Installation of ISC Kea DHCP Server
Install ISC Kea DHCP Server by
running the following commands:
./configure --prefix=/usr \
--sysconfdir=/etc \
--docdir=/usr/share/doc/kea-2.4.0 \
--localstatedir=/var \
--enable-shell \
--with-openssl \
--disable-static &&
make
To test the results, issue: make
check.
To install the ISC Kea DHCP Server
suite, issue the following commands as the root
user:
make -j1 install
Command Explanations
--with-pgsql
or --with-mysql
: ISC Kea can store the leases on a database.
This might be useful in large environments running a cluster of
DHCP servers. Using the memfile backend (which is a CSV file
stored locally) is possible anyhow.
--enable-generate-docs
: If
documentation is to be rebuilt, add that option. Several
dependencies must be installed for generating the documentation.
make -j1 install
: ISC does
not recommend any form of parallel or job server options when doing
the install.
Configuring ISC Kea DHCP Server
The support of IPv4, IPv6 and DDNS has been split into separate
servers which runs independently from each other. Each of them has
its own configuration file. Additional configuration files come
from the keactrl agent which is uses to control the servers in an
easy way.
Consult the Kea Administrator
Reference Manual for detailed information about the
configuration of ISC Kea as it is
a quite capable system. The configuration shown a bare minimum to
get a DHCP server running but it already includes configuration for
DDNS (Dynamic DNS). That setup might be working for small networks
with a few clients and low traffic. For greater installations with
thousands of clients, ISC Kea can
be configured to use databases (mariadb or postgresql) to store the
leases and build a cluster with multiple nodes. It can be
integrated to ISC Stork which is a
management dashboard to ISC Kea.
If you want to start the DHCP Server at boot, install the
kea-dhcpd.service
unit included in the
blfs-systemd-units-20230816 package:
make install-kea-dhcpd
Config Files
/etc/kea/keactrl.conf
, /etc/kea/kea-ctrl-agent.conf
, /etc/kea/kea-dhcp4.conf
, /etc/kea/kea-dhcp6.conf
and /etc/kea/kea-dhcp-ddns.conf
Kea Control
Configuration
keactrl is used to
control the independent servers (IPv4, IPv6, DDNS). Its
configuration file /etc/kea/keactrl.conf
is installed by default
and includes many path settings which are defined due to the
configure at build
time. It also includes settings to specify which of the servers
should be started.
-
Control Agent
The Control Agent is a daemon which allows the
(re)configuration of the Kea DHCP service via REST API. Set
ctrl_agent=yes
to start the
control agent (service providing a REST API), set
ctrl_agent=no
in case the
control agent is not needed.
-
IPv4 DHCP server
This daemon handles requests for IPv4 addresses. Set
dhcp4=yes
to start it, set
dhcp4=no
in case DHCP service
for IPv4 is not wanted.
-
IPv6 DHCP server
This daemon handles requests for IPv6 addresses. Set
dhcp6=yes
to start it, set
dhcp6=no
in case DHCP service
for IPv6 is not wanted.
-
Dynamic DNS
This daemon is used to update a DNS server dynamically when
Kea assigns an IP address to a device. Set dhcp_ddns=yes
to enable it, set
dhcp_ddns=no
in case dynamic
DNS updates are not wanted.
The Netconf service is not installed because required
dependencies are not covered by the current BLFS book.
With the following command, Kea will be configured to start the
dhcp service for IPv4 and the dynamic DNS update, while the
control agent and the dhcp service for IPv6 remains down. Tweak
the command to match your needs on started services and execute
as the root
user:
sed -e "s/^dhcp4=.*/dhcp4=yes/" \
-e "s/^dhcp6=.*/dhcp6=no/" \
-e "s/^dhcp_ddns=.*/dhcp_ddns=yes/" \
-e "s/^ctrl_agent=.*/ctrl_agent=no/" \
-i /etc/kea/keactrl.conf
Control Agent Configuration
The provided configuration could be used without changes but in
BLFS objects like sockets are stored in /run
rather than in /tmp
.
cat > /etc/kea/kea-ctrl-agent.conf << "EOF"
// Begin /etc/kea/kea-ctrl-agent.conf
{
// This is a basic configuration for the Kea Control Agent.
// RESTful interface to be available at http://127.0.0.1:8000/
"Control-agent": {
"http-host": "127.0.0.1",
"http-port": 8000,
"control-sockets": {
"dhcp4": {
"socket-type": "unix",
"socket-name": "/run/kea4-ctrl-socket"
},
"dhcp6": {
"socket-type": "unix",
"socket-name": "/run/kea6-ctrl-socket"
},
"d2": {
"socket-type": "unix",
"socket-name": "/run/kea-ddns-ctrl-socket"
}
},
"loggers": [
{
"name": "kea-ctrl-agent",
"output_options": [
{
"output": "/var/log/kea-ctrl-agent.log"
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-ctrl-agent.conf
EOF
IPv4 DHCP
Server Configuration
A sample configuration file is created in /etc/kea/kea-dhcp4.conf
. Adjust the file to
suit your needs or overwrite it by using the following sample as
the root
user:
cat > /etc/kea/kea-dhcp4.conf << "EOF"
// Begin /etc/kea/kea-dhcp4.conf
{
"Dhcp4": {
// Add names of your network interfaces to listen on.
"interfaces-config": {
"interfaces": [ "eth0", "eth2" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea4-ctrl-socket"
},
"lease-database": {
"type": "memfile",
"lfc-interval": 3600
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
// Enable DDNS - Kea will dynamically update the DNS
"ddns-send-updates" : true,
"ddns-qualifying-suffix": "your.domain.tld",
"dhcp-ddns" : {
"enable-updates": true
},
"subnet4": [
{
"subnet": "192.168.56.0/24",
"pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ],
"option-data": [
{
"name": "domain-name",
"data": "your.domain.tld"
},
{
"name": "domain-name-servers",
"data": "192.168.56.2, 192.168.3.7"
},
{
"name": "domain-search",
"data": "your.domain.tld"
},
{
"name": "routers",
"data": "192.168.56.2"
}
]
}
],
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/var/log/kea-dhcp4.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp4.conf
EOF
The configuration for IPv6 is similar to the configuration of
IPv4. The configuration file is /etc/kea/kea-dhcp6.conf
.
Dynamic DNS Configuration
If there is a BIND-9.18.18 server running, ISC Kea can update the DNS when it gives an
IP address to a client. A sample configuration file is created in
/etc/kea/kea-dhcp-ddns.conf
. Adjust
the file to suit your needs or overwrite it by using the
following sample as the root
user:
cat > /etc/kea/kea-dhcp-ddns.conf << "EOF"
// Begin /etc/kea/kea-dhcp-ddns.conf
{
"DhcpDdns": {
"ip-address": "127.0.0.1",
"port": 53001,
"control-socket": {
"socket-type": "unix",
"socket-name": "/run/kea-ddns-ctrl-socket"
},
"tsig-keys": [
{
"name" : "rndc-key",
"algorithm" : "hmac-sha256",
"secret" : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM="
}
],
"forward-ddns" : {
"ddns-domains" : [
{
"name" : "your.domain.tld.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"reverse-ddns" : {
"ddns-domains" : [
{
"name" : "56.168.192.in-addr.arpa.",
"key-name": "rndc-key",
"dns-servers" : [
{
"ip-address" : "127.0.0.1",
"port" : 53
}
]
}
]
},
"loggers": [
{
"name": "kea-dhcp-ddns",
"output_options": [
{
"output": "/var/log/kea-ddns.log",
"pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
}
],
"severity": "INFO",
"debuglevel": 0
}
]
}
}
// End /etc/kea/kea-dhcp-ddns.conf
EOF
Note
The value of secret
is just an
example. Generate the key for your installation by using the
rndc-confgen -a
command or the tsig-keygen command which
both are provided by BIND-9.18.18.
In this sample config it is assumed that the DNS server runs on
the same machine as Kea does (accessable via 127.0.0.1
) and that this machine has the IP
192.168.56.2
.