Messages

Hi all — I've been following this topic and wanted to share something I built that I think addresses exactly this problem.

**os-kea-ubnd-ddns** is an OPNsense plugin that bridges Kea DHCP → Unbound DNS directly, without Bind. It runs a lightweight RFC 2136 stub listener that receives DNS UPDATE packets from `kea-dhcp-ddns` and applies them to Unbound via `unbound-control` — so you get real-time hostname registration when a lease is issued - no zone files, no journal corruption, no `.jnl` cleanup.

This looks pretty neat, I'll take a look.

Hello,

depending on what you need, Dnsmasq might be the better choice for you. It can do forward and reverse DNS with Unbound, and also work with dynamic residential setups. That's why its our default DHCP and Router Advertisement daemon.

https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration

The above KEA change is for users, who have another Router behind their OPNsense, that should receive a delegated prefix (IPv6) from the OPNsense.

ISP (dynamic IPv6 Prefix) -> OPNsense -> Router2

Gotcha, I use Dnsmasq with dynamic IPv6 prefixes now but and I was thinking this patch would allow for using Kea with similar functionality.

My current setup works pretty smoothly but for some reason I enjoyed the process of using/configuring Kea more than I have Dnsmasq but there's no need to mess with what is working well. Thank you for the quick response!

Thank you, I'm excited to give this a try. I know this has been in the works for a while.


To make sure I'm understanding this and the new DDNS functionality correctly:

My (potentially flawed) understanding from the documentation is that using Kea with Unbound as the DNS doesn't allow for reverse DNS lookups. Is that still the case?

If it works for you right now better wait for a while. No need to change anything.

Will do, I appreciate the feedback.

I apologize if I've missed something in this thread but I'm not sure how best to implement my current IPV6 DHCP setup with Kea or dnsmasq.

My current IPV6 setup is based on this guide: https://github.com/lilchancep/att-pfsense-ipv6

In short, when my WAN interface is configured to run a script which requests IPV6 prefixes from AT&T to be delegated for each my my vlans. Each VLAN interface uses the "Tracking" option for IPV6 to determine its delegated prefix. I believe selecting "Tracking" means that SLAAC is used to determine addresses for each device but I may be wrong. Is there a way in Kea or dnsmasq to duplicate this functionality or is it best that I sit tight until the dust settles on the changes that are being worked on?

In the most basic IPv6 setup you only need Router Advertisements, these will allow your clients to generate a SLAAC address, the default gateway, and you can also get a DNS server option.

DHCPv6 is when you want to hand specific addresses and options to the clients that RA cannot do.

So for you probably only RA is important.

That makes sense, I'm guessing it would work for AT&T Prefix delegation scenarios like this https://github.com/lilchancep/att-pfsense-ipv6, right?

I got the same thing, nothing is broken but it has piqued my curiosity.