Messages

It was this text in the release notes of 24.4 which created the urgency for me.

'dhcp: add Kea DHCPv4 server option with HA capabilities as an alternative to the end of life ISC DHCP'

I though wow, that was quick. From 'it will take time to match features' to 'end of life' in such a short period.

[I reverted to ISC]

I fully agree wirth @meyergru and I would define the KEA implementation in OpnSense as V.0.5. The hype is far too big or too early.

After I managed to bring the static leases access with https://github.com/EasyG0ing1/Migration, I reverted to ISC. So few settings of KEA are exposed in the UI. E.g. Netboot.xyz is unusable with a single filename.

What added to the frustration, is that the help text in the settings are of low quality. Since many settings like DNS and Gateway are missing, I was blindly assuming the 'next server' was the gateway. Why not add parts of the explanation from https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html?

And finally, https://github.com/opnsense/core/issues/7189 was closed incompletly, but just adding 'next server'. Nothing about the remaining options.

I had a look at the ddclient perl script part for ClouDNS. And as far as I can tell, the parameter used in ddclient (dynurl) is likely not available in OPNsense UI.

[severity]

I could not get it to work (yet) with ClouDNS, despite being supported. The log file are not of much help and have the wrong severity

2023-04-23T17:26:01   Notice   ddclient[53534]   54357 - [meta sequenceId="2"] WARNING: skipping host: www.somehost.com: 'dynurl=' is an invalid string.

And I don't get why there is no simple update URL call anymore. The URL contains something like an API key, which is specific to that domain. So pretty limited attack surface. ClouDNS supports that part without the need to enter my administrative password anywhere in a client. Cybersecurity matters.