If you think you may have found a security vulnerability in any ISC software, please take one or more of the following steps, as appropriate:
- Open a confidential GitLab issue (preferred) or send email to email@example.com - for BIND 9-related security issues
- Send email to firstname.lastname@example.org - for Kea DHCP-related security issues
- Send email to email@example.com - for Stork-related security issues
Emails to any of the above addresses automatically create secure, confidential issues in ISC’s GitLab instance.
- firstname.lastname@example.org - for any other security issues*
* If possible, we ask that you please encrypt your communications to the email@example.com address using the ISC Security Officer public key found on our PGP Key page. Our OpenPGP keys are also available from our FTP site.
Report non-urgent BIND 9 issues.
Report non-urgent Kea DHCP issues.
Report non-urgent Stork issues.
Report non-urgent ISC DHCP issues.
DNS and DHCP are critical to the Internet infrastructure. We appreciate your cooperation, assistance, and initiative in informing us of any bugs you may find in our software. If you think you may be seeing a potential security vulnerability in BIND 9 (for example, a crash with a REQUIRE, INSIST, or ASSERT failure), please open a confidential GitLab issue. For a potential security vulnerability in Kea DHCP, please report it to us immediately at the appropriate email address above. Please do not post security vulnerabilities on a public mailing list.
If you have a crash, you may want to consult our KB article What to do if your BIND, ISC DHCP, or Kea DHCP server has crashed.
BIND 9 Bugs/Feature Requests
To report a non-security-related bug or request a feature in BIND, please navigate to our GitLab instance and enter your issue there. You will have the option of marking your issue confidential, if necessary. You will need to create an account on GitLab, but you can link your credentials from another GitLab instance or social media account. Once you have logged your issue, you may follow up with us via email to firstname.lastname@example.org.
Kea DHCP Bugs/Feature Requests
Kea has an open bug database in GitLab. Before opening a new issue, please look and see if someone has already logged the bug you wish to report. You may be able to add information to an existing report, or to find a workaround or updated status on the issue that impacts you. We also track feature requests in the issue tracker, so please submit feature requests there as well. Often it is helpful to first post these requirements on the kea-users mailing list to clarify whether there is already a way to accomplish what you need.
Stork Bugs/Feature Requests
Users are invited to visit our Stork issues list in GitLab. Before opening a new issue, please look and see if someone has already logged the bug you wish to report. You may be able to add information to an existing report, or to find a workaround or updated status on the issue that impacts you. We also track feature requests in the issue tracker, so please submit feature requests there as well. Often it is helpful to first post these requirements on the stork-users mailing list to clarify whether there is already a way to accomplish what you need.
ISC DHCP Bugs
ISC DHCP’s open bug database migrated to GitLab in March 2019. If you previously reported an issue, you may need to re-report it in GitLab. You are welcome to log feature requests, but at this point, we are unlikely to add new features to ISC DHCP because the software has reached End-of-Life. Often it is helpful to post your issue on the dhcp-users mailing list to clarify whether there is already a way to accomplish what you need. We also recommend that ISC DHCP users consider migrating to Kea.
BIND 9, Kea DHCP, Stork, and ISC DHCP are open source software. We provide expert professional support for our enterprise users via support subscriptions. Please contact us to find out more about purchasing a support contract and contributing to our development work.
Due to a large ticket backlog and an even larger quantity of incoming spam, we may sometimes be slow to respond, especially if a bug is cosmetic or if a feature request is vague or low-priority. However, we truly appreciate and depend on community-submitted bug reports and will address all reports of serious defects.
Thank you for your support!