On Thu, Jul 31, 2025 at 8:42 AM Charles Curley < [email protected]> wrote:
> I'm experimenting with kea, the ISC's replacement for their dhcpd > server. So far I am cautiously optimistic. > > I have kea up and running in a limited trixie environment. It handles > one client computer on a direct IPv4 only Ethernet link. I have imported > my dhcpd list of reserved hosts, and kea recognizes one of them, and > assigns the proper IP address and host name. > > I have not experimented with ddns updating or kea's replacement for > failover, which kea calls high availability. I will want both of those. > > If you are contemplating a similar conversion, I suggest the following: > > * Install keama and use that to translate your dhcpd configuration > file(s). Hang on to them. > > * Do the usual installation with apt or your favorite tool. Get > familiar with the configuration files in /etc/kea. Get kea running as > is with no customizations. This will involve assigning one or more > interfaces in an "interfaces-config" statement. If you don't do that, > the server will refuse to run, handy for those who use only one of > IPv4 or IPv6. > > * Once you've done that, introduce one or a few changes at a time. I > keep a terminal window open with: > > journalctl --no-pager -n 60 -f -u kea-dhcp4-server.service > > running. Errors will show up there. In my experience most errors are > JSON syntax errors, often caused by not copying over your > configuration correctly. > > I reload the server with its newly edited configuration with > > systemctl reload-or-restart kea-dhcp4-server.service > > You can also check on your leases with > > cat /var/lib/kea/kea-leases4.csv* > > My next steps: > > * Upgrade or re-install my firewall/network services server to trixie. > I won't do this until about a month after trixie is release. > > * Install kea and bind. Get those running separately. > > * Get DDNS running. > > * Get another kea server running trixie. > > * Get bind and kea running there. > > * Set up high availability between the two kea servers. > > * Turn some or all of this into a Debian wiki page. > > Any thoughts? > pfSense switched to KEA and it was kind of a disaster for folks who let the firewall handle DNS and DHCP. It seems KEA on pfSense does not update DNS records with DHCP registrations, so name resolution slowly breaks as records expire. If you plan on using DNS as your single source of truth, then be careful of using KEA. And if you are using mDNS on your network, then you may not see a problem. I happen to remove or disable mDNS on my workstations, so things went to pot quickly for me. Jeff
