Unbound to DNSmasq/KEA?

Started by spetrillo, January 20, 2026, 08:10:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 20, 2026, 08:10:20 PM
Hello all,

I am still using ISC for DHCP and would like to rip the band aid off and migrate to KEA for DHCP, DNSMasq for local DNS, and Unbound as the DNS that talks to the Internet. Has anyone done this? Is this a good plan or is there a better solution? Is there a document that talks about making the split? I did not find one.

Thanks,
Steve
January 20, 2026, 08:29:06 PM #1
January 20, 2026, 10:28:55 PM #2 Last Edit: January 20, 2026, 10:30:52 PM by nero355
Quote from: spetrillo on January 20, 2026, 08:10:20 PMI am still using ISC for DHCP and would like to rip the band aid off and migrate to KEA for DHCP, DNSMasq for local DNS, and Unbound as the DNS that talks to the Internet.

Has anyone done this?
I moved from ISC to KEA in about 10 minutes :
- Export all Static DHCP Mappings into seperate .csv files via the webGUI feature.
- Setup everything in KEA but DO NOT Enable it yet!
- Go to your ISC DHCP networks and Stop & Disable all of them one by one.
- Enable KEA for all those Networks/Interfaces and Start the service if needed.

DONE! :)

QuoteIs this a good plan or is there a better solution?
Using both KEA and DNSmasqd will probably end in a conflict : Both use the same ports!

Just use KEA or DNSmasqd and when you use the last one you don't even need Unbound if that's easier for you, because the DNS part of DNSmasqd and Unbound can have a port conflict too !! ;)

QuoteIs there a document that talks about making the split? I did not find one.
This one is pretty good :
Quote from: jp0469 on January 20, 2026, 08:29:06 PMThis guide helped me tremendously:

https://homenetworkguy.com/how-to/migrate-from-isc-dhcp-to-dnsmasq-or-kea-dhcp-in-opnsense/
It answered some minor questions that I had about some options/workflows and my "Migration plan" so to speak...
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Today at 06:10:56 PM #3 Last Edit: Today at 07:14:38 PM by julsssark
I was using almost the same setup you are thinking about, and it worked great for my homelab that only uses IPv4. I used Kea for DHCP and AdGuard to Unbound for DNS. Just make sure that you set the DNSMasq port to 53 and use a different port for Unbound (e.g., 15353). Be aware that with this configuration, when you set static hosts in Kea, you will also need to add an entry to DNSMasq if you want to reference that host by name/DNS.

Is there a reason/feature that you want to use Kea for DHCP vs. letting DNSMasq do it? The OPNsense docs summarize the options nicely: https://docs.opnsense.org/manual/dhcp.html#available-options

Edit: I switched to DNSMasq for DHCP when that became the recommended setup for small installations.
Today at 06:26:13 PM #4
I just have a small homelab setup, so I moved to dnsmasq for DHCP only and kept unbound for DNS. I was using KEA for a period of time and it worked fine, but I read that KEA is better for larger setups and smaller/personal setups are better with dnsmasq.
Print
Go Up Pages1
User actions