Kea registrations

dennypage

@markster said in Kea registrations:

I always wanted to find out from the users why do they need KEA to register non-static IP clients with Unbound. Nobody has been able to explain that. I wonder if you could help me understand.

The term "non-static" is subject to interpretation, so I'm guessing what your question actually is...

I generally run my networks as fully managed. All hosts have names registered with DHCP. In the case of IPv4, these are handled via Early DNS registrations. However with Kea, IPv6 Early DNS registration does not currently work when a track interface is in use. With a track interface if you have a host with an assigned address of

::22

and you have pre-registration enabled, what you will receive in hostname resolution is literally just

::22

instead of the expected

<delegated-prefix>::22

Currently, the only way around this with Kea is to perform the registration when the host is given the lease. This is a known issue (Redmine #16191).

Does this answer your question?

markster

@dennypage
Let me clarify.

It makes perfect sense that static IP network resources like NAS, email server, print server etc need to be registered but I somewhat fail to get an idea that my iphones, ipads and tables need to be.

But why would I want every dynamic IP clients (iphone, tv, ipda, android phone etc) have registered with Unbound?
My question is about the need to register dhcp leases (changes all the time) with Unbound DNS? These clients do not need to have these dynamic/changes IP addresses registered with DNS.

marcosm

@dennypage There are significant changes with Kea in 25.11. I would first ask to try reproducing the issue there. Until a new RC build is released, you can update to the current public build and apply the patch for (then restart Kea services):
35b7ace2e50e8e9387ae23964a0d18978601e0dd

Note that the socket path has changed; the command would now be:
echo '{"command":"lease6-get-all"}' | nc -U /var/run/kea/kea6-ctrl-socket | jq .

dennypage

@markster said in Kea registrations:

@dennypage
But why would I want every dynamic IP clients (iphone, tv, ipda, android phone etc) have registered with Unbound?
My question is about the need to register dhcp leases (changes all the time) with Unbound DNS? These clients do not need to have these dynamic/changes IP addresses registered with DNS.

I'm not sure my usage relates to your question then. My leases, including phones, tablets, tvs, etc., don't change all the time. They are all fixed hostname->ip addr mappings.

dennypage

@marcosm said in Kea registrations:

Until a new RC build is released, you can update to the current public build and apply the patch for (then restart Kea services):
35b7ace2e50e8e9387ae23964a0d18978601e0dd

I gave the patch a quick try, but it breaks unbound. [It reports syntax errors /in /var/unbound/leases*.conf]

marcosm

Can you provide more detail? What exactly is the error being logged and what are the contents of those files? What's the step-by-step for the test? Feel free to DM me.

dennypage

@marcosm DM sent.

pst

@dennypage @marcosm This is still broken in 25.11-RC from Nov26:

FreeBSD temperance.local.lan 16.0-CURRENT FreeBSD 16.0-CURRENT #36 plus-RELENG_25_11-n256500-a43915e7ef55: Wed Nov 26 17:53:51 UTC 2025     root@pfsense-build-release-aarch64-2.eng.atx.netgate.com:/var/jenkins/workspace/pfSense-Plus-snapshots-25_11-main/obj/aarch64/HBRSF4R0/var/jenkins/workspace/pfSense-Plus-snapshots-25_11-main/sources/FreeBSD-src-plus-RELENG_25_11/arm64.aarch64/sys/pfSense arm64

Unbound fails to start, syslog says:

The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/leases/leases6.conf:4: error: unknown keyword 'local.lan.' /var/unbound/leases/leases6.conf:4: error: stray '"' /var/unbound/leases/leases6.conf:4: error: unknown keyword '(fqdn)' /var/unbound/leases/leases6.conf:4: error: stray '"' /var/unbound/leases/leases6.conf:4: error: unknown keyword 'local.lan.' /var/unbound/leases/leases6.conf:4: error: stray '"' /var/unbound/leases/leases6.conf:4: error: unknown keyword '(fqdn)' <snip>

This blocks me logging in through the GUI, got console access though.

dennypage

@pst If coming from a prior beta/rc, you will need to clear your DHCPv6 leases.

pst

@dennypage Thank you, I managed to get in by removing /var/unbound/leases/leases6.conf and restarting unbound, then clearing all dhcpv6 leases through the GUI. The system seems happier now :)

Gertjan

@pst said in Kea registrations:

The command '/usr/local/sbin/unbound -c /var/unbound/unbound.conf' returned exit code '1', the output was '/var/unbound/leases/leases6.conf:4: error: unknown keyword 'local.lan.' /var/unbound/leases/leases6.conf:4: error: stray '"' /var/unbound/leases/leases6.conf:4: error: unknown keyword '(fqdn)' /var/unbound/leases/leases6.conf:4: error: stray '"' /var/unbound/leases/leases6.conf:4: error: unknown keyword 'local.lan.' /var/unbound/leases/leases6.conf:4: error: stray '"' /var/unbound/leases/leases6.conf:4: error: unknown keyword '(fqdn)' <snip>

Looks like you have a ' or " in one of your host names.

Check your leases file (example : the leases4.conf file) :

# 6a35f685cfbe8e04
# Automatically generated! DO NOT EDIT!
# Last updated: 2025-11-28 08:51:57
local-data: "ricoh.bhf.tld. 9000 IN AAAA 2a01:dead:beef7:a6e2::87"
local-data: "7.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 9000 IN PTR ricoh.bhf.tld."
local-data: "bureau2.bhf.tld. 2400 IN AAAA 2a01:dead:beef7:a6e2::88"
local-data: "8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 2400 IN PTR bureau2.bhf.tld."
local-data: "cloudkey.bhf.tld. 9000 IN AAAA 2a01:dead:beef7:a6e2::8a"
local-data: "a.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 9000 IN PTR cloudkey.bhf.tld."
local-data: "iphone-xiv-gertjan.bhf.tld. 2400 IN AAAA 2a01:dead:beef7:a6e2::8b"
local-data: "b.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 2400 IN PTR iphone-xiv-gertjan.bhf.tld."
local-data: "droite.bhf.tld. 2400 IN AAAA 2a01:dead:beef7:a6e2::a0"
local-data: "0.a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 2400 IN PTR droite.bhf.tld."
local-data: "poweredget310.bhf.tld. 2400 IN AAAA 2a01:dead:beef7:a6e2::b0"
local-data: "0.b.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 2400 IN PTR poweredget310.bhf.tld."
local-data: "diskstation2.bhf.tld. 2500 IN AAAA 2a01:dead:beef7:a6e2::c2"
local-data: "2.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 2500 IN PTR diskstation2.bhf.tld."
local-data: "gauche2.bhf.tld. 2400 IN AAAA 2a01:dead:beef7:a6e2::c7"
local-data: "7.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 2400 IN PTR gauche2.bhf.tld."
local-data: "epackferpar22.bhf.tld. 9000 IN AAAA 2a01:dead:beef7:a6e2::cc"
local-data: "c.c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.e.6.a.7.0.9.0.9.1.b.c.1.0.a.2.ip6.arpa. 9000 IN PTR epackferpar22.bhf.tld."
...... (snipped) ....

Syntax errors like these are easy to find.

edit : oops : I showed a part of my IPv6 leases file : same story.

pst

@Gertjan said in Kea registrations:

Looks like you have a ' or " in one of your host names.

no, the errors were caused by cached leases from previous RC. Once I had cleared them the issues was gone.