KEA DHCP - lacking features

maverickws

@RobbieTT

Ok.
But then I believe we are talking about two completely different things.
You're complaining that a present feature is not working, or malfunctioning.

I'm complaining about the whole freaking section of Custom DHCP Options disappearing, not being there, the impossibility of configuring the interface MTU via DHCP Options. So if you're having an issue with the DNS Servers options disappearing from clients or whatever that is, that is not the kind of issue I opened this thread to talk about. I'm talking about actual features that are no longer there, at all.
Completely different things. I'd suggest a new thread to approach that specific issue. Thank you.

jimp

For what it's worth, I have a macOS system behind a VM using Kea and it's been through multiple lease renewals and the DNS + domains are still there.

RobbieTT

@jimp said in KEA DHCP - lacking features:

For what it's worth...

It's worth a lot. Thinking back I only looked at wifi clients as that is where I noticed it. I wonder if these were lost on the UniFi AP chain.

️

jimp

Hard to say what might be coming into play there. My test client is still up now >1 day later and still has all its info, and it's been though 12+ renewals (some manual). So at least from what I can tell here it's been solid.

JonathanLee

With the knowledge of DHCP option issues in Kea, temporarly where can I add my DHCP options for Kea? Or just use the twightlighted ISC dhcp server?

without the options pfsense and internet traffic slows to a crawl for me.
I have no port 80 web gui is 8080 so I use option 252 to serve wpad over https port 8080. This works for my small home network needs and rouge laptops to and from university.

login-to-view

Kea when enabled slows everything down again like it was before I started using wpad.

Any recommendations?

jimp

If you need custom options, keep using ISC for now.

pfsvrb

@jimp said in KEA DHCP - lacking features:

If you need custom options, keep using ISC for now.

@jimp do you know if the Unbound restarts with registered dynamic clients will be fixed one KEA integration is finalized? I don't use custom options with ISC DHCP however, I do use the static leases function to get around the constant Unbound restarts (and loss of Unbound caching) that happen when I attempt to use the "register DHCP leases in DNS resolver" option. I've been following Bug 5413 for years but unfortunately it just keeps getting pushed perpetually. Is there any possibility KEA fixes this when its finalized?

Bug for reference: https://redmine.pfsense.org/issues/5413

Gertjan

@pfsvrb said in KEA DHCP - lacking features:

do you know if the Unbound restarts with registered dynamic clients will be fixed one KEA integration is finalized?

Registering DHCP lease clients, this one :

login-to-view

?

KEA has been introduced so it resolves just that issue, like redmine.pfsense.org/issues/5413
Looks like KEA will replace DHCPd by ISC anyway.

edit : a bit like : at first, pfSense (M0n0wall) came with dnsmasq, a DNS forwarder.
Then unbound, a resolver was introduced as a option, as a pfSense package (if I recall well), and then it as build in, as it is today : you have a choice : just one, or the other, or, if you like, both of them. Unbound is now the default.

pfsvrb

@Gertjan
Thanks for the response but this was more concerning the persistent Unbound restarts under the current implementation, and the need to keep ISC DHCP for reserved DHCP IPs in order to bypass the restart issue. See the underlined in the screenshot showing that KEA doesn't currently support registered or dynamic DHCP clients (my use case would be both of those).

login-to-view

Gertjan

@pfsvrb

login-to-view

At first, I was really convinced that the static dhcp mac leases were also use by KEA, but I was mistaken.
In some other thread, jimp corrected me on that.
So I borrowed some pfSense sub-GUI scripts to re create my own /var/unbound/host_entries.conf file before KEA gets started, as I still want to test drive KEA,- and have my local 'DHCP' devices resolved by host name.

The dynamic DHCPd clients : I'll leave that one to Netgate ;)

pfsvrb

@Gertjan So it will resolve the static DHCP entries even though the release notes do not indicate that? Or are you saying that you have it working only after some manual script to convert static entries to Unbound?

If you have to manually script something in to Unbound I'm not sure how this is relevant to the discussion? It would definitely fall under the "lacking features" of the thread though. ;)

Gertjan

@pfsvrb said in KEA DHCP - lacking features:

It would definitely fall under the "lacking features" of the thread though. ;)

Exact.

Open your /var/unbound/unbound.conf file, this is the main unbound config file.;
When you use 'dhcpd', you'll find :

# Static host entries
include: /var/unbound/host_entries.conf

This entry will exist when you've checked :

login-to-view

This /var/unbound/host_entries.conf looks lie :

local-zone: "bhf.tld." static
local-data-ptr: "127.0.0.1 localhost.bhf.tld"
local-data: "localhost. A 127.0.0.1"
local-data: "localhost.bhf.tld. A 127.0.0.1"
local-data-ptr: "::1 localhost.bhf.tld"
local-data: "localhost. AAAA ::1"
local-data: "localhost.bhf.tld. AAAA ::1"
local-data-ptr: "192.168.1.1 pfSense.bhf.tld"
local-data: "pfSense.bhf.tld. A 192.168.1.1"
local-data-ptr: "2a01:cb19:907:a6eb:92ec:77ff:fe29:392c pfSense.bhf.tld"
local-data: "pfSense.bhf.tld. AAAA 2a01:cb19:907:a6eb:92ec:77ff:fe29:392c"
local-data-ptr: "192.168.1.2 bureau2.bhf.tld"
local-data: "bureau2.bhf.tld. A 192.168.1.2"
etc.
......

When you switch to kea, these (both) : are not present anymore on the unbound main config setup page :

login-to-view

The very net time you 'save' the unbound config main settings page, and then Apply (== restart) unbound, the /var/unbound/host_entries.conf will still include the host overrides, but not the DHCP static MAC lease info anymore.

jimp

@pfsvrb said in KEA DHCP - lacking features:

@jimp said in KEA DHCP - lacking features:

If you need custom options, keep using ISC for now.

@jimp do you know if the Unbound restarts with registered dynamic clients will be fixed one KEA integration is finalized? I don't use custom options with ISC DHCP however, I do use the static leases function to get around the constant Unbound restarts (and loss of Unbound caching) that happen when I attempt to use the "register DHCP leases in DNS resolver" option. I've been following Bug 5413 for years but unfortunately it just keeps getting pushed perpetually. Is there any possibility KEA fixes this when its finalized?

Bug for reference: https://redmine.pfsense.org/issues/5413

That's the goal. We're designing a completely new mechanism for Kea to talk to Unbound using its API and/or unbound-control functions to add/remove/update DNS information dynamically without restarting the daemon.

jimp

@pfsvrb said in KEA DHCP - lacking features:

@Gertjan So it will resolve the static DHCP entries even though the release notes do not indicate that? Or are you saying that you have it working only after some manual script to convert static entries to Unbound?

If you have to manually script something in to Unbound I'm not sure how this is relevant to the discussion? It would definitely fall under the "lacking features" of the thread though. ;)

It's technically not supported but if you happened to have DNS registration of static mappings enabled before switching to Kea, then Unbound will still parse the static mappings and use them for DNS resolution. But it only updates when Unbound is restarted, not when mappings are edited.

So while it may function (partially) it's not officially supported yet.

Robert_Knabe

@maverickws said in KEA DHCP - lacking features:

Hiya,

I have taken a look into the new DHCP Server service, KEA, only to find out that when enabled, the Additional BOOTP/DHCP Options disappear.

Now, Additional BOOTP/DHCP Options is a real thing that provides said DHCP config options to the client.
I have dozens of machines that require this option, and by setting the MTU on the correspondent interface, that doesn't make the clients set the proper MTU.
That's DHCP option 26.

This is a critical component and honestly if pfSense is dropping this, I will have to find another firewall software that supports it. Even if I finally have to go Cisco, I mean, I'm completely baffled by this.

Another custom option that is indispensable to me is option 121, the configuration of routes on the client. Without that a centralized client management is not possible. For now i will keep ISC DHCP.

molykule

Hi,
I have 2 different subnets LAN and OPT1. I have a laptop, which has static IP address defined in both subnets, for lan the ip is 192.168.2.20, and for opt1, the ip is 192.168.3.20.
When I start kea dhcp, the dhcpd service would not start, I get error below

ERROR [kea-dhcp4.dhcp4.0x115d56a12000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': Can't add class: Client Class: mac_000E9******* has already been defined (/usr/local/etc/kea/kea-dhcp4.conf:103:13)

ERROR [kea-dhcp4.dhcp4.0x115d56a12000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: Can't add class: Client Class: mac_000E9******* has already been defined (/usr/local/etc/kea/kea-dhcp4.conf:103:13)

ERROR [kea-dhcp4.dhcp4.0x115d56a12000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element client-classes: Can't add class: Client Class: mac_000E9******* has already been defined (/usr/local/etc/kea/kea-dhcp4.conf:103:13)

I have removed the client identifier in both subnets. Is there any work around for such scenario or I am missing something,
I have posted it in separate in topic before, hoping if somebody else ran in the same issue, but haven't heard anything
thanks,

Gertjan

@molykule said in KEA DHCP - lacking features:

I have 2 different subnets LAN and OPT1. I have a laptop, which has static IP address defined in both subnets, for lan the ip is 192.168.2.20, and for opt1, the ip is 192.168.3.20.

First : I presume that you mean : a static MAC DHCP Lease, and not a static IP address setup, as (for me) such a setup doesn't use DHCP at all.

I do have the same scenario :
On LAN, my Phone has been set up with it's (non random !) MAC :

login-to-view

and on my PORTAL (another LAN or OPTx) interface :

login-to-view

Works fine for me

My phone gets 192.168.2.6 on the portal network, and 192.168.1.35 on the LAN network.

I'm using a non identical "Client ID" and "Hostname" on these two networks, could that be the reason ?

I've checked the kea config file : /usr/local/etc/kea/kea-dhcp4.conf - looks fine to me.

molykule

@Gertjan Thank you for replying. You are correct for static MAC DHCP lease.
however I still got the same error. I do notice that you dont have static ARP checked. I dont know if that could be the cause,
please let me know,
Thanks again for help,
login-to-view
login-to-view

login-to-view

In the file /usr/local/etc/kea/kea-dhcp4.conf, this occurs 3 times because its defined in 3 different subnets, which is erroring out.
{
"name": "mac_8C705AB898C4",
"test": "substring(hexstring(pkt4.mac, ''), 0, 12) == '8c705ab898c4'"
},

Log:
Nov 30 16:53:36 kea-dhcp4 36871 ERROR [kea-dhcp4.dhcp4.0x253335c12000] DHCP4_INIT_FAIL failed to initialize Kea server: configuration error using file '/usr/local/etc/kea/kea-dhcp4.conf': Can't add class: Client Class: mac_8C705AB898C4 has already been defined (/usr/local/etc/kea/kea-dhcp4.conf:164:13)
Nov 30 16:53:36 kea-dhcp4 36871 ERROR [kea-dhcp4.dhcp4.0x253335c12000] DHCP4_CONFIG_LOAD_FAIL configuration error using file: /usr/local/etc/kea/kea-dhcp4.conf, reason: Can't add class: Client Class: mac_8C705AB898C4 has already been defined (/usr/local/etc/kea/kea-dhcp4.conf:164:13)
Nov 30 16:53:36 kea-dhcp4 36871 ERROR [kea-dhcp4.dhcp4.0x253335c12000] DHCP4_PARSER_FAIL failed to create or run parser for configuration element client-classes: Can't add class: Client Class: mac_8C705AB898C4 has already been defined (/usr/local/etc/kea/kea-dhcp4.conf:164:13)
Nov 30 16:53:36 kea-dhcp4 36871 INFO [kea-dhcp4.hooks.0x253335c12000] HOOKS_LIBRARY_CLOSED hooks library /usr/local/lib/kea/hooks/libdhcp_lease_cmds.so successfully closed
Nov 30 16:53:36 kea-dhcp4 36871 INFO [kea-dhcp4.dhcpsrv.0x253335c12000] DHCPSRV_CFGMGR_SOCKET_TYPE_DEFAULT "dhcp-socket-type" not specified , using default socket type raw
Nov 30 16:53:36 kea-dhcp4 36871 INFO [kea-dhcp4.dhcpsrv.0x253335c12000] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igb3
Nov 30 16:53:36 kea-dhcp4 36871 INFO [kea-dhcp4.dhcpsrv.0x253335c12000] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igb2
Nov 30 16:53:36 kea-dhcp4 36871 INFO [kea-dhcp4.dhcpsrv.0x253335c12000] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igb1
Nov 30 16:53:36 kea-dhcp4 36871 INFO [kea-dhcp4.dhcpsrv.0x253335c12000] DHCPSRV_CFGMGR_ADD_IFACE listening on interface igb0

johnpoz

@molykule said in KEA DHCP - lacking features:

I do notice that you dont have static ARP checked.

Yeah that for sure could be problematic - and currently static arp doesn't even work correctly using isc dhcpd.. Sure it sets them, but when your client does dhcp for it.. It switches from perm to dynamic in the arp table..

There is a thread and redmine about it.

https://forum.netgate.com/topic/184155/static-arp-in-dhcp-overwritten

I really wouldn't count on kea not being weird if your doing anything other than just serving IPs out of a pool..

molykule

@johnpoz
Thank you for the detailed reply and the links,