KEA DHCP - lacking features

maverickws

@RobbieTT when you configure the DHCP Service you go to

Services (Top Menu) > DHCP Server
Then you get the different interfaces where you're able to activate (enable) the DHCP Server service, correct?

When in here, you have a few configuration blocks:

"General DHCP Options"
"Primary Address Pool"
"Server Options"
"Other DHCP Options" (where we'd configure the extra DHCP options)

The "Server Options" block here already asks for DNS Servers, which correspond to DHCP option 6.

So, on normal operation I leave this blank and let the interface address be the DNS server (as I'm using unbound resolver, so the firewall is the DNS server).
On situations where HA is enabled, I put the shared virtual IP here.
So my question is, why adding manually option 6 with the DNS servers, instead of using the DNS Servers fields under "Server Options". Like could be a specific case and I was curious.

RobbieTT

@maverickws

Still confused on your distinctions.

I leave Services/DHCP Server/LAN/Server Options/DNS Servers on the default setting (ie interface address).

What gets pushed out to clients is this option (plus the IPv6 equivalent and Search Domains aka option 119, suitably redacted):

With Kea, the options do not seem to go out (6, 119, whatever) so from the client end you end up with this:

This is less than ideal.

️

maverickws

@RobbieTT Ok so this machine is still on Monterey but the same gist.

This is my pfSense config here at home with KEA currently going. But this section "Server Options" is exactly the same for ISC or KEA.

The default option is greyed out because I'm not entering anything manually.

So it will provide the clients with a DNS Server - pfSense itself - and passes the interface address, both IPv4 and IPv6:

My question again is trying to understand why to use (in ISC) a custom option "6" to pass the DNS servers, if you already have a GUI section for that?

RobbieTT

@maverickws said in KEA DHCP - lacking features:

My question again is trying to understand why to use (in ISC) a custom option "6" to pass the DNS servers, if you already have a GUI section for that?

Who said I was using a custom option with a GUI preset available?

As I said earlier, I use the default setting which provides the interface address. Same for option 119, I use the GUI Domain Name field.

The custom options on the GUI is really for those options that don't have a bespoke GUI field. Or are you of the mind that GUI preset options differ to those offered by the 'Custom' menu?

Anyway, I was more focused on options didn't seem to propagate with Kea and a DHCP renew or a clean skin left clients without this data.

️

maverickws

@RobbieTT said in KEA DHCP - lacking features:

Option 6 was the first one I noticed. Missing Option 42 was ok as everything I currently have points to an internal IP address.

️

Ok so I don't understand your answers, just that.

Server Options where you put the DNS Servers Address to pass on to clients is on the exact same place both on ISC or KEA. (corresponds to Option 6 but most people don't care or know that as there is a GUI field to set up).
You're claiming option 6 is missing? What do you mean? Missing from where then?
Cause I could only assume you were configuring Option 6 manually, under DHCP/BOOTP params.

In the regular settings for the DHCP service, the DNS fields are on the same spot, and are working as expected. You can actually see on my screenshots, using KEA, DNS Servers options right there.

RobbieTT

@maverickws

Ok - with Kea the information provided by DHCP Option 6 & 119 slowly vanished from my clients when they did a renewal. Perhaps my screenshots are not displaying for you but they show blanks where option 6 & 119 data should be present when I tested Kea over a few days and the information returning with ISC. If yours works ok in both ISC and Kea then that's great.

I don't know where the 'Custom Options' came from but as we are talking about what the client receives over DHCP it does not matter, as the client device does not care if a GUI box is used or not - it is just looking for the data in the message.

️

maverickws

@RobbieTT

Ok I think I got your issue.
So in my case this one here I don't manually add any DNS addresses. The firewall provides its own interface address as per default settings.
I haven't had those issues of the resolver address disappearing on any client.

Figured you were talking about the same issue I was - the whole custom DHCP option part just disappeared.
(I'm adding a screenshot for better understanding).

The "Custom Options" I mentioned are present on the ISC DHCP Server backend.
For those options where you don't get a GUI field, you add them here manually. And this feature is not present in KEA.

RobbieTT

@maverickws
I know where custom options reside and I only mentioned the impact at the client end.

️

maverickws

@RobbieTT

Ok.
But then I believe we are talking about two completely different things.
You're complaining that a present feature is not working, or malfunctioning.

I'm complaining about the whole freaking section of Custom DHCP Options disappearing, not being there, the impossibility of configuring the interface MTU via DHCP Options. So if you're having an issue with the DNS Servers options disappearing from clients or whatever that is, that is not the kind of issue I opened this thread to talk about. I'm talking about actual features that are no longer there, at all.
Completely different things. I'd suggest a new thread to approach that specific issue. Thank you.

jimp

For what it's worth, I have a macOS system behind a VM using Kea and it's been through multiple lease renewals and the DNS + domains are still there.

RobbieTT

@jimp said in KEA DHCP - lacking features:

For what it's worth...

It's worth a lot. Thinking back I only looked at wifi clients as that is where I noticed it. I wonder if these were lost on the UniFi AP chain.

️

jimp

Hard to say what might be coming into play there. My test client is still up now >1 day later and still has all its info, and it's been though 12+ renewals (some manual). So at least from what I can tell here it's been solid.

JonathanLee

With the knowledge of DHCP option issues in Kea, temporarly where can I add my DHCP options for Kea? Or just use the twightlighted ISC dhcp server?

without the options pfsense and internet traffic slows to a crawl for me.
I have no port 80 web gui is 8080 so I use option 252 to serve wpad over https port 8080. This works for my small home network needs and rouge laptops to and from university.

Kea when enabled slows everything down again like it was before I started using wpad.

Any recommendations?

jimp

If you need custom options, keep using ISC for now.

pfsvrb

@jimp said in KEA DHCP - lacking features:

If you need custom options, keep using ISC for now.

@jimp do you know if the Unbound restarts with registered dynamic clients will be fixed one KEA integration is finalized? I don't use custom options with ISC DHCP however, I do use the static leases function to get around the constant Unbound restarts (and loss of Unbound caching) that happen when I attempt to use the "register DHCP leases in DNS resolver" option. I've been following Bug 5413 for years but unfortunately it just keeps getting pushed perpetually. Is there any possibility KEA fixes this when its finalized?

Bug for reference: https://redmine.pfsense.org/issues/5413

Gertjan

@pfsvrb said in KEA DHCP - lacking features:

do you know if the Unbound restarts with registered dynamic clients will be fixed one KEA integration is finalized?

Registering DHCP lease clients, this one :

?

KEA has been introduced so it resolves just that issue, like redmine.pfsense.org/issues/5413
Looks like KEA will replace DHCPd by ISC anyway.

edit : a bit like : at first, pfSense (M0n0wall) came with dnsmasq, a DNS forwarder.
Then unbound, a resolver was introduced as a option, as a pfSense package (if I recall well), and then it as build in, as it is today : you have a choice : just one, or the other, or, if you like, both of them. Unbound is now the default.

pfsvrb

@Gertjan
Thanks for the response but this was more concerning the persistent Unbound restarts under the current implementation, and the need to keep ISC DHCP for reserved DHCP IPs in order to bypass the restart issue. See the underlined in the screenshot showing that KEA doesn't currently support registered or dynamic DHCP clients (my use case would be both of those).

Gertjan

@pfsvrb

At first, I was really convinced that the static dhcp mac leases were also use by KEA, but I was mistaken.
In some other thread, jimp corrected me on that.
So I borrowed some pfSense sub-GUI scripts to re create my own /var/unbound/host_entries.conf file before KEA gets started, as I still want to test drive KEA,- and have my local 'DHCP' devices resolved by host name.

The dynamic DHCPd clients : I'll leave that one to Netgate ;)

pfsvrb

@Gertjan So it will resolve the static DHCP entries even though the release notes do not indicate that? Or are you saying that you have it working only after some manual script to convert static entries to Unbound?

If you have to manually script something in to Unbound I'm not sure how this is relevant to the discussion? It would definitely fall under the "lacking features" of the thread though. ;)

Gertjan

@pfsvrb said in KEA DHCP - lacking features:

It would definitely fall under the "lacking features" of the thread though. ;)

Exact.

Open your /var/unbound/unbound.conf file, this is the main unbound config file.;
When you use 'dhcpd', you'll find :

# Static host entries
include: /var/unbound/host_entries.conf

This entry will exist when you've checked :

This /var/unbound/host_entries.conf looks lie :

local-zone: "bhf.tld." static
local-data-ptr: "127.0.0.1 localhost.bhf.tld"
local-data: "localhost. A 127.0.0.1"
local-data: "localhost.bhf.tld. A 127.0.0.1"
local-data-ptr: "::1 localhost.bhf.tld"
local-data: "localhost. AAAA ::1"
local-data: "localhost.bhf.tld. AAAA ::1"
local-data-ptr: "192.168.1.1 pfSense.bhf.tld"
local-data: "pfSense.bhf.tld. A 192.168.1.1"
local-data-ptr: "2a01:cb19:907:a6eb:92ec:77ff:fe29:392c pfSense.bhf.tld"
local-data: "pfSense.bhf.tld. AAAA 2a01:cb19:907:a6eb:92ec:77ff:fe29:392c"
local-data-ptr: "192.168.1.2 bureau2.bhf.tld"
local-data: "bureau2.bhf.tld. A 192.168.1.2"
etc.
......

When you switch to kea, these (both) : are not present anymore on the unbound main config setup page :

The very net time you 'save' the unbound config main settings page, and then Apply (== restart) unbound, the /var/unbound/host_entries.conf will still include the host overrides, but not the DHCP static MAC lease info anymore.