Comparison of DHCP service options

Started by kbreit, May 19, 2025, 01:40:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 19, 2025, 01:40:48 PM
Like many of you, I use DHCP on my OPNsense. Due to "it's what I've always done" I'm using ISC DHCP. However, Kea DHCP and DNSMasq DHCP are both options. Are there any comparisons between the three and when I would want to use them with OPNSense?
May 19, 2025, 02:17:39 PM #1
The story is quite short:

ISC DHCP is at the end of its lifetime and will eventually get pushed to plugins section. This means it will not be so well supported any more - well, it isn't by ISC, either. Yet, there is no rush to end using it, but if you just start out, you should consider the alternatives.

Kea DHCP is the strategic replacement product from ISC, but feature-wise, it is not quite up to par with ISC. Also, not everything that Kea offers is supported by the OpnSense GUI (at least when I looked at it the other day).

Deciso has decided to add DNSmasq as an easy alternative. It is quite fresh (first release of the DHCP-relevant parts was just in some of the last updates), so not all features worked as expected, but today's release 25.1.7 adds many bugfixes and additions to what was missing.

The documentation now has a big section on how to use it. Its charm is that it addresses DHCP, DNS and RA in one product. The only thing missing is a DNS resolver and DoT / DoH, but that can easily be added by an upstream DNS service, as is depicted in the docs.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
May 19, 2025, 04:42:40 PM #2
@kbreit
Like you I'm still on ISC DHCP. When Kea appeared as an option I was going to switch but decided to wait. Now I think my switch will be to DNSmasq, as that is now what is recommended for my type of small, simple setup. Up to this point, at least, I have no regrets waiting for the various alternatives to appear and cook a little within OPNsense. As Meyergru says, "there is no rush". But at some point, maybe soon, maybe when it becomes a plug-in, it's going to make more sense to switch than stick with ISC.
May 20, 2025, 11:36:43 PM #3
Thanks for the information. I'll need to compare manually but I'm assuming either DNSmasq or Kea will have the features I need. Are there steps for how to do the migration in a seamless manner? I'm thinking it's something like...

1. Download static leases (or manually record them)
2. Import or manually enter them into the new DHCP server
4. Migrate any other settings
3. Turn off the old DHCP server and enable the new one
Today at 12:46:56 AM #4
Since the configuration differs a lot between these servers, it has to be carried out manually.
The tedious part is mostly to carry over the reservations, esp. if you have many of them.

This may help in doing the latter:

https://github.com/meyergru/iscdhcp_to_kea
https://github.com/meyergru/iscdhcp_to_dnsmasq
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Today at 03:36:49 AM #5
I did notice Kea seems to lack the ability to do two things (which are probably the same thing):

- Custom DHCP options
- Set a DNS server

Am I missing a setting in the UI?
Today at 04:41:28 AM #6
I switched from ISC to Kea. Unbound listens on all ports and I have a redirection rule for DNS. Kea is not involved.
Deciso DEC697
+crowdsec +wireguard
Print
Go Up Pages1
User actions