multiple fixes regarding the /dhcp/scopegroup endpoint
  • API: Reverted to previous default values for rate limits
  • API: IPAM search now properly filters based on the tag provided
  • DHCP: Fixed an issue where restarting the DHCP container may cause it to stop handing out leases
  • DDNS: Creating duplicate DDNS zones in a single scope group is now prevented
  • DNSSEC: Performing a KSK rollover now works as expected
  • Portal: It is now possible to untoggle DHCPv6 in a scope group
  • Portal: Fixed an issue when editing a remote server's KDC FQDN causes the remote DNS to reset to 127.0.0.1
  • Portal: Fixed an issue when creating a remote zone using the same FQDN but different scope groups causes duplicate entries
  • Portal: The DDNS reverse zone page now displays correctly for /16 or larger scopes
• Known issues
  • Monitoring: API validation prevents creation of jobs to monitor private IP addresses (RFC 1918, RFC 4193, etc.)
  • Monitoring: monitoring_edge containers cannot deploy downstream of distribution (dist) containers; workaround is to configure monitoring_edge containers connecting directly to core containers
  • Portal: No objects appear if a user only has the View IPAM/DHCP permission without Manage IPAM/DHCP
  • Portal: Activity log incorrectly shows a successful login even if it was not successful when using 2 Factor Authentication

2.5.2

Enterprise DDI 2.5.2 brings a large number of UI feature enhancements related to AD DNS and DHCP.

• Feature Enhancements
  • System: Reduced core container’s size on disk by 5.36%
  • Monitoring: HTTP monitoring jobs support specification of a Host to check Virtual Hosts and SAN certificates
  • Portal: Principals with the same SPN are disambiguated by showing the Principal ID and Key type
  • Portal: Principals now show a friendly name for name and encryption type
  • Portal: Remote Servers from the DHCP Remote Servers tab can now be deleted
  • Portal: Various UI improvements
  • Portal: Multiple improvements to handling Service Principals in Keytab upload
  • DHCP: Custom DHCP option definition no longer require a description
  • DHCP: AD DNS allows for configuration of a qualifying suffix which appends to the hostname if the DHCP client provides no domain
• What’s fixed?
  • Portal: Fixed the Bootstrap UI creation of Service Groups and Service Definitions
• Known issues
  • System: The system will output a large volume of logs related to internal health checks
  • Portal: Scope groups cannot be created with DHCPv6 enabled in the portal; to bypass this issue, create scope groups via the API
  • Portal: Custom DHCP Option keys cannot contain uppercase characters; to work around the issue keys must be in all lowercase characters
  • Portal: The Remote Server modal window does not allow switching between Secure and Insecure modes
  • API: IPAM search endpoints currently return all address objects disregarding the query parameters for tags and non-existent network identifiers

2.5.1

Enterprise DDI 2.5.1 brings tag-based permissions for granular access control of IPAM and DHCP resources. This version also introduces the ability for the NS1 DHCP server – on behalf of a DHCP client – to send insecure or GSS-TSIG secured DDNS updates to a Microsoft DNS server.

• New Features
  • AD DDNS: Connect remote servers, remote zones and Scope Groups to configure NS1 DHCP to send insecure- or GSS-TSIG secured DDNS updates to a Microsoft DNS server on behalf of a DHCP client
  • IAM: Tag-based permissions allow granular access control of IPAM and DHCP resources (API only)
• Feature Enhancements
  • DNS: Added validation and controls to prevent requests removing required configurations of filter chains
  • IAM: Team names now allow special characters < > and &
  • Portal: Usernames can now be up to 64 characters in length
  • System: Container disk space footprint reduced by as much as 33%
• What’s fixed?
  • Security: Recursive resolver has been patched to prevent CVE-2020-12662 and CVE-2020-12663 (NXNSAttack)
  • API: Character validation of usernames is now working as expected
  • API: Made response consistent with other DELETE methods for the v1/ipam/address/{id}/pool/{id} endpoint
  • API: Fixed issue with API pagination for a domain with multiple record types where records could be truncated from the next page’s list
  • API: Service definitions no longer require the properties field when created
  • DHCP: Fixed an issue where lease information did not appear under scopes in the portal
  • DHCP: Fixed an issue where DHCP options would sometimes fail to apply to leases
  • DHCP: Fixed an issue where an extra, blank scope could be generated when adding a subnet to a scope group
• Known issues
  • AD DDNS: GSS-TSIG updates fails when using principal with AES256-SHA1 encryption
  • DHCP: Updates are poorly formatted when sending to an AD DNS server where the DHCID record exists
  • System: Enabling strict communication between containers causes inter-container connectivity to fail
  • Portal: Creating a new Remote Connection after creating one will pre-populate the fields with the existing info.
  • Portal: Bootstrap UI does not create DHCP service group and definition

2.5.0

Enterprise DDI 2.5.0 brings API bulk operators, DHCP Client Classes and provides early access to Service Principal Management and Remote Servers for use with GSS-TSIG / AD DNS and contains several fixes and enhancements

• New Features
  • API: Added bulk operations endpoints for IPAM and DHCP tagging at scale
  • DHCP: Support for Client Classes via API added
  • Portal: Remote DNS server and Service Principal Management for use with GSS-TSIG / AD DNS available in the Portal
• Feature Enhancements
  • API: IPAM/DHCP tag data model has changed to consolidate tags, inherited tags and key/value pairs into tags, extending tag inheritance to network, subnet, pool, scope group, scope and reservation
• What’s fixed?
  • API: Character validation of usernames is now working as expected
  • DNS: increased maximum NX TTL value from 10,800 to 86,400
  • System: Removed spurious log messages for disabled health checks
  • System: Database upgrade utility no longer outputs a spurious error when completing successfully
  • System: It is now possible to delete a Service Definition
• Known issues
  • DHCP: Updates are poorly formatted when sending to an AD DNS server where the DHCID record exists
  • DHCP: Both DHCID and A/PTR records must already exist in order for updates to proceed. As a result, current behavior is that AD DNS returns NXRRSET on update query (and update fails) when prereq is included but either DHCID or A/PTR records do not exist.
  • API: ipam/address/{id}/adjacent and ipam/address/{id}/adjacent?previous=true routes may not return valid addresses
  • API: Requesting a zone with a large amount of records and a high record limit will return a 500 internal server error

2.4.3

Enterprise DDI 2.4.3 brings IP Ranges to the Portal and contains several fixes and enhancements.

• New Features
  • Portal: IP Ranges for DHCP are now able to be managed via the Portal
• Feature Enhancements
  • System: Email addresses can now be used as usernames to log into the portal
  • Portal: There is now a warning displayed when assembling teams with mixed rights to the same sections (DNS, IPAM, DHCP, user management)
• What’s fixed?
  • System: Fixed an issue where the container management daemon would store a corrupt configuration
  • Portal: It is now possible to see typed characters in the metadata search window
  • Portal: Team names will now be correct in the Team IP Whitelist window
  • Portal: Fixed ‘drag and drop’ operations for Firefox
  • IPAM: It is now possible to create an IP Range that starts at .0
  • IPAM: Fixed an issue where searching for an ipv6 address would fail with a validation error
  • DNS: Fixed an issue where retrieving certain records from the API would return a 500 Internal Server Error
  • DNS: Fixed an issue where updating data feeds with metadata containing geo information would return a 400 Bad Request
  • DNS: The Up data feed now works as expected
  • DNS: The note metadata field on a record will no longer remove ‘\’ characters
• Known issues
  • DHCP: Under heavy load, DHCP pool may be removed and cause DHCP NACKs
  • DHCP: Updating a Scope Group from the API with ‘{}’ will not take effect
  • DHCP: Expired leases may not be properly removed from the dist container
  • Portal: Global search may tack on irrelevant search data
  • Portal: Synthesized PTR records do not display in the wildcard record view for that zone

2.4.2

Enterprise DDI 2.4.2 contains new geo-steering granularity, several fixes and enhancements.

• New Features
  • DNS: Additional ISO-3166-2 country subdivisions are available for geotarget country and geofence country filters; import premium versions of Maxmind’s GeoIP databases to take full advantage of additional geo-steering granularity; all subdivisions can be referenced in the new endpoint v1/metatypes/geo
• Feature Enhancements
  • Portal: Records now show the number of answers they have
  • IPAM: Search now works across all networks
• What’s fixed?
  • DNS: Creating a record with no answers will no longer cause the zones api and portal page to fail
  • DNS: Fixed an issue which prevented configuring DNS forwarding via supd UI and CLI
  • DNS: Fixed a regression where the number of zones in an organization were limited to five thousand
  • DNS: Fixed a regression where the number of records in an organization were limited to one million
  • Portal: Fixed numerous UI issues related to Record Level permissions
  • API: Spaces will now be stripped from the address range when creating an IP range
  • API: Fixed POST requests to /v1/account/apikeys/ resulting in 500: Internal Server Error responses
• Known issues
  • DHCP: Creating or modifying scope groups without DHCPv4 or DHCPv6 enabled yet passing in parameters for DNS synthesis will result in DHCPv4 being enabled and the .com TLD chosen as the zone for synthesis; enable DHCPv4 or DHCPv6 to avoid this misconfiguration
  • DNS: Specific countries in the country list without subdivision data return 500: Internal server errors when configured on answers (e.g. Chad, Bermuda, etc.); upcoming fix will respond with 400 response codes instead in these cases

2.4.1

Enterprise DDI 2.4.1 introduces the front end to control record level permissions.

In addition, 2.4.1 contains several fixes and enhancements.

• New Features
  • Portal: Record-level permissions are now configurable in the Portal in Account Settings -> Users & Teams
• Feature Enhancements
  • DHCP: Planned subnets and hosts will not be added to DHCP pools
• What’s fixed?
  • IPAM: Fixed an issue that allowed a user to delete an IPAM network in a different organization
  • System: Database restore now works correctly on HA Data clusters
  • DNS: The system no longer allows you to incorrectly add a zone ending with a ‘.’
  • DDNS: DHCP will now respect the configured zone and prefix if the host provides a FQDN
  • Portal: Multiple style fixes for the search page
  • Portal: A host with a reservation will no longer present the option to set a reservation
  • Portal: A zone with a DHCP filter to a DHCP Scope group should not show entries outside it's domain
• Known issues
  • Portal: A service definition can not be removed from a scope group. Workaround: Use the api
  • DNS: Records with no answers will cause the zones api (and as a result, the Portal zones page) to fail
  • System: Service definitions can not be deleted

2.4.0

Enterprise DDI 2.4.0 introduces record-level permissions and DHCP ranges. Record-level permissions include record-type and subdomains in a given zone. DHCP ranges allows an administrator to create a DHCP scope for range of IPs within a subnet.

In addition, 2.4.0 contains several fixes and an enhancement.

• New Features
  • DHCP: IP Ranges can now be defined in IPAM as a logical range of addresses within a subnet and can be added to a scope (API only)
  • DNS: Added record-level permissions including record-type and subdomains in a given zone (API only)
  • Portal: Added search page for viewing and filtering search results returned for DNS or IPAM objects
  • Portal: Added “dark mode” which can be toggled via hotkey menu “?”
• Feature Enhancements
  • System: Database backups are now compressed
  • DDNS: Synthesized records now appear in the Portal under the wildcard record they belong to
• What’s fixed?
  • DNS: TLD now allows wildcard records
  • DHCP: Fixed a race condition that could cause the DHCP container to not receive its scopes properly
  • Portal: The window to edit DHCP options is now more spacious
  • IPAM: Improved performance when adding new IPAM objects
  • DNS: asn-routing filter now works properly
• Known issues
  • Portal: Portal hangs while creating a host reservation in the Portal without a zone in the system
  • DHCP: The portal and API will allow you to not select a DHCP service when setting scope group options. This will cause unpredictable DHCP behavior. Workaround: Choose at least one of DHCPv4 or DHCPv6
  • Portal: Synthesized records for different zones may appear in the wildcard record for a zone