KEA DHCP missing "Register DHCP leases in DNS Resolver..."

Gertjan

@nvdx

Oho !
(something very like) This is all that Kea needs so it can register a host name into "unbound" as soon as it comes in.

Question :

shouldn't that be :

UNBOUND_CONTROL_PATH="/usr/local/sbin/unbound-control"
UNBOUND_CONFIG_PATH="/var/unbound/unbound.conf"

?

JonathanLee

@Gertjan that dependent on plus version isn’t it?

Gertjan

@JonathanLee

Noop.
pfSense Plus and CE are very, like a lot, identical, when it comes to these kind of details.
IMHO, Plus and CE have a common build source base.
Plus has some value added packages added, and some low level stuff that permits it to run on Azure.
Plus has also ZFS file system kernel module loaded, so it can use ZFS as an option.
Things like that.
Core functionalities like "DNS", or "DHCP", are the same.

nvdx

@Gertjan
The example given is not matching pfsense specificaly.
For pfsense, of course, You're entirely right.
For other OSes, depends on the standard path of un
bound and kea's installation.
I'll add an example file for pfSense along the provided patch.

JonathanLee

@Gertjan Yes again CE starts with a different subfolder over Plus I think patches show a different root folder

Vollans

@Gertjan said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":

Plus has also ZFS file system kernel module loaded, so it can use ZFS as an option.

As does CE. Plus has the tools for managing the ZFS system via the front end included, though, as a Plus.

Qinn

Maybe install System_Patches, there are 2 Kea patches and 2 DNS resolver.

4o4rh

@Qinn how do you find these two patches

SteveITS

@4o4rh
https://docs.netgate.com/pfsense/en/latest/development/system-patches.html

Also of note, since the security notes are not yet in the 23.04 release notes:
https://forum.netgate.com/topic/187622/system-patches-package-v2-2-10_1

Qinn

@4o4rh as @SteveITS already posted the answer, install system patches, then go to System -> Patches and apply them. More to read here https://www.netgate.com/blog/using-pfsense-software-system-patches .

4o4rh

@Qinn doesn't really answer the question. Where do we get a list of the patches available and what they are for?

Qinn

Install this package, you see a list recommended system patches for Netgate pfSense and for each patch there is a description what it does or do. After you installed the package see this list and you can choose to apply each one of them individually (even revert most of them if you for some reason want to) or change nothing and remove the whole package, as in the link above this package is recommended by Netgate.

4o4rh

@Qinn no recommendations

SteveITS

@4o4rh what version are you on? 24.03 has none because their code is included.

Typically patches appear either a few weeks/months after a release, to fix bugs, or else they dropped a bunch of them for 2.7.2/23.09 after 24.03 was released because there are security fixes they backported for 2.7:2,
https://forum.netgate.com/topic/187622/system-patches-package-v2-2-10_1

Patches appear after the package is updated not on their own.

Qinn

Same question here ;)

Btw I am on 2.7.2 CE ( as is in my signature) and use System_Patches v2.2.10_1, updated recently, say last week and as you can see patches are sane to install, as like this example https://redmine.pfsense.org/issues/14991 is target for the not released pfSense version 2.8.0

[2.7.2-RELEASE][root@pfSense.localdomain]/root: pkg info pfSense-pkg-System_Patches-2.2.10_1
pfSense-pkg-System_Patches-2.2.10_1
Name           : pfSense-pkg-System_Patches
Version        : 2.2.10_1
Installed on   : Wed Apr 24 10:50:01 2024 CEST
Origin         : sysutils/pfSense-pkg-System_Patches
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : sysutils

maphilli14

I somehow got burned by this too. No, I do not read release notes, I just trust that the latest and greatest firmware protects my family's network. I had some performance issues on my ISP so rebooted everything to try to fix and it took me several hours to get to a root cause. I am sad, but happy to have it all back up and running nicely. Next time I will be more leery!

tagwolf

It's been well over a year right? Still waiting. I would be very surprised if this was that hard to integrate considering half the code is already written for the DHCP half.

ldaponte

Glad I found this thread. I was trying to figure out why DHCP leases weren't resolvable on my home network when they once were. Forgot that I had cut over to KEA DHCP days ago. Reverted to ISC DHCP and checked "Ignore Deprecation Warning" - all better now.

bson

I too followed the EOL suggestion and switch - and this is a total mess. How can I back this change out, I see nothing to switch back!!!

How can you POSSIBLY suggest this dysfunctional nonsense as an alternative? You've had this out for what, almost a year now - and it's still totally broken.

CAN YOU FIX YOUR BROKEN SH*T?!

SteveITS

@bson https://docs.netgate.com/pfsense/en/latest/releases/2-7-1.html#kea-dhcp-server-feature-preview-now-available

"Administrators can easily switch between ISC DHCPD and Kea by navigating to System > Advanced, Networking tab and changing the new Server Backend setting in the DHCP Options section."

The wording in pfSense about ISC DHCP is a bit misleading but Kea is in "feature preview" a.k.a. alpha/beta/whatever.