Which is the way to go ? - DHCP Server

Started by Mayo132, January 03, 2026, 02:08:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 03, 2026, 02:08:46 PM
Hi everyone,

first of all I wish everyone a happy new year.

Please let me start the new year witch an older "project" wich I would like to start again. But at this time Iam not sure, what would be the right way.  The topic is about switching the DHCP Server from ISC to ..?... KEA or Dnsmasq.

At this time Iam running Dnsmasq in my homelab, but Iam only using it because of the vendor specific ("Ubiquiti") DHCP options. I think some of us knows the problem, when the unifi controller is located outside the network.

Does anyone have some experiences using KEA with such options ? Or maybe some has an recommendation, which DHCP i should try to implement?
Is it better to focus on KEA, or is DnsMasq also a good choice ?

Thanks a lot for helping me.
Mario
January 03, 2026, 02:20:29 PM #1
Currently Kea does not support custom options at all. For Unifi/Ubiquiti they are not really necessary, though. You can use a DNS A record for "unifi." e.g. as an override in Unbound.

I prefer the (to my tastes) cleaner setup of Kea and Unbound. Deciso is pushing DNSmasq for reasons I do not quite understand. I would not base my enterprise firewall product on a single person project hosted on a private server.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 03, 2026, 02:21:11 PM #2
I setup both, it wasn't hard to import or copy and paste my static mappings over.

my setup:

dnsmasq and or kea for dhcp.  then I use unbound for DNS.

long term I will be using Kea.

my cloud gen g2 plus is on my internal network.  so I can't help you there
DEC740 > USW-Pro-8-PoE> U6-Enterprise
Dec670. Retired / backup device
January 03, 2026, 02:30:24 PM #3
Wow, thanks for the fast reply.

After your answers, I think i should give KEA a chance ;)  But I did not know that i can push the Unifi Server IP via "DNS".  At this time Iam using adguard with a local unbound installation.  If i get it right i only have to push the right ip for the domain "unifi." ?

Thanks a lot for helping me.

January 03, 2026, 02:47:18 PM #4 Last Edit: January 03, 2026, 02:50:06 PM by Monviech (Cedrik)
Quote from: Patrick M. Hausen on January 03, 2026, 02:20:29 PMI would not base my enterprise firewall product on a single person project hosted on a private server.

Without sounding salty, the whole modern IT infrastructure is based on a huge chain of dependencies who knows who maintains for free as single entities.

Framing dnsmasq in this way - which runs on millions of CPE devices - is not very nice.

Dnsmasq it has its usecases, most prominently fixing operational IPv6 issues for CPE that are not in the scope of KEA.

HA are operational enterprise requirements that are not in the scope of Dnsmasq.

Both tools have their own identity, nobody forces you to use anything else than KEA in enterprise.
Hardware:
DEC740
January 04, 2026, 03:27:40 PM #5
I recently switched from ISC to kea and I am very impressed. My environment is relatively simple, but IPv6 is working (lan, wan, nat port rules, etc.). Plus I like kea=dhcp, unbound=dns just from an organizational point of view. Not familiar with ("Ubiquiti") DHCP option requirements, but I would be curious if you wanted to share.
January 04, 2026, 04:29:11 PM #6
I use AdGuard, Unbound and DNSMasq with my Unifi setup. I use DNS for unifi and do not need to set a DCHP option.  I have no problems with adoption of new devices. DNSMasq/Unbound is the OPNsense recommended option for small/medium setups.

Kea worked fine for me as well, but DNSMasq automatically resolves DNS entries for fixed DCHP hosts (e.g., my unifi server is a fixed host and I don't need to create a separate DNS entry in Unbound for it).

See the docs for instructions on how to setup DNSMasq/Unbound, though you will need to use a different port for Unbound (e.g., 15353 for Unbound and 53 for Adguard). https://docs.opnsense.org/manual/dnsmasq.html#dhcpv4-with-dns-registration
January 04, 2026, 06:11:05 PM #7
Quote from: vimage22 on January 04, 2026, 03:27:40 PMNot familiar with ("Ubiquiti") DHCP option requirements, but I would be curious if you wanted to share.
A lot  of brands (CISCO is another well known example) have their own DHCP Option Code for the same purpose usually : Reach some kind of Centralized Controller from which they are configured and controlled after adoption.

When I was using the UniFi USG 3P Router it was a matter of selection an option in the UniFi Controller and pointing to the right IP address or hostname and that was it.
However in case of "3rd party Routers/DHCP Servers" you need to calculate the hash and set the right DHCP Option : Option 43
(This code is different per Vendor of the network hardware that you are using!)

But luckily there is a much easier method that works just fine most of the time : Having a "unifi" DNS A Record pointing to the IP address of the UniFi Controller.
I believe the DNSmasqd Service used on their Routers does this by default so when you are using something else you need to do that yourself.

In my case my Pi-Hole FTLDNS takes care of this stuff which is basically DNSmasqd on steroids and the DHCP Server is OPNsense and the old ISC Service for now :)
Weird guy who likes everything Linux and *BSD on PC/Laptop/Tablet/Mobile and funny little ARM based boards :)
Print
Go Up Pages1
User actions