Feature #15651
open
Feature #15650: Kea Feature Integration for parity with ISC DHCP
Kea DNS Resolver (Unbound) Integration (IPv4 and IPv6)
Added by Jim Pingle about 2 months ago.
Updated 10 days ago.
Plus Target Version:
24.08
Description
Issue to track integration between Kea and the DNS Resolver (Unbound)
This is already in progress.
Somewhat related to #5413 in that when this is complete that may be a non-issue or at least reduced significantly.
- Related to Bug #5413: Incorrect Handling of Unbound Resolver [service restarts, cache loss, DNS service interruption] added
- Status changed from In Progress to Feedback
- Plus Target Version set to 24.08
We now have a brand new integration with Kea that solves all of these issues and more. We now support both DHCPv4 and v6 DNS registration with unbound. Additionally, it is now possible to turn on registration globally for all subnets or override the registration policy per subnet. This allows for both per-subnet opt-in (aka global disable policy) or opt-out (aka global enable policy). It's very flexible.
The domain name that is appended to each lease hostname for registration is selected according to the following rules(first match wins).
1. Does the DHCP response contain a domain-name option? If so, use it.
2. If no domain-name option is present in the response, or we are handling a DHCPv6 lease, check it the response contains a search-domain option. If so, use the first one as multiple could be specified.
3. Use the system domain name.
with KEA enabled DNS registration options are present under services>DHCP server, globally, and on each interface's settings the behavior can be changed independently. tested in 24.08.a.20240830.1727
- Status changed from Feedback to In Progress
- % Done changed from 0 to 80
There are a few things that still need some polishing, Christian is aware, some require changes in Kea that area already known and still pending. Notably:
- Lease entries synchronized from HA primary to secondary are not added to Unbound on secondary
- Lease entries are not added to Unbound at startup for existing leases, only during lease events
- Static mappings are only added to Unbound when a client requests a lease. If an entry is used as a placeholder for a static/non-DHCP client which never requests a lease, it does not get added to Unbound
- % Done changed from 80 to 90
Lease entries synchronized from HA primary to secondary are not added to Unbound on secondaryLease entries are not added to Unbound at startup for existing leases, only during lease events- Static mappings are only added to Unbound when a client requests a lease. If an entry is used as a placeholder for a static/non-DHCP client which never requests a lease, it does not get added to Unbound
Latest build addresses the first two areas
I can restart Unbound and still resolve DHCP clients on a standalone system or HA primary, so that part looks good.
I'm still not able to resolve hostnames for DHCP clients on the HA secondary. I see the lease data but can't resolve them.
One more issue I found while confirming the above:
Hostnames for static lease clients are not propagated from HA primary to secondary. Lease shows up on the secondary, but without a hostname. It's inconsistent, though, since it wasn't there initially but later on after I brought up another client, it did show up with a hostname in the lease database. So that might be trickier to track down.
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by