KEA DHCP missing "Register DHCP leases in DNS Resolver..."
-
@johnpoz said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":
You have to use three or more time servers. Or that's how it used to work.
that is never how it worked...
As far as I know, that is how NTP clients have always worked. See https://support.ntp.org/Support/SelectingOffsiteNTPServers#Upstream_Time_Server_Quantity.
But there's no telling what some internet entrepreneur is doing nowadays.
-
@noloader that has nothing to do with the ntp settings in the dhcpd settings... By default there is nothing in there.. Shoot most clients don't ever use those even if you hand them out.
Don't confuse ntp inner working with a completely different thing dhcpd..
-
@noloader You are taking this too far. I just pasted an FQDN in to give an example. Try it out yourself with a NTP server FQDN. It will allow you to enter it, but KEA won't start. The workaround is to put a IP address in there.
-
Yep. The KEA documentation - and for that matter, ISC DHCP states :
NTP name server fields in are 'IP' - not a host name.
The DHCP server KEA and ISC DHCP are not going tot resolve that host name. The DHCP RFC says : NTP servers are 'IP', not a host name.
Here you can see what a DHCP server should hand over to a client : rfc2132 => that's IPv4 addresses.
The pfSense GUI help message is :and is plain wrong. It's just a IP, no a host name, and even less a pool.
I guess ISC DHCP silently ignored it as a NTP host name was given, KEA just bails out with a log-error message.
Going even further :
I've got several Windows based PCs here, a version 7, a 10 and several 11 : none are using the NTP server IP (192.168.1.1) that came with DHCP ...
My iPhone, Pad etc : same thing.
Androids : let me guess ^^I'm not even sure why I've set this NTP field. Maybe it will work some day.
-
@Gertjan said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":
I'm not even sure why I've set this NTP field. Maybe it will work some day.
You’d think after over 20 years we’d just give up on the idea of anyone ever taking it up. ;)
-
@Gertjan That is all correct, but not the point.
The point is that the banner suggests that you should go to System > Advanced > Networking and switch DHCP backend. It should have pointed to a explanation page with the current limitations, because as it is people waste a lot of time.
Also both the ISC and the KEA page let you enter a FDQN without a warning. KEA brakes on a FDQN, ISC does not.
-
I've made a special script that is called via Kea's hooks and live update unbound on each kea's lease update via unbound-control:
https://github.com/nvandamme/kea-lease-unbound-controlAs i'm not an sh guru, feel free to make any pull requests !
Cheers
-
Oho !
(something very like) This is all that Kea needs so it can register a host name into "unbound" as soon as it comes in.Question :
shouldn't that be :
UNBOUND_CONTROL_PATH="/usr/local/sbin/unbound-control" UNBOUND_CONFIG_PATH="/var/unbound/unbound.conf"
?
-
@Gertjan that dependent on plus version isn’t it?
-
Noop.
pfSense Plus and CE are very, like a lot, identical, when it comes to these kind of details.
IMHO, Plus and CE have a common build source base.
Plus has some value added packages added, and some low level stuff that permits it to run on Azure.
Plus has also ZFS file system kernel module loaded, so it can use ZFS as an option.
Things like that.
Core functionalities like "DNS", or "DHCP", are the same. -
@Gertjan
The example given is not matching pfsense specificaly.
For pfsense, of course, You're entirely right.
For other OSes, depends on the standard path of un
bound and kea's installation.
I'll add an example file for pfSense along the provided patch. -
@Gertjan Yes again CE starts with a different subfolder over Plus I think patches show a different root folder
-
@Gertjan said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":
Plus has also ZFS file system kernel module loaded, so it can use ZFS as an option.
As does CE. Plus has the tools for managing the ZFS system via the front end included, though, as a Plus.
-
Maybe install System_Patches, there are 2 Kea patches and 2 DNS resolver.
-
@Qinn how do you find these two patches
-
@4o4rh
https://docs.netgate.com/pfsense/en/latest/development/system-patches.htmlAlso of note, since the security notes are not yet in the 23.04 release notes:
https://forum.netgate.com/topic/187622/system-patches-package-v2-2-10_1 -
-
@Qinn doesn't really answer the question. Where do we get a list of the patches available and what they are for?
-
Install this package, you see a list recommended system patches for Netgate pfSense and for each patch there is a description what it does or do. After you installed the package see this list and you can choose to apply each one of them individually (even revert most of them if you for some reason want to) or change nothing and remove the whole package, as in the link above this package is recommended by Netgate.
-
@Qinn no recommendations