Wrong domain name w/Unbound DHCP leases with multiple VLANs

[ctrlbrk]

I am having the same issue as this 3 year old post:

https://forum.opnsense.org/index.php?topic=7983.0

I have multiple VLANs.  Each VLAN running its own interface DHCP on OPN.  The domain name is different for each VLAN.

The problem is that the dhcpleases.conf generated by Unbound has only the "main" domain name picked up from System > Settings > General > Domain name.

This ends up creating a resolution problem.

Help :)

[Fright]

its all in help text for unbound settings:
DHCP Domain Override: The domain name to use for DHCP hostname registration. If empty, the default system domain is used. Note that all DHCP leases will be assigned to the same domain. If this is undesired, static DHCP lease registration is able to provide coherent mappings.

[ctrlbrk]

its all in help text for unbound settings:
DHCP Domain Override: The domain name to use for DHCP hostname registration. If empty, the default system domain is used. Note that all DHCP leases will be assigned to the same domain. If this is undesired, static DHCP lease registration is able to provide coherent mappings.

Would you look at that.  RTFM :)

I didn't have full help toggled so missed that apparently.

OK, but you might guess my next question --- while I have a small number of static DHCP leases, the overwhelming majority are not.  So what is the proposed solution or workaround?

It seems like this is a fairly major limitation if I am understanding correctly.  Isn't it pretty standard to have multiple DHCP servers on more than one subnet/VLAN with unique domain naming convention?

I would be willing to accept a command line solution if necessary.

Appreciate your help.

[Fright]

It seems like this is a fairly major limitation
agree but
I have not looked at the code (yet) but I suspect that if this is still not implemented, then it is not so easy to do.
first obstacle i can think about is the lack of domain info in dhcpd leases db-file.
although its possible to try to read the config and match the lease range->domain
(these are only guesses so far)

[franco]

Yes, no link between leases and interfaces exists unless:

(1) DHCPD services are split between interfaces each producing a separate lease file.

(2) Python code responsible for lease file parsing gains insight into lease ranges and their interfaces.

I would assume (2) is more favourable than (1), but it's still serious work that won't be done for no pressing reason since the limitations are known and haven't been a hindrance in the open source scope so far.


Cheers,
Franco

[Patrick M. Hausen]

Why does unbound generate the DHCP leases config in the first place? ISC dhcpd can perfectly well serve multiple subnets with different options for each. I'm surprised this is not reflected into the UI.

[Fright]

@pmhausen
sorry, don't quite understand. dhcpd lease config is generated by dhcpd.inc script, not unbound afaik.
unbound scripts only try to change records in zones in accordance with changes in the leases db
(and the lack of "leased" domain name  in the db does not help in this)
@franco
also like the second option better

[franco]

Yes, a background daemon writes the dynamic leases to Unbound. The shortcoming in the straightforward implementation is the lack of domain information in the dhcpd leases file.

I created a ticket for 22.1: https://github.com/opnsense/core/issues/5118


Cheers,
Franco

[Patrick M. Hausen]

@pmhausen
sorry, don't quite understand.

dhcpd supports configuration like this:

Code Select Expand


# my first VLAN
subnet 192.168.1.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option routers 192.168.1.1;
option domain-name "first.do.main";
option domain-name-servers 192.168.1.1;
}

# my second VLAN
subnet 192.168.2.0 netmask 255.255.255.0
{
option subnet-mask 255.255.255.0;
option routers 192.168.2.1;
option domain-name "second.do.main";
option domain-name-servers 192.168.2.1;
}


And I just wondered why the configuration in the UI does not reflect that. I would always try to mirror the underlying service structure as much as possible in any config tool. Too much magic going on between global system settings, unbound, and DHCP for my tastes.

[franco]

I think you are confusing static leases with dynamic/automatic leases.  :)


Cheers,
Franco

[Patrick M. Hausen]

Not quite. dhcpd has got a concept of options per subnet and will apply the domain matching the subnet to dynamic and static leases alike if the static lease does not further specify the domain.

[franco]

The difficulty is how do you put runtime lease information from the leases file into proper Unbound records without looking at a separate piece of configuration? The current implementation uses the lease file and nothing else. So this isn't a bug or a design fail... it's just a design choice leading to a quick implementation that fulfils a requirement for a particular group of users.


Cheers,
Franco

[Patrick M. Hausen]

Doesn't Unbound support ddns updates from dhcpd like BIND does? But I get your point.

[franco]

I think you need bind for that after all, i.e.

https://forums.freebsd.org/threads/does-unbound-not-support-dynamic-dns-update.66954/


Cheers,
Franco

[ctrlbrk]

Doesn't Unbound support ddns updates from dhcpd like BIND does? But I get your point.

Does this imply that replacing Unbound with BIND on OPN would solve this issue?

Because if yes, then possibly a workaround for me would be to *add* BIND to the mix, on another port, and I can then configure by implementation to query BIND for local PTR resolution, while leaving Unbound untouched.

Or maybe just replace Unbound?  I have to admit, it's been years since I used BIND.