So I'm a little confused what's going on with Kea. There's a bunch of github issues and a couple of posts on here regarding whether or not Kea registers static and dynamic leases with unbound DNS. There's one here https://github.com/opnsense/core/issues/7475 where it looks like it does not register dynamic leases with unbound.
But, just out of curiosity I gave Kea a try and it does seem to register dynamic leases except I've seen an interesting behavior on my setup. I have 4 interfaces (3 of them are VLANs). I only seem to get the non-VLAN (my primary LAN interface) entries registered with unbound. All of the other interfaces do not have their dynamic lease hostnames registered with unbound.
I know I can workaround the problem with static leases and/or unbound DNS override entries, but given that one of the VLANs is my IOT vlan with lots of random devices, it's not a super scalable solution :)
Am I missing something here?
Thanks in advance for any thoughts.
Verify you have configured a domain in OPNsense:
OPNsense > System > Settings > General
Check to see whether your configured a domain under Domain Options in Kea DHCP > Kea DHCPv4 > (relevant) Subnet
From a client, try to ping the hostname (PC123456). Does it work?
From a client, try to ping the fqdn (hostname + domain, PC123456.domain.com). Does it work?
View the contents of host_entries.conf and dhcpleases.conf, under /var/unbound/
There is a fairly recent comment on the GitHub url you provided.
host_entries.conf contains static mapping; if you reserve a ip address for a MAC in Kea DHCP and also enter something in the hostname column.
Kea Dhcp does not communicate with Unbound in regard to dynamic entries, however, look at the script provided which utilizes hooks-libraries provided in Kea.
UPDATE I'm switching to to use Dnsmasq (https://docs.opnsense.org/manual/dnsmasq.html) after finding the issue discussing adding Kea (https://github.com/opnsense/core/issues/6971).
Who do we have to lobby for OPNSense to officially adopt the code in GitHub #7475 (https://github.com/opnsense/core/issues/7475)? With ISC being EOL'd it would be really nice to officially have the option to enable this old Unbound/ISC integration feature. Based on the ~800 views of this forum post, it's a popular feature!
I am concerned about the maintainability of manually making the changes to enable the hook script in #7475. The instructions are spread across several of the issue's comments and not entirely clear... but I think I would need to manually modify OPNsense XML and register some other functions to get the hook script to work correctly. But what will happen on upgrades?
Similar requests:
- https://github.com/opnsense/core/issues/8329
- https://github.com/opnsense/core/issues/8617