ISC DHCP bind interfaces

[clarknova]

The documentation says

If you want to tryout KEA in OPNsense, just disable the legacy dhcp server on the specific interface and go to the KEA DHCP menu available under Services ‣ Kea DHCP.

This is incorrect in my experience, as I disabled ISC DHCP server on a single interface and then enabled KEA DHCP server on the same interface. Clients failed to get a lease and the KEA log shows this:

Code Select Expand

2024-10-15T17:31:45-04:00 Warning kea-dhcp4 WARN [kea-dhcp4.dhcpsrv.0x13d887012000] DHCPSRV_NO_SOCKETS_OPEN no interface configured to listen to DHCP traffic
2024-10-15T17:31:45-04:00 Warning kea-dhcp4 WARN [kea-dhcp4.dhcpsrv.0x13d887012000] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open socket on interface lagg0_vlan152, reason: failed to bind fallback socket to address 10.15.2.1, port 67, reason: Address already in use - is another DHCP server running?

This is confirmed in the shell:

Code Select Expand

# sockstat -l4 | grep 67
dhcpd    dhcpd      42491 23  udp4   *:67                  *:*

Is there a way to force ISC DHCP server to bind only to interfaces where it is enabled so that KEA can be bound to others?

[Patrick M. Hausen]

No. It's all or nothing.

[bimbar]

DHCP servers do not usually bind cleanly to single interfaces, except (for KEA) with very specific configuration. ISC can not do it at all, as far as I know.

[franco]

FWIW, that's only a historic ISC limitation on the server/relay side of things.

And indeed, for Kea and Dhcrelay this is no longer the case for us today.

Since Dnsmasq is going to be DHCP in the not so distant future too I'm actually not sure how it behaves in that regard.


Cheers,
Franco

[clarknova]

What is the recommended way to disable ISC then when I'm ready to enable KEA? If I disable ISC on every interface and stop the service will it remain stopped?

[Patrick M. Hausen]

If I disable ISC on every interface and stop the service will it remain stopped?

Yes.