Messages

In dnsmasq you cannot use the same fqdn for all ranges.

If you have devices that advertise the same hostname in different subnets, they would overwrite the managed dns records without having a special domain which makes it unique.

But isn't that true even within a subnet? That is, I've got a number of cheap and cheerful WiFi-enabled outlets here, all of them referring to themselves as 'HS105', and, basically, last one in wins, it seems.

I moved to the new setup myself today, and had no issues; seems to be working as well as ISC did. My experience with Kea was a poor one, so at least so far, this seems to be a real improvement over that.

My suspicion is that the default of 'All' for the networks option is likely to cause problems with firewall rules not being applied, and I'd recommend changing that to be perhaps initially blank and requiring a selection to be made, in all cases ensuring that rules are created.

The documentation on this topic was, I felt, very good and easy to follow, and the forwarding setup from Unbound was particularly well described. The one thing I might want to change about it is that the 'DHCPv4 with DNS registration' portion seemed a more complicated use case than what I'd expect to be the norm, i.e., it sets up a subdomain per range, where the ranges correspond to security domains of 'lan' and 'guest'. I'd perhaps precede that use case with one of just setting up a default domain, e.g., 'lan.<tld>' and using that for all ranges.

Kea is comparatively bare-bones at the moment, and doesn't have much in the way of controlling UI in the same way that ISC does. Probably fine until you have a problem, and then things become hard to resolve as compared to ISC.

At the moment, in my case, Kea seemed to get into some pathological situation where it'd hand out new leases to the same switch MAC address indefinitely, until they were completely used up. There's seemingly no way out of that situation in the present Kea UI, so I fell back to ISC, which seems fine.

Kea's been working well for months for me, unsure what's caused it to become insane now, but just FYI, at the moment, seems as if Kea can get you into trouble that you'll have a hard time getting out of, and staying with ISC might be the prudent choice.