Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    24.08 Sneak Peek: Improvements to Kea DHCP for Improved High Availability and Unbound DNS Resolution in pfSense® Software

    Scheduled Pinned Locked Moved Messages from the pfSense Team
    6 Posts 4 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mwatch Administrator
      last edited by

      We’re excited to announce important updates to the integration of Kea DHCP into pfSense software, adding support for DHCP High Availability and improved support for registration of DHCP hostnames with the Unbound DNS Resolver. With the release of pfSense Plus software version 24.08, users who require DHCP HA support or DNS resolution of DHCP hostnames can now migrate from the ISC DHCP backend to the Kea DHCP backend.

      Key benefits include:

      • Simplified Setup: Kea DHCP uses a single, global HA configuration, which is easier to set up and manage than ISC DHCP's per-interface configuration.
      • More Reliable Failover: Kea operates in "hot standby" mode, providing more reliable failover, especially when booting a secondary node.
      • IPv6 Support: Those using IPv6 will benefit from HA support for DHCPv6, a feature not available with ISC DHCP.
      • Improved Security: Kea DHCP supports optional TLS encryption for HA traffic, enhancing the security of your DHCP setup.

      Learn more here: https://www.netgate.com/blog/improvements-to-kea-dhcp

      S keyserK 2 Replies Last reply Reply Quote 7
      • M mwatch pinned this topic on
      • keyserK
        keyser Rebel Alliance
        last edited by

        Very interesting indeed. Happy that KEA is picking up the slack and missing features for ISC

        Will KEA in 24.08 reach feature parity + its own new features, or is it still considered experimental with other key features missing?

        Love the no fuss of using the official appliances :-)

        keyserK 1 Reply Last reply Reply Quote 0
        • keyserK
          keyser Rebel Alliance @keyser
          last edited by

          @keyser Hmm, cannot edit the above post.

          The blog is a little vague in declaring what is considered missing from KEA before feature parity is reached.

          Love the no fuss of using the official appliances :-)

          1 Reply Last reply Reply Quote 1
          • S
            SteveITS Galactic Empire @mwatch
            last edited by

            does not require restarting the Unbound service

            👏

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 0
            • keyserK
              keyser Rebel Alliance @mwatch
              last edited by

              @mwatch One other thing I REALLY hope KEA will bring to the table:

              A new DHCP Relay Service that kan work in combination with the DHCP service (on different interfaces of course), and - VERY IMPORTANTLY - works through IPSEC Tunnels out of the hosting firewall.

              Love the no fuss of using the official appliances :-)

              1 Reply Last reply Reply Quote 0
              • R
                reberhar
                last edited by

                What about the community version?

                1 Reply Last reply Reply Quote 2
                • M marcosm unpinned this topic on
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.