Switch from ISC DHCP to KEA

Started by mrt12, November 01, 2025, 01:56:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 01, 2025, 01:56:53 PM
Good day,
I read that ISC DHCP is actually out of maintenance since already long time. So I thought I should switch to KEA.
But I am a bit unsure about the config.

a) with ISC, I could automatically add DNS records for the hosts. Is this possible with KEA also? I read contradicting infos. A short test by myself gave me the impression that it's not possible, but I am not sure if I configured it just wrong.

b) KEA DHCPv6: how do I configure the subnets in case I have a delegated /56 prefix? I would like some different subnets to have different prefixes delegated. However my prefix is not static.

c) For test purposes, I activated KEA DHCPv4 and see if it works. Somehow it does, but it quickly floods the log with entries like this

WARN [kea-dhcp4.dhcpsrv.0x2c0eea45c008] DHCPSRV_LEASE_SANITY_FAIL The lease 192.168.20.26 with subnet-id 1 failed subnet-id checks (the lease should have subnet-id 2).

that I don't understand. I cannot change the subnet IDs, so why does he complain here?
November 02, 2025, 01:28:05 AM #1
b) PD is work in progress. Currently, only static prefixes are supported (poorly - no automatic routes yet (coming soon)).

Cheers
Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
November 02, 2025, 02:27:13 AM #2 Last Edit: November 02, 2025, 02:44:20 AM by hharry
Kea is a relatively new introduction to opnsense, i'm not sure why kea-dhcp-ddns hasn't been implemented, but kea supports it...over here -> https://kea.readthedocs.io/en/kea-3.0.1/arm/ddns.html, nor do i know if it's already on the opnsense roadmap....as this question had been requested before, but closed without implementation...

https://github.com/opnsense/core/issues/7768

You'll likely get push back for native kea ddns support, along the lines to use unbound DNS, for the DDNS component...
OPNsense 25.7.5-amd64 running on ESXi 6.7 U2 VM, 4Gbytes RAM, 2 x vCPU
frr OSPF + eBGP, IDS, AdGuard Home, sftp-backup plugins. limited kea DHCP server deployment.
November 03, 2025, 03:36:37 AM #3
Can the files be edited, in a permanent way, from the console while still using the webGUI for ease of use?
November 06, 2025, 10:32:45 PM #4
Second vote for `kea-dhcp-ddns`.

I can enable it once the firewall is up, but it disables itself on every reboot, overwriting the .conf file that should allow it to run.

Oddly, it does not reset the `kea-dhcp-ddns.conf` file, that stays and it works once I re-enable in the master .conf.

Print
Go Up Pages1
User actions