I had the same issue, several of my device went poof with their static IP and when I see the DHCP logs this what shows me.

WARN [kea-dhcp4.alloc-engine.0x3088dc017b00] ALLOC_ENGINE_V4_DISCOVER_ADDRESS_CONFLICT [hwtype=1 xx:xx:xx:xx:xx:xx], cid=[ff:3e:43:3a:49:00:02:00:00:ab:11:35:39:77:96:62:6d:b5:73], tid=0x98a5560c: conflicting reservation for address 172.16.0.4 with existing lease Address: 172.16.0.4 Valid life: 7200 Cltt: 1747537583 Hardware addr: xx:xx:xx:xx:xx:xx Client id: ff:3e:43:3a:49:00:02:00:00:ab:11:37:60:a1:7d:6d:07:47:d8 Subnet ID: 1 Pool ID: 0 State: default Relay ID: (none) Remote ID: (none)

Yeah that assigned it a different IP address for a reason that it had conflicting IP address. went back the ISC because of this.

I hope the upcoming 2.8 have a fix for this.

@ericwentz and the dhcp lease time has zero to do with a dns ttl on a record.. The default is 7200 seconds, or 2 hours.

Which per the rfc Gertjan pointed out the registration of that in dns should be like 1/3 of the lease and not shorter than 10 minutes..

My issue is what you showed in the log of kea was it was writing a record with a ttl of 5 minutes - which to be honest on a local network is insanely low.. Make zero sense to me and clearly not following the rfc.

@SteveITS I did restart but I have been adding a lot reservations so I I noticed it intermittently and just decided to give up and move away from Kea

I was able to find and delete the entry by searching the XML file and it was in virtual IPs.

@Andy142

Pretty solid proof then that the ISP device, connected to the pfSense WAN port took down the interface.
Afaik : reasons can be : if its a modem type device : they do this to signal down stream a data carrier loss.
Bad power.
Bad NIC.

Most often, these ISP devices have also a GUI. It's time to have a look at, maybe there are details about the loss available.

@Gokulapandi
The DNS resolver doesn't hand out private IPs by default. You have to enable this with a custom option:

server: private-domain: "<your-domain.tld>"

The server line is only needed if you haven't one already, otherwise you can write the private-domain line below of it.

@johnpoz yeah, I guess 10 would be enough for some IoT devices like light bulbs, you garage door, window blinds or sun shades (whatever the right word).
For the DMZ on the other hand it may be a bit slow.

@DjJoakim yeah so stuff using other than your IP will be redirected, and stuff using the pfsense IP will be allowed.

@Gertjan

will do, thank you very much for your help

I have a laptop with a mapping for both the wired and wireless MAC, but when it gets a lease, instead of, for example, "laptop" as the client ID, it is "laptop." and gets a pool address instead, even though the MAC matches the reservation. Very annoying.

@jeffry-maynard said in Kea server is down:

let me know if you have figured out a fix

You are using ... 2.7.2 ?
Afaik, there was a small patch avaible since the beginning to solve this situation.
Or, even better : 2.8.0 beta is out now for several weeks, and it look very promising,

@rtadams89 Is it the check-mk agent? Have you managed to solve?

@Gertjan said in Cannot contact VM via host name:

@tknospdr said in Cannot contact VM via host name:

When I try to ping by IP, it times out.

ICMP (is not UDP neither TCP) is allowed with firewall rules ?

I did say it worked via host name, that would show that ICMP is allowed, right?

@tknospdr said in Cannot contact VM via host name:

from a browser in

That browser uses what DNS ? Maybe not pfSense so it couldn't know about the host over ride.

Yes, all the browsers in my LAN use my pf box for DNS.

@tknospdr said in Cannot contact VM via host name:

If I enter the host name from a different subnet, I get a 'server dropped the connection' error.

The device with that host name, does it allow connections coming in from your other local networks ?

It does.

So I found out that I had to create a bridge network connection in order for my VM and host to talk to one another.
Everything seems to be talking correctly now.

My next hurdle is to get the packages I built the VM for to work, but that's beyond the scope of this forum.

For posterity, if you have TrueNAS and a VM, watch this video:
Network Bridge in TrueNAS

I know it's an old post, but I've updated the way I'm managing this to patch /etc/inc/services.inc as @inq mentioned above:

--- /etc/inc/services.inc-20250320 2025-03-20 15:43:20.182559000 -0700 +++ /etc/inc/services.inc 2025-03-20 15:44:13.392591000 -0700 @@ -3096,6 +3096,7 @@ if ($need_ddns_updates) { $dhcpdconf .= "ddns-update-style interim;\n"; $dhcpdconf .= "update-static-leases on;\n"; + $dhcpdconf .= "update-optimization off;\n"; $dhcpdconf .= dhcpdzones($ddns_zones); } @@ -3564,6 +3565,7 @@ if ($nsupdate) { $dhcpdv6conf .= "ddns-update-style interim;\n"; $dhcpdv6conf .= "update-static-leases on;\n"; + $dhcpdv6conf .= "update-optimization off;\n"; } else { $dhcpdv6conf .= "ddns-update-style none;\n"; }

@Gertjan Thank you for your feedback, Gertjan!
I'll continue with that info :)

Have a great day

@SteveITS

So far so good, I'll know tomorrow for sure.

@Cabledude See thread https://forum.netgate.com/post/1206282, may be similar.