[Kea-users] My issues with migration from ISC DHCP to Kea

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] My issues with migration from ISC DHCP to Kea

SoLoR
Hello,

Since its almost 2019 and i was using ISC DHCP for probably ~15 years and i
wanted to try something new i decided to upgrade my home DHCP server to Kea.
Mostly i liked from its "new" features was json file format and mysql
integration. My home network is small, ~25 devices, dual stack ipv4/ipv6
(ipv4 are local ips only), but i always try things at home before i deploy
them at work. :) I can afford having DHCP server up and down every 5 min
when testing configurations at home... while i cant at work ;P However i use
pretty much same features at home or at work, so once i get things working
at home i just edit config files with subnet/hosts changes and usually it
works :) Anyway with transition to kea i hoped im gonna keep my old features
and gain few new ones, however i was wrong and forced to roll back to ISC.
Few things that bothered me, i know ISC was in development for like ~20
years and kea is only few years old but still.

Issue 1:

DHCP DDNS still cant update same host with both A and AAAA records, found
this issue ticket from 2017 http://oldkea.isc.org/ticket/4519. Any news on
this? This is imo kinda a must in 2019...


Issue 2:

Handling of hosts for DDNS, in kea only option if client doesnt send fqdn
host is to set host from IP address, while in ISC i have something like this
to generate host from MAC (taken from dhcpv6):

set host-macaddr = concat (
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id, 8, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id, 9, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,10, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,11, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,12, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,13, 1))), 2)
);
if (not (option fqdn.hostname ~~ "^[a-z0-9][a-z0-9\-]+[a-z0-9]$")) {
        ddns-hostname = host-macaddr;
} elsif (exists fqdn.hostname) {
        ddns-hostname = lcase(option fqdn.hostname);
} else {
        ddns-hostname = host-macaddr;
}

Why i prefer host from MAC you may ask? It again goes to consistency if host
is generated from IP then same device will have 2 different hosts in
ipv4/ipv6 scenario, while if its generated from MAC you get 1 host with
appropriate A/AAAA records, however since issue 1 exists... i guess this is
not an issue at least not right now :) also please please forcing hosts to
lower case, OCD is strong :)


Issue 3:

I dont know if its only with mysql backend or not, but at least you cant set
same reserved ip for different mac addresses/duids (whatever you use for
reserving ips), it errors out. Maybe if you set it thru config file it would
work... or maybe give option to add multiple macs/duids for same IP address.
Why you will ask? Simplest reason, you have laptop with both wired/wireless
adapter and you want it to get always same IP. ISC seems to handle this, kea
does not.


Issue 4:

This is something more like a wish then an issue about DDNS updates.
Currently there is only hacky way around it that i dont like. But here is
scenario that i want to implement in my home:

you have bind with 2 views for specific domain (lets say lan.domain.com),
one is local and other is public. I want host in local view for domain to
resolve both A and AAAA records, while in public view i only want to see
AAAA records (since A - local ips - are not accessible from outside anyway).
For this to work i would need DHCP server to send updated that i want (in my
case AAAA) records twice with 2 different TSIG keys, so i can filter and
update both zones in bind separately.

Currently only hacky way around is to bind send extra notifys for "fake"
slave demon/server, that runs script that does AXFR transfers, diffs and
greps whatever i need and pushes it back with nsupdate with appropriate TSIG
key.



Anyway other then that for half i day i had it runing Kea seems great,
really loved mysql lease/hosts backend, however 1st (and 2nd) issue really
bugs me out, i know that even in ISC dual stack update are done half hackish
with interm/standard updates... but there must be more proper way?



--
Sent from: http://kea-users.7364.n8.nabble.com/
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] My issues with migration from ISC DHCP to Kea

Pietsch Michael
For issue 4 if you are using bind9.10 or higher you can updated your
internal view the normal way and for the external view have a zone with the
"in-view" config referencing the internal view. See eg.
http://www.zytrax.com/books/dns/ch7/zone.html#in-view for an example

Best regards

Michael


-----Urspr√ľngliche Nachricht-----
Von: Kea-users <[hidden email]> Im Auftrag von SoLoR
Gesendet: Donnerstag, 6. Dezember 2018 21:20
An: [hidden email]
Betreff: [Kea-users] My issues with migration from ISC DHCP to Kea

Hello,

Since its almost 2019 and i was using ISC DHCP for probably ~15 years and i
wanted to try something new i decided to upgrade my home DHCP server to Kea.
Mostly i liked from its "new" features was json file format and mysql
integration. My home network is small, ~25 devices, dual stack ipv4/ipv6
(ipv4 are local ips only), but i always try things at home before i deploy
them at work. :) I can afford having DHCP server up and down every 5 min
when testing configurations at home... while i cant at work ;P However i use
pretty much same features at home or at work, so once i get things working
at home i just edit config files with subnet/hosts changes and usually it
works :) Anyway with transition to kea i hoped im gonna keep my old features
and gain few new ones, however i was wrong and forced to roll back to ISC.
Few things that bothered me, i know ISC was in development for like ~20
years and kea is only few years old but still.

Issue 1:

DHCP DDNS still cant update same host with both A and AAAA records, found
this issue ticket from 2017 http://oldkea.isc.org/ticket/4519. Any news on
this? This is imo kinda a must in 2019...


Issue 2:

Handling of hosts for DDNS, in kea only option if client doesnt send fqdn
host is to set host from IP address, while in ISC i have something like this
to generate host from MAC (taken from dhcpv6):

set host-macaddr = concat (
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id, 8, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id, 9, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,10, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,11, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,12, 1))), 2), "-",
  suffix (concat ("0", binary-to-ascii (16, 8, "", substring(option
dhcp6.client-id,13, 1))), 2) ); if (not (option fqdn.hostname ~~
"^[a-z0-9][a-z0-9\-]+[a-z0-9]$")) {
        ddns-hostname = host-macaddr;
} elsif (exists fqdn.hostname) {
        ddns-hostname = lcase(option fqdn.hostname); } else {
        ddns-hostname = host-macaddr;
}

Why i prefer host from MAC you may ask? It again goes to consistency if host
is generated from IP then same device will have 2 different hosts in
ipv4/ipv6 scenario, while if its generated from MAC you get 1 host with
appropriate A/AAAA records, however since issue 1 exists... i guess this is
not an issue at least not right now :) also please please forcing hosts to
lower case, OCD is strong :)


Issue 3:

I dont know if its only with mysql backend or not, but at least you cant set
same reserved ip for different mac addresses/duids (whatever you use for
reserving ips), it errors out. Maybe if you set it thru config file it would
work... or maybe give option to add multiple macs/duids for same IP address.
Why you will ask? Simplest reason, you have laptop with both wired/wireless
adapter and you want it to get always same IP. ISC seems to handle this, kea
does not.


Issue 4:

This is something more like a wish then an issue about DDNS updates.
Currently there is only hacky way around it that i dont like. But here is
scenario that i want to implement in my home:

you have bind with 2 views for specific domain (lets say lan.domain.com),
one is local and other is public. I want host in local view for domain to
resolve both A and AAAA records, while in public view i only want to see
AAAA records (since A - local ips - are not accessible from outside anyway).
For this to work i would need DHCP server to send updated that i want (in my
case AAAA) records twice with 2 different TSIG keys, so i can filter and
update both zones in bind separately.

Currently only hacky way around is to bind send extra notifys for "fake"
slave demon/server, that runs script that does AXFR transfers, diffs and
greps whatever i need and pushes it back with nsupdate with appropriate TSIG
key.



Anyway other then that for half i day i had it runing Kea seems great,
really loved mysql lease/hosts backend, however 1st (and 2nd) issue really
bugs me out, i know that even in ISC dual stack update are done half hackish
with interm/standard updates... but there must be more proper way?



--
Sent from: http://kea-users.7364.n8.nabble.com/
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users

smime.p7s (10K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] My issues with migration from ISC DHCP to Kea

SoLoR
Hey,

Yes i know for that option that that takes whole zone and i dont want thet.
Thats basically the same as making internal view master and public as slave,
it takes whole zone and not only for example AAAA records. Only thing i can
do like i said is hacky way with seperate demon that take notify request
from internal zone, runs certain script after with AXFR dump/diff/grep and
update public zone with public specific key.



--
Sent from: http://kea-users.7364.n8.nabble.com/
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users