3.2.4

Enterprise DDI 3.2.4 includes key stability, DHCP, UX performance and bug fixes.

• What’s fixed?
  • DHCP: Batch updates for leases to improve overall performance
  • DHCP: Enable multiple DDNS zones per scope groups for NS1 DDNS
  • DHCP: Relays are not being set when creating a scope
  • DNS: Cannot change DNS Service Group associated with a zone
  • DNS: Cannot create tags with empty string for bot zones and record objects
  • DNS: Fixed handling of non-FQDNs during IXFR
  • DNS: Fixed migration from older versions of DDI that do not have DNS Tagging
  • Monitoring: Target IP does not support private IPv4 addresses
  • Portal: Add secondary zone - primary IPs not being displayed in portal
  • Portal: “By Tags” filter in IPAM networks does not work in portal
  • Portal: Persist show reverse zones checkbox
  • Portal: Performance improvements to support mid-sized deployments
  • System: Resolved an issue where restarting data containers resulted in configured options reverting to bootstrapped values
  • System: Increased max_connections to 200
  • System: Improved handling of search queries with malformed arguments
  • System: server_id and pop_id should only be enabled at the node level
  • System: Resolved an issue where removal of a configuration could cause the container to go out of sync

3.2.3

Enterprise DDI 3.2.3 contains several major new features and bug fixes.

• New Features:
  • Cloud-sync: AWS RTE53 support for VPC’s, Zones and Records
  • DHCP: Custom Options
  • DHCP: Relay Agent Support
  • DHCP: Ping Check Support - Ping before giving out a lease
  • DHCP: PXE Boot Support
  • DHCP: Support multiple target DNS servers for one zone
  • DHCP: TSIG, GSS-TSIG support
  • DNS: GSS-TSIG support
  • DNS: Tag support for records and zones
  • IPAM: Get Next Subnet and Address
  • Portal: Dashboards for DHCP and DNS
  • System: Service Control Center: Bootstrap support, centralized maintenance of containers
• Feature enhancements:
  • DHCP: On Editing DDNS Settings for the scope group, the existing zone name is now displayed as a value.
  • DHCP: Template CRUD for Scope/Reservation/Pool
  • IPAM/DHCP: Enhancements to metadata tags and corresponding tag inheritance enables efficient search and discovery of IPAM and DHCP assets
  • System: improved the labels and description of configuration options in SCC
  • System: show the associated Service Definition for each container in SCC
• What’s fixed?
  • API: Cannot delete org via the operator key in IPAM/DHCP endpoints
  • API: Creating a zone in a service group fails with error 500
  • API: Show context help on tag restrictions next to tag mgr elements in "create object" modal
  • API: Value of 0 in SOA record results in internal server error
  • API: Setting secondary IP ACL against zone object to CIDR network fails
  • DHCP: Edit DDNS Settings" on the DHCP Scope Group no longer works
  • DHCP: Even though the update is successful, we still log an "unsupported value type"
  • DHCP: Selecting multiple servers as the target for a remote zone causes the UI to not display that anything is configured in the DDNS configuration modal
  • DHCP: Remote server in ALL mode; updating remote servers is serial resulting in delayed updates during 1 server's failure.
  • DHCP: Assigned/planned status is not always honored when creating subnets or changing them in the metadata panel
  • DHCP: No warning message when delete in-use client class
  • DHCP: After loading a large number of DHCP scopes and reservations, the scope group can no longer be displayed. Portal fails with "Internal Server Error".
  • DHCP: Can't remove the last client class from the scope group because the "submit" button is disabled when the client class list is empty.
  • DHCP: If relays were passed on scope creation those relays are not being set.
  • DHCP: The usage bar and number appearing under the "Usage" tab for both Scope Groups and Scopes show 0%, despite a Scope being completely used by leases.
  • DNS: Fixed an correct response with overlapping tags
  • DNS: Fixed XFR scheduler race condition which results in multiple schedulers being created
  • DNS: Creating a secondary zone automatically enables TSIG
  • DNS: Creating a new zone in UI and uploading file results in unresolvable resource records
  • DNS: DDI no longer supports RDNS stats - error 500
  • DNS: It should not be possible to put two zones with the same FQDN into the same view. This applies to default views as well.
  • DNS: Blocking Inheritance of tags in DNS
  • DNS: Applying a tag in filtered record view applies the tag to the first record (even if it was intended for another record)
  • DNS: Prereq windows appears to send a specially crafted nonsecure update packet which AD - DNS responds to with noerror, even if updates on zone are secure only.
  • IPAM: Updates to a linked record in the IPAM address update endpoint do not actually update the linked record.
  • IPAM: ipam/address/merge endpoint will set all merged tags to local_tags when some should be considered inherited
  • Monitoring: Cannot set the target "IP address or hostname" field of a new monitor to a private IPv4 address.
  • Monitoring: Update status locally
  • Portal: Portal window goes blank when selecting (viewing) a client class with a vendor-encapsulated-options-space Option associated with it.
  • Portal : Scope edit settings UI fails
  • Portal: When using the ALL update strategy for remote servers on a DDNS remote zone, the logs only show that one server is updated multiple times.
  • Portal: Dashboard, fix View DHCP permissions when user is not authorized
  • Portal: Dashboards, LPS without scope groups
  • Portal: Can't return to the TAGs tab after clicking on ANSWERS tab
  • Portal: Hyphens still ignored by portal
  • System: IP whitelisting on team not applied
  • System: HAProxy timing out when migrator/upgrade and restore tasks take too long
  • System: SCC: Service Definitions don’t work after global values
  • System: SCC: Node specific “Clear All” in the UI does not work
  • System: SCC: Disable node specific config options
• Known Issues:
  • Database: Any sufficiently populated database will start exhibiting massive CPU usage spikes every 30 seconds.
  • Monitoring: Currently, unless running in net=host, the monitor container will advertise its docker IP to the rest of the cluster to connect to due to it being unaware of the actual host IP.

2.5.9

Enterprise DDI 2.5.9 includes key stability bug fixes around DNSSEC key handling, AD user, groups and DNS permissions.

• What’s fixed?
• DNS: Fixed an issue where the DNSKEY record could fail to update when key is generated or deleted
• DNS: Fixed an issue where an in incorrect ZSK could be deleted from the DNSKEY cache when disabling a ZSK
• Portal: Fixed several DNS permissions issues when using RBAC
• System: Fixed an issue where hyphens were not supported in AD users or groups

3.2.1

Enterprise DDI 3.2.1 contains several major new features and bug fixes.

• New Features:
  • API: new next address endpoint able to retrieve next available subnet of a specified size.
  • DHCP: ability to configure a ICMP or ARP ping check before issuing an IP in a lease.
  • DHCP: it is now possible to assign multiple target DNS servers to a remote zone
  • DHCP: DHCP Option templates for Scope Groups.
  • DHCP: remote servers can now be configured for TSIG updates.
  • Monitoring: HA for monitoring edge containers.
  • System: Service Control Center (SCC): improved bootstrapping wizard and service health checks and operator portal.
  • Portal: new landing page with dashboards for: QPS, monitoring, DNS/DHCP/IPAM activity.
  • Portal: IPAM/DHCP tagging with inheritance.
• Feature enhancements:
  • Portal: extended search functionality.
• What’s fixed?
  • DHCP: resolved an issue where restricting a subnet to a specific Client Class did not work.
  • DNS: Fixed an issue where changing the DNS network resulted in a server error
  • IPAM: splitting a subnet in IPAM creates local tags when it should inherit them.
  • Monitoring: the target IP address of a monitoring task can now be a private IPv4 address.
  • Portal: resolved an issue where option codes could not be re-used in separate DHCP
  • System: Resolved an issue where health checks could report invalid state.
    option spaces.
  • Portal: resolved an issue where the DHCP filter was not available in the list of filters.
  • Portal: Bootstrap portal does not force password length validation.
• Known Issues:
  • IPAM: merging two subnets in IPAM creates local tags when it should inherit them.

3.1.5

Enterprise DDI 3.1.5 contains several bug fixes.

• What's fixed?
  • DHCP: Fixed an issue where lease may have been lost when the Core container goes unhealthy
  • DHCP: It is now possible to disassociate a Service Definition from a Scope Group that has active leases
  • DNS: Fixed an issue where the DHCP filter was no longer available
  • DNS: Fixed an issue where changing the DNS network resulted in a server error
  • Portal: Fixed an issue where DHCP and IPAM tabs in the Portal were missing after first bootstrap
  • System: Fixed an issue where multiple Core containers could not reach the database when the Data containers are configured in Manual Failover mode
  • API: When omitted, the manage_auth_tags permission is now added by default and set to true when creating a user or key

3.1.4

Enterprise DDI 3.1.4 introduces the ability to control how the DHCP server performs client matching using the client identifier and MAC address. In addition, several DHCP related improvements: the ability to configure a relay address on a subnet, the ability to create DHCP reservations using the MAC, Client ID, DUID or Circuit ID in the portal.

• New Features
  • DHCP: It is now possible to configure match-client-id on Scopes and Scope Groups. This allows client-class selection to use a combination of both the client identifier and the MAC address or just the MAC address
• Feature Enhancements
  • DHCP: it is now possible to delete a Scope and its associated DHCP reservations in one operation after confirmation
  • DHCP: the DHCP reservation workflow now supports DNS Views for host and reverse record
  • DHCP: NS1 DDNS now supports DNS views
  • DNS: Improved performance of DNS API endpoints
  • DNS: Improved performance of AD DDNS updates
  • IPAM: Portal optimized when fetching the next available addresses
  • Portal: Initial bootstrapping wizard now requires passwords to be entered twice and match
  • Portal: can now create DHCP reservations based on MAC, Client ID, DUID or Circuit ID
  • Portal: it is now possible to search for subnets by starting octets
  • Portal: it is now possible to search for subnets by one or more tag and tag:value pairs
  • Portal: It is now possible to specify a relay address on a Scope
• What’s Fixed
  • DNS: Fixed a potential connection leak in the DNS container
  • DNS: the MNAME for a DNS zone which is contained in a DNS view now reflects the correct nameserver
  • IAM: Fixed users and apikeys endpoints to set ‘manage_auth_tags’ to true unless explicitly set to false per API convention
  • IAM: Fixed Internal Server Error when creating API keys with only a name in the request body
  • Portal: Fixed an issue where Option 43 could not be applied to a ScopeGroup or Client Class
  • Portal: Fixed several UI issues related to Client Classes
  • Portal: Fixed an issue where DHCP Reservations could not be removed in the DHCP tab
  • Portal: DHCP Standard options checkbox now responds correctly
  • Portal: nameservers are now shown correctly for a DNS zone contained in a DNS view
  • Monitoring: Operational metrics are now correctly being collected for the monitor container
  • System: Fixed an issue where services attempted to listen on IPv4 and IPv6 when IPv6 was manually disabled
  • System: Corrected the /v1/network endpoint to return DNS service definitions instead of Service Groups. Fixed several locations in the Portal which uses that endpoint
  • System: Fixed inability to use hyphens in data_host hostnames.
  • System: Fixed an issue where the supd UI could not be displayed
• Known issues
  • DHCP: Disassociating a service definition from a scope group with active leases fails

3.1.3

Enterprise DDI 3.1.3 brings DHCP relays, custom option spaces and client match class management as well as a number of performance improvements and bug fixes.

• New Features
  • DHCP: Added the ability to specify DHCP relay IP addresses on a scope for subnet selection
  • Portal: It is now possible to create custom option space and encapsulate them
  • Portal: DHCP Client Class Match management
• Feature Enhancements
  • API: IPAM search endpoint can now sort by prefix and mask
  • API: IPAM search endpoint can now filter on multiple masks
  • API: Increased performance of all the IPAM insert endpoints
  • Portal: Increased performance of IPAM, DHCP and DNS portal
  • System: Added new exportable metrics to track internal connection state
  • System: Added new health check for stale data to detect propagation issues in Dist containers
  • XFR: Increased performance and scaling of XFR service
• What’s Fixed
  • API: Increased default rate limit for zones and records
  • API: Fixed an issue where users associated with a team do not correctly inherit tags_deny from a group
  • API: Fixed an issue where record Level Permission No Longer Working on Paged Records
  • DHCP: It is now possible to change the Reservation Identifier on a reservation
  • DNS: Fixed an issue where the DNS container would send a SERVFAIL when the client edns udp payload size is 0
  • System: Fixed an issue where the Data container configuration would not save properly during the bootstrap wizard
  • System: Fixed an issue where cluster mode health checks could hang indefinitely and use up resources
  • System: Fixed an issue where the Core container could sometimes report healthy after boot too early
  • System: 5 node HA Data cluster mode now works properly
  • System: Health checks for the Data and Core containers will no longer show as “Unhealthy” before bootstrap
  • System: Fixed an issue where the Dist container would suddenly permanently stop replicating data from core
  • System: HA Data Cluster mode no longer incorrectly requires the environment variable DATA_PRIMARY to be set
• Known issues
  • API: "manage_auth_tags": true is not added by default to empty permissions body, this prevents adding auth tags when API convention says it should be allowed
  • DHCP: Windows presents an error that states “Changing the Primary Domain DNS name of this computer failed” when joining a Windows domain

2.5.8

Enterprise DDI 2.5.8 includes key stability bug fixes around data propagation and data health.

• What’s fixed?
  • System: Fixed an issue with the HA Data container health check where the system could exhaust resources upon stuck health checks
  • System: Fixed an issue where the Dist container would suddenly permanently stop replicating data from core

3.1.2

Enterprise DDI 3.1.2 brings DHCP Option Spaces management to the Portal, as well as performance and stability improvements and many bug fixes.

• New Features
  • DHCP: Added the ability to configure decline-probation-period (API only)
  • Portal: Added management of DHCP Option Spaces
• Feature Enhancements
  • DHCP: Client classes can now be associated with multiple scope groups, and vice versa
  • System: Removed spurious HAProxy warnings from logs
  • System: Removed spurious TSDB health warnings from logs
  • System: Improved long term stability of the Core container while under load
  • System: Added an improved health check for the monitoring process
  • System: Added an improved health check for the API process
  • System: Increased performance of the control plane
  • System: Auto-generated certificates are now ECDSA
  • System: Added more logging to the Data container while in HA mode
  • Monitoring: Added the ability to configure max_reconnect_attempts and reconnect_backoff_interval to allow for connectivity issues on container startup
• What’s Fixed
  • API: Fixed an issue that caused updating a team to fail, if the users were in the body of the message and not permissions
  • API: Fixed an issue that caused the API to return 404 when trying to reset a password
  • API: Existing TSIG is retained when making unrelated updates to a zone
  • API: Fixed an issue where deleting a data source with feeds caused a 500 error
  • DNS: Fixed an issue where adding new zones would fail when using multiple organizations
  • DNS: Fixed an issue with incorrect mname in SOA record being set when not selecting a network for a zone
  • System: It is now possible to use “strict mode” when using custom transport certificates
  • System: Fixed an issue where API connections were not cleanly closed and could add up
  • Monitoring: Fixed an issue where the monitor container would fail to connect to Core
  • Portal: Fixed an issue where invite URL’s would redirect to the login page
  • Portal: Fixed an issue where DNS service definitions would appear in the Service Definition dropdown on the DHCP Scope Group configuration modal
  • Portal: Fixed an issue where creating a zone without a Network selected still resulted in a network being selected
• Known issues
  • DHCP: Empty Option Spaces can only be deleted via the API
  • DHCP: New lease information may be lost if the Core container restarts or dies
  • Portal: It is not possible to click the “Show Standard Options” checkbox when viewing DHCP Options
  • Portal: It is not possible to create a custom option with an option code that exists in any other option space
  • Portal: No nameservers are shown on the nameservers tab

2.5.7

Enterprise DDI 2.5.7 brings some system stability improvements and fixes for the Monitoring container.

• Feature Enhancements
  • System: Added an improved health check for the monitoring process
  • System: Added new health check for stale data to detect propagation issues in Dist containers
  • Monitoring: Added the ability to configure max_reconnect_attempts and reconnect_backoff_interval to allow for connectivity issues on container startup
• What’s fixed?
  • Monitoring: Fixed an issue where the monitor container would fail to connect to Core
  • System: Fixed issue validating invite tokens generated by operator endpoint for password resets (ops/account/{org-id}/user/{username}/password/reset)