KEA DHCP missing "Register DHCP leases in DNS Resolver..."

Vollans · Apr 1, 2024, 6:22 AM

@Gertjan said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":

I'm not even sure why I've set this NTP field. Maybe it will work some day.

You’d think after over 20 years we’d just give up on the idea of anyone ever taking it up. ;)

pvk1 · Apr 1, 2024, 8:12 AM

@Gertjan That is all correct, but not the point.

The point is that the banner suggests that you should go to System > Advanced > Networking and switch DHCP backend. It should have pointed to a explanation page with the current limitations, because as it is people waste a lot of time.

Also both the ISC and the KEA page let you enter a FDQN without a warning. KEA brakes on a FDQN, ISC does not.

nvdx · Apr 12, 2024, 6:30 AM

I've made a special script that is called via Kea's hooks and live update unbound on each kea's lease update via unbound-control:
https://github.com/nvandamme/kea-lease-unbound-control

As i'm not an sh guru, feel free to make any pull requests !

Cheers

Gertjan · Apr 12, 2024, 6:32 AM

@nvdx

Oho !
(something very like) This is all that Kea needs so it can register a host name into "unbound" as soon as it comes in.

Question :

shouldn't that be :

UNBOUND_CONTROL_PATH="/usr/local/sbin/unbound-control"
UNBOUND_CONFIG_PATH="/var/unbound/unbound.conf"

?

JonathanLee · Apr 12, 2024, 7:05 AM

@Gertjan that dependent on plus version isn’t it?

Gertjan · Apr 12, 2024, 7:32 AM

@JonathanLee

Noop.
pfSense Plus and CE are very, like a lot, identical, when it comes to these kind of details.
IMHO, Plus and CE have a common build source base.
Plus has some value added packages added, and some low level stuff that permits it to run on Azure.
Plus has also ZFS file system kernel module loaded, so it can use ZFS as an option.
Things like that.
Core functionalities like "DNS", or "DHCP", are the same.

nvdx · Apr 12, 2024, 8:54 AM

@Gertjan
The example given is not matching pfsense specificaly.
For pfsense, of course, You're entirely right.
For other OSes, depends on the standard path of un
bound and kea's installation.
I'll add an example file for pfSense along the provided patch.

JonathanLee · Apr 14, 2024, 6:36 PM

@Gertjan Yes again CE starts with a different subfolder over Plus I think patches show a different root folder

Vollans · Apr 14, 2024, 8:22 PM

@Gertjan said in KEA DHCP missing "Register DHCP leases in DNS Resolver...":

Plus has also ZFS file system kernel module loaded, so it can use ZFS as an option.

As does CE. Plus has the tools for managing the ZFS system via the front end included, though, as a Plus.

Qinn · Apr 24, 2024, 8:53 AM

Maybe install System_Patches, there are 2 Kea patches and 2 DNS resolver.

4o4rh · Apr 26, 2024, 7:17 AM

@Qinn how do you find these two patches

SteveITS · Apr 26, 2024, 1:15 PM

@4o4rh
https://docs.netgate.com/pfsense/en/latest/development/system-patches.html

Also of note, since the security notes are not yet in the 23.04 release notes:
https://forum.netgate.com/topic/187622/system-patches-package-v2-2-10_1

Qinn · Apr 27, 2024, 9:07 AM

@4o4rh as @SteveITS already posted the answer, install system patches, then go to System -> Patches and apply them. More to read here https://www.netgate.com/blog/using-pfsense-software-system-patches .

4o4rh · Apr 27, 2024, 10:41 AM

@Qinn doesn't really answer the question. Where do we get a list of the patches available and what they are for?

Qinn · Apr 27, 2024, 12:49 PM

Install this package, you see a list recommended system patches for Netgate pfSense and for each patch there is a description what it does or do. After you installed the package see this list and you can choose to apply each one of them individually (even revert most of them if you for some reason want to) or change nothing and remove the whole package, as in the link above this package is recommended by Netgate.

4o4rh · Apr 27, 2024, 1:10 PM

@Qinn no recommendations

SteveITS · Apr 27, 2024, 1:10 PM

@4o4rh what version are you on? 24.03 has none because their code is included.

Typically patches appear either a few weeks/months after a release, to fix bugs, or else they dropped a bunch of them for 2.7.2/23.09 after 24.03 was released because there are security fixes they backported for 2.7:2,
https://forum.netgate.com/topic/187622/system-patches-package-v2-2-10_1

Patches appear after the package is updated not on their own.

Qinn · Apr 27, 2024, 2:16 PM

Same question here ;)

Btw I am on 2.7.2 CE ( as is in my signature) and use System_Patches v2.2.10_1, updated recently, say last week and as you can see patches are sane to install, as like this example https://redmine.pfsense.org/issues/14991 is target for the not released pfSense version 2.8.0

[2.7.2-RELEASE][root@pfSense.localdomain]/root: pkg info pfSense-pkg-System_Patches-2.2.10_1
pfSense-pkg-System_Patches-2.2.10_1
Name           : pfSense-pkg-System_Patches
Version        : 2.2.10_1
Installed on   : Wed Apr 24 10:50:01 2024 CEST
Origin         : sysutils/pfSense-pkg-System_Patches
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : sysutils

maphilli14 · Jun 7, 2024, 6:04 PM

I somehow got burned by this too. No, I do not read release notes, I just trust that the latest and greatest firmware protects my family's network. I had some performance issues on my ISP so rebooted everything to try to fix and it took me several hours to get to a root cause. I am sad, but happy to have it all back up and running nicely. Next time I will be more leery!

tagwolf · Jul 25, 2024, 1:30 AM

It's been well over a year right? Still waiting. I would be very surprised if this was that hard to integrate considering half the code is already written for the DHCP half.