ISC DHCP 4.4.3-P1 EOL

Started by Vesalius, October 12, 2022, 02:35:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 12, 2022, 02:35:03 PM
ISC DHCP Server has reached EOL

Now that the version of ISC DHCP that OPNsense uses is EOL as of this release in 22.7.6, what are the plans going forward?

Any consideration to making the move to ISC Kea DHCP server?

Would also be great, if OPNsense was finally able to function as a DHCP server for multiple subnets and VLANs over a single defined interface/link in the context of an L3 switch.
October 12, 2022, 09:35:06 PM #1
No plans yet, but at a first glance KEA looks like quite an overkill in terms of dependancies.
Without a database (MySQL or PostgreSQL) we likely aren't able to offer a similar feature set as we do now (https://kea.readthedocs.io/en/latest/arm/admin.html#supported-backends). The lack of host reservations without a db caught my attention at least (https://kb.isc.org/docs/what-are-host-reservations-how-to-use-them).

Adding a database like PostgreSQL or MySQL is likely not a design decision we will take lightly considering the impact on a lot of outstanding installs. 

Migration will be at least challenging if possible at all.

There is a freebsd port for KEA https://github.com/freebsd/freebsd-ports/tree/main/net/kea, but maybe there are other options as well to consider when we do need to replace isc. Something lightweight which scales would be nice.

Considering the number of products and projects still depending on it, I wouldn't be surprised if someone forks it to be honest, but we'll see.

Best regards,

Ad
October 13, 2022, 02:21:48 AM #2
They are also discussing this over on the FreeBSD Forums in this thread https://forums.freebsd.org/threads/isc-dhcp-server-is-eol.86731/#post-584109
October 13, 2022, 02:05:11 PM #3
Interesting discussion. Internally we talked a bit about it and we don't really know how to react without creating unnecessary work at the moment so ideally we would just wait and see what happens.

From a feature perspective we don't really miss anything that would warrant the need for isc-dhcp to bring further feature updates. So the following is unclear, but possible:

1. Security patches will be published as the issues become known to the public (CVE, etc.)
2. Someone will fork, for better or worse (as mentioned by Ad above)
3. Merry Christmas and a happy new year ;)

But seriously, what do you guys think was a replacement could be?


Cheers,
Franco
October 13, 2022, 02:42:49 PM #4
I would wait and see, in the hope a fork would provide sqllite as backend so that the dependency is satisfied but is not too onerous on small installs/resource-restricted systems.
What I'd like to know is if dnsmasq can be a like-for-like replacement already, or additional work on opn is needed to make it so.
October 13, 2022, 04:14:10 PM #5
Putting a little thought into the size of IPv4 vs IPv6 size for DHCPv6 which may be a GIANT pain. :)

Maybe the DHCPv6/etc should be offloaded to something like an IPAM package if the system would be able to handle this.
Print
Go Up Pages1
User actions