New user currently using ISC DHCP - now what?

Started by coffeecup25, April 09, 2025, 03:38:51 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
April 12, 2025, 12:09:24 PM #15
Darn... so close.

man(8) dnsmasq:
Quotera-names enables a mode which gives DNS names to dual-stack
              hosts which do SLAAC for IPv6. Dnsmasq uses the host's IPv4
              lease to derive the name, network segment and MAC address and
              assumes that the host will also have an IPv6 address calculated
              using the SLAAC algorithm, on the same network segment. The
              address is pinged, and if a reply is received, an AAAA record is
              added to the DNS for this IPv6 address. Note that this is only
              happens for directly-connected networks, (not one doing DHCP via
              a relay) and it will not work if a host is using privacy
              extensions.  ra-names can be combined  with ra-stateless and
              slaac.

Putting aside the future-proofing issue of IPv4 dependency, privacy extensions are important to me as a home internet user.  As a home network admin however it's like flying blind without traceability in things like DNS and pf logs.

The designers of IPv6 are not without a twisted sense of humor, it seems.
April 17, 2025, 03:07:12 PM #16
Now, that I installed a test installation of OpnSense with the development version and had a look at it, I have a few questions/observations:

1. Even standard options like DNS server, NTP server, gateway or netmask are now separated out into several DHCP options that are indirectly referenced via "tags". This was much easier with ISC DHCP, because those standard options could be specfied per interface.

How to specify some options is unclear, e.g. how should the IPv4 netmask be given? Say, "/24", "24" or "255.255.255.0"?

2. Considering that the XML specification is somewhat complex (e.g. every host entry has its own UUID and references tags by UUID), the option to import CSV is useful for migration if no other means if available (like discussed before). However, there are no CSV export options for ISC DHCP or Kea as of yet. These would be highly desireable if no other means are provided.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
April 17, 2025, 03:32:14 PM #17 Last Edit: April 17, 2025, 03:42:02 PM by Monviech (Cedrik)
1.
Just create a range with an interface
and then create the option(s) with an interface

You do not need to use the tag system, it's for advanced usecases.

When a DHCP Discover enters a network interface, Dnsmasq will automatically set a tag with the interface name that received this packet. That is what you select with the interface selectpicker in options or ranges.

Yesterday I improved the selectpicker where you can select interfaces in, if you select it and press the add button in a grid the interface will be preselected.

https://github.com/opnsense/core/commit/e72077c376c08b51ffe01e42da135d8a29850067

Hardware:
DEC740
April 17, 2025, 03:41:39 PM #18
You'll find me in the Kea department ... ;-)
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 17, 2025, 03:42:57 PM #19
Thats okay, we support both DHCP servers.

https://docs.opnsense.org/manual/dhcp.html
Hardware:
DEC740
April 17, 2025, 03:50:14 PM #20
Quote from: meyergru on April 17, 2025, 03:07:12 PM2. Considering that the XML specification is somewhat complex (e.g. every host entry has its own UUID and references tags by UUID), the option to import CSV is useful for migration if no other means if available (like discussed before). However, there are no CSV export options for ISC DHCP or Kea as of yet. These would be highly desireable if no other means are provided.

https://github.com/opnsense/core/issues/8075#issuecomment-2799938354
Hardware:
DEC740
April 17, 2025, 07:08:15 PM #21
I started on opnsense a few months ago with kea. But i quickly moved to isc as static mappings where not really enforced and some devices couldn't get an address.
If you choose to move to dnsmasq (which i happily used years ago), do you have to use it for dns also or can you stay with unbound ?
April 17, 2025, 07:14:01 PM #22
Read this for a full overview:

https://docs.opnsense.org/manual/dnsmasq.html
Hardware:
DEC740
April 18, 2025, 02:57:03 AM #23
I moved to Kea with 24.7, with Unbound. Given either sufficient patience for expiry or a client reboot I have had no problems with IP reservations working.

I was initially put off by some of the discussions around Kea, but in practice I found it is a well laid out and easy to use and manage DHCP, and is mainstream so given there is nothing in DNSmasq for my needs I will stay with that.
Deciso DEC697
+crowdsec +wireguard
Print
Go Up Pages 1 2
User actions