@webdawg said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":

Sorry to necrobump, but I am a long term user of pfSense. I really feel strongly that this thread has been cr*apped on.
[ . . . ]
You are breaking things in one market segment, and then being rude to your users when they jump on your forums.

Your post seems to be directed at Netgate. But I count only two official Netgate replies (from the same poster) up until this point—and both are empathetic and respectful.

As one of the 'crappers' on the thread, I feel obligated to point out that the rest of us here are merely users like you, who may simply disagree with some of the points you and others are making.

@jeffry-maynard said in Kea server is down:

let me know if you have figured out a fix

You are using ... 2.7.2 ?
Afaik, there was a small patch avaible since the beginning to solve this situation.
Or, even better : 2.8.0 beta is out now for several weeks, and it look very promising,

@rtadams89 Is it the check-mk agent? Have you managed to solve?

@Gertjan said in Cannot contact VM via host name:

@tknospdr said in Cannot contact VM via host name:

When I try to ping by IP, it times out.

ICMP (is not UDP neither TCP) is allowed with firewall rules ?

I did say it worked via host name, that would show that ICMP is allowed, right?

@tknospdr said in Cannot contact VM via host name:

from a browser in

That browser uses what DNS ? Maybe not pfSense so it couldn't know about the host over ride.

Yes, all the browsers in my LAN use my pf box for DNS.

@tknospdr said in Cannot contact VM via host name:

If I enter the host name from a different subnet, I get a 'server dropped the connection' error.

The device with that host name, does it allow connections coming in from your other local networks ?

It does.

So I found out that I had to create a bridge network connection in order for my VM and host to talk to one another.
Everything seems to be talking correctly now.

My next hurdle is to get the packages I built the VM for to work, but that's beyond the scope of this forum.

For posterity, if you have TrueNAS and a VM, watch this video:
Network Bridge in TrueNAS

I know it's an old post, but I've updated the way I'm managing this to patch /etc/inc/services.inc as @inq mentioned above:

--- /etc/inc/services.inc-20250320 2025-03-20 15:43:20.182559000 -0700 +++ /etc/inc/services.inc 2025-03-20 15:44:13.392591000 -0700 @@ -3096,6 +3096,7 @@ if ($need_ddns_updates) { $dhcpdconf .= "ddns-update-style interim;\n"; $dhcpdconf .= "update-static-leases on;\n"; + $dhcpdconf .= "update-optimization off;\n"; $dhcpdconf .= dhcpdzones($ddns_zones); } @@ -3564,6 +3565,7 @@ if ($nsupdate) { $dhcpdv6conf .= "ddns-update-style interim;\n"; $dhcpdv6conf .= "update-static-leases on;\n"; + $dhcpdv6conf .= "update-optimization off;\n"; } else { $dhcpdv6conf .= "ddns-update-style none;\n"; }

@Gertjan Thank you for your feedback, Gertjan!
I'll continue with that info :)

Have a great day

@SteveITS

So far so good, I'll know tomorrow for sure.

You have all the patches applied in 24.11?

How loaded is subnet? Like number of clients vs available dhcp leases?

@Cabledude See thread https://forum.netgate.com/post/1206282, may be similar.

@jaybee32

Something has changed recently ....

You saw this :

cab5bb5f-a430-4633-a13f-60b820c27d8f-image.png

?

I'm not using the CE myself, but what about testing the newer, upcoming 2.8.0 ?

@drhans

This server uses the DMZ interface as the DNS destination ?
Check : can you see DNS coming into the DMZ interface ?

Does the resolver listen on the DMZ interface for DNS requests ?

Do you allow DNS traffic (port 53, TCP and UDP, destination "DMZ Address") on the DMZ interface ?

@SteveITS these aren't actually mobile clients, this is a site to site IPSec.

But yeah I think we agree the way to go here is to specifically assign the DC as DNS one way or another. Since I control DHCP on both sides, that seems to be the way to go in this case.

To add some more information:

I only used configuration settings which are available via GUI. in the dhcp log: I get warnings when kea dhcp service starts: Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_MULTI_THREADING_INFO enabled: yes, number of threads: 16, queue size: 64 Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MULTIPLE_RAW_SOCKETS_PER_IFACE current configuration will result in opening multiple broadcast capable sockets on some interfaces and some DHCP messages may be duplicated Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcp4.0xdea3b812000] DHCP4_RESERVATIONS_LOOKUP_FIRST_ENABLED Multi-threading is enabled and host reservations lookup is always performed first. Apr 7 11:33:47 kea-dhcp4 48639 WARN [kea-dhcp4.dhcpsrv.0xdea3b812000] DHCPSRV_MT_DISABLED_QUEUE_CONTROL disabling dhcp queue control when multi-threading is enabled.

@pjaiswal0231 said in Switch Doesn't accept DHCP Lease after Pfsense service gets boot late after the switch is already booted.:

i changed from auto negotiation to 100 full duplex according to my switch

So this dumb switch is also ancient - 100 full duplex.. ouch..

@horsesteroids said in Wireguard not resolving DNS.:

Not able to ping IPs such as 8.8.8.8

That is an ip-address, no DNS involved here. So your problems are bigger than your title is telling. Maybe search for a better tutorial.

@WEAREHEREFORIT

I'll answer in the reverse order :

@WEAREHEREFORIT said in add host to pfsense:

Can i add the host to PFsense somehow?

If, and only f, your pfSense LAN devices are using pfSense as their DNS server (or source), then an easy solution exists :

Goto the bottom of this page : Services > DNS Resolver > General Settings

0365dbef-abd8-469f-8ba0-d61637cbbc39-image.png

(I added 'aa' before the namle so it gets sorted at the top )

Hit save, Then, at the top of the page : Apply and done.
Nearly.
Because now, welcome to your new live : you do things, and then you test them.

Go to some PC on your network :
Enter a dos or command box:
Type :

nslookup galenclinicas.mywebsite.com

and admire the result.

Why does this work ?
Easy.
Type

ipconfig /all

and you'll see something like this :

Serveurs DNS. . . . . . . . . . . . . : 2a01:dead:beef:a6e2:92ec:77ff:fe29:392c 192.168.8.1 2a01:dead:beef:a6e2:92ec:77ff:fe29:392c NetBIOS sur Tcpip. . . . . . . . . . . : Activé

You see the 192.168.8.1 ?
That your pfSense.
So, when you use enter a host name like 'www.facebook.com' or 'galenclinicas.mywebsite.com' on your PC (with a browser, probably) the PC will ask the DNS server 192.168.8.1 to do the resolving.
And that's where the magic kicks in : you told the pfSense Resolver what IPv4 to return when "galenclinicas.mywebsite.com" is used as a host name.

Btw : this isn't a "pfSense" solution. Your ISP router can - most probably - do the same. Any other router out, with DNS capabilities, there do the same.

Btw : If your PC uses some other DNS like 8.8.8.8 or 1.1.1.1 or something else as a DNS source (server) then ..... yeah, you have a problem. [ as you can't call them to say "Hey, if "galenclinicas.mywebsite.com" is asked for, can you please return 192.168.8.12 ? ]

@WEAREHEREFORIT said in add host to pfsense:

but it's not registered in the Cpanel of the domain

And why not ?
( less important, what is a cpanel ? )

If you know something about these 192.168.8.x - it's a RFC1918 network/IP, the you know that these IP addresses are not routable over the Internet.
You have to use your WAN IP as the IPv4.
If your "mywebsite.com" or "www.mywebsite.com" is already accessible from the Internet, you know what to do. The same pfSense NAT rule will be used.

Btw : "NAT rules" isn't a pfSense thing neither. Every router box (ISP etc) on planet earth can do NAT since .... a bit before 1980 or so. I bet your are not new to this 👍

@KB8DOA said in Kea DHCP Server config changes not applied until reboot:

Had it happen again.

If you have some spare moments, run this while using ISC, and Kea :

7526decc-6b7f-44a0-a722-bc7d827070b1-image.png

and hit the start button.

You'll see the DHCP "client" requests in real time, the ones reaching your pfSense DHCP server, and the DHCP server answers.