Tried moving from Dnsmasq to KEA - DNS issues

[Patrick M. Hausen]

Is the whole problem these days : YouTubers who think they know everything telling people half the story because they also don't understand what they are doing exactly!

And when something goes wrong no one turns to them : They turn to the forums!
And when they do turn to them then they often get no reply at all...

Absolutely. So you followed some YT dude. And it doesn't work.

Go ask that YT dude for crying out loud!

I am not going to watch a video produced by that YT dude to find where it might be wrong or incomplete.

If you describe your problem on this forum by writing what you did (i.e. what exactly you configured), what you expected to happen, in which way the system behaved differently, ... well, I am more than willing to help.

That's exactly the problem with YT these days. Why do people refer to YT at all instead of consulting the official documentation, first?

Whenever I have to deal with a new product, I check its documentation first. If the documentation sucks for arbitrary reasons or is simply nonexistent, that rules out the product. Simple, ey?

And @pseudonym3k - this is not specifically directed at you. You have provided all information you were asked for in this thread. It's addressed at the general public :-)

Kind regards,
Patrick

[pseudonym3k]

In that case if you want to run Kea for DHCP y

I *don't* want to run KEA. I'm not sure why that's not clear. In any event, it doesn't matter. I wish I could delete everything here but my post and the one comment that helped.

[Patrick M. Hausen]

Then stick to DNSmasq for DHCP and DNS. But then, what is the problem at hand?

[pseudonym3k]

Then stick to DNSmasq for DHCP and DNS. But then, what is the problem at hand?

There is no problem here except everyone bashing me for not reading everything and understanding it all, when they didn't take the time to understand what I have been writing.

[Patrick M. Hausen]

Nobody's bashing you. I certainly am not. You switched from DNSmasq to Kea and encountered problems, then turned to the forum for help.

I cannot read your mind. I do not know that switching to Kea is entirely disposable for you. I tried to help with the switch to Kea, nothing more, nothing less.

With the same intention my more general "lectures", which I tend to write if the occasion arises, were to give you the necessary information without demanding you "simply read the docs".

Take it or leave it. It's free advice. I'd hate to see you (anyone, really) leave this forum with the feeling they are lectured instead of helped but I have (repeating myself) for decades of networking in my back and I am doing my very best to be helpful. I am still wondering what I could have written differently.

Kind regards,
Patrick

[pseudonym3k]

I cannot read your mind. I do not know that switching to Kea is entirely disposable for you

But I said it multiple times - even in reply to you.

To sum everything I've already written here:

1. I use Dnsmasq, which isn't getting a delete lease button for good reasons. The old implementations had it and I miss having it. I have a script that works well enough for my purposes. It's just not as convenient as a button.

2. Someone suggested if I wanted a delete lease button, to try KEA, it has one that is and will be supported.

3. I attempted to swap KEA for Dnsmasq in my configuration and ran into trouble. I searched the 'net, read the documentation, looked at more videos, and eventually posted here to find out what I overlooked.

4. The answer is at no time did I understand it isn't a 1-for-1 swap, not even from the official documentation.

5. I simply don't need it, I was just following a suggestion. It isn't designed to work as I wanted. So I said I will stay with Dnsmasq in my very first reply, yet we've gone to two pages and counting. *mind boggled*

6. End-of-line.

[Patrick M. Hausen]

So if the "delete lease" button is important to you, switch to Kea and Unbound - there is no way to run Kea only and not also run a dedicated DNS server.

If you can live without stick to DNSmasq.

Which of the two is your choice only.

I only joined in late to bring in some context and explain why the choices in OPNsense are what they are.

Kind regards,
Patrick

[pseudonym3k]

I only joined in late

And help would be appreciated, if it were needed. But it wasn't. My question was already answered with the first comment and I was done. Now I've spent all my time counteracting misunderstandings when none of it was necessary. I wonder if the mods can just delete this entire thread.

[Patrick M. Hausen]

I think there is much valuable information for other/new users in this thread that should not be deleted.

All the best,
Patrick

[pseudonym3k]

think there is much valuable information for other/new users in this thread that should not be deleted.

If all the noise could be deleted, I'd agree. But it's a mess of misunderstandings.

[vimage22]

I hope this does not add more confusion, but I do not think this is a completely simple issue as I think pseudonym3k has shown many valid points. It is a little complex. I do not understand every aspect of DNS, in relation to Kea, Unbound and DNSmasq, but trying to learn. But I do understand DNS, especially from a ms perspective. There is yet a fourth variable of "System: Settings: General:  DNS servers". And there is the complexity of disabling ISC correctly. So you are dealing with at least 4 variables, and one must decide on the strategy to use.

Personally, I started down the road of migrating from ISC to DNSmasq. But very quickly decided I did not like the combination of DHCP and DNS (not recursive) within DNSmasq. I do like that Kea = DHCP and Unbound (recursive) = DNS. In my mind, very simple and effective. [BTW, "System: Settings: General:  DNS servers" is blank. I use Cloudflare DoT, within Unbound, NOT my ISP DNS].

I guess I can only describe how my setup has met my requirements, and then see if it matches another user.
"Services: Dynamic DNS" = dynamic wan ip resolution, if the ISP changes my wan ip.
"Services: Unbound DNS: DNS over TLS" = security (without pi-hole, ad-guard, etc.)
"Services: Kea DHCP: Kea DHCPv4 AND v6" = Add static reservation for local hostname resolution does work (AFTER a restart of Unbound)

But there is this issue of MY statement of "AFTER a restart of Unbound" is in conflict with pseudonym3k comment "all sites are immediately found by DNS name again".
When I went through this exercise, one had to be very precise in terms of what was disabled or enabled and what service was restarted, and when. For example, if I did not restart Unbound at the right moment, local hostname resolution would fail. If I had to go through a fresh install again, I think I could do it, but no guarantees I could get it right on the first try.

So again, if you take actually 7 variables into account, and decide on a plan, although complex, the end result is rewarding.
ISC - disabled? correctly?
"Services: Dynamic DNS"
"System: Settings: General:  DNS servers" - blank?
Kea versus DNSmasq (one or the other, not both) (If DNSmasq, is port forward set correctly to 5353?)
Unbound - all settings.
"Services: Router Advertisements" (IPv6)
(someone may argue the order of this list, which would be welcome)

I think pseudonym3k brought up a real world experience. Again, hope this helps and does not add more confusion.

One afterthought. Please do not use a common address of 192.168.1.0/24 for your LAN. Needs to be more unique, in my opinion. Not implying this has anything to do with the topic, just a suggestion.