Kea 2.4.0 DHCP Server

Introduction to ISC Kea DHCP Server

The ISC Kea package contains the server programs for DHCP. It is the successor of the old ISC DHCP server which is end-of-life since December 2022.

This package is known to build and work properly using an LFS 12.0 platform.

Package Information

Kea Dependencies

Required

Boost-1.83.0 and log4cplus-2.1.0

Optional

MIT Kerberos V5-1.21.2, for documentation Doxygen-1.9.7, Graphviz-8.1.0, and sphinx_rtd_theme-1.2.2

Optional database backends

MariaDB-10.11.4 or MySQL, and PostgreSQL-15.4

Kernel Configuration

You must have Packet Socket support. IPv6 support is optional.

[*] Networking support --->                                                [NET]
  Networking options --->
    <*/M> Packet socket                                                 [PACKET]
    [*]   TCP/IP networking                                               [INET]
    <*>     The IPv6 protocol --->                                        [IPV6]

Installation of ISC Kea DHCP Server

Install ISC Kea DHCP Server by running the following commands:

./configure --prefix=/usr        \
            --sysconfdir=/etc    \
            --docdir=/usr/share/doc/kea-2.4.0 \
            --localstatedir=/var \
            --enable-shell       \
            --with-openssl       \
            --disable-static &&
make

To test the results, issue: make check.

To install the ISC Kea DHCP Server suite, issue the following commands as the root user:

make -j1 install

Command Explanations

--with-pgsql or --with-mysql: ISC Kea can store the leases on a database. This might be useful in large environments running a cluster of DHCP servers. Using the memfile backend (which is a CSV file stored locally) is possible anyhow.

--enable-generate-docs: If documentation is to be rebuilt, add that option. Several dependencies must be installed for generating the documentation.

make -j1 install: ISC does not recommend any form of parallel or job server options when doing the install.

Configuring ISC Kea DHCP Server

The support of IPv4, IPv6 and DDNS has been split into separate servers which runs independently from each other. Each of them has its own configuration file. Additional configuration files come from the keactrl agent which is uses to control the servers in an easy way.

Consult the Kea Administrator Reference Manual for detailed information about the configuration of ISC Kea as it is a quite capable system. The configuration shown a bare minimum to get a DHCP server running but it already includes configuration for DDNS (Dynamic DNS). That setup might be working for small networks with a few clients and low traffic. For greater installations with thousands of clients, ISC Kea can be configured to use databases (mariadb or postgresql) to store the leases and build a cluster with multiple nodes. It can be integrated to ISC Stork which is a management dashboard to ISC Kea.

If you want to start the DHCP Server at boot, install the kea-dhcpd.service unit included in the blfs-systemd-units-20230816 package:

make install-kea-dhcpd

Config Files

/etc/kea/keactrl.conf, /etc/kea/kea-ctrl-agent.conf, /etc/kea/kea-dhcp4.conf, /etc/kea/kea-dhcp6.conf and /etc/kea/kea-dhcp-ddns.conf

Kea Control Configuration

keactrl is used to control the independent servers (IPv4, IPv6, DDNS). Its configuration file /etc/kea/keactrl.conf is installed by default and includes many path settings which are defined due to the configure at build time. It also includes settings to specify which of the servers should be started.

  • Control Agent

    The Control Agent is a daemon which allows the (re)configuration of the Kea DHCP service via REST API. Set ctrl_agent=yes to start the control agent (service providing a REST API), set ctrl_agent=no in case the control agent is not needed.

  • IPv4 DHCP server

    This daemon handles requests for IPv4 addresses. Set dhcp4=yes to start it, set dhcp4=no in case DHCP service for IPv4 is not wanted.

  • IPv6 DHCP server

    This daemon handles requests for IPv6 addresses. Set dhcp6=yes to start it, set dhcp6=no in case DHCP service for IPv6 is not wanted.

  • Dynamic DNS

    This daemon is used to update a DNS server dynamically when Kea assigns an IP address to a device. Set dhcp_ddns=yes to enable it, set dhcp_ddns=no in case dynamic DNS updates are not wanted.

The Netconf service is not installed because required dependencies are not covered by the current BLFS book.

With the following command, Kea will be configured to start the dhcp service for IPv4 and the dynamic DNS update, while the control agent and the dhcp service for IPv6 remains down. Tweak the command to match your needs on started services and execute as the root user:

sed -e "s/^dhcp4=.*/dhcp4=yes/" \
    -e "s/^dhcp6=.*/dhcp6=no/" \
    -e "s/^dhcp_ddns=.*/dhcp_ddns=yes/" \
    -e "s/^ctrl_agent=.*/ctrl_agent=no/" \
    -i /etc/kea/keactrl.conf

Control Agent Configuration

The provided configuration could be used without changes but in BLFS objects like sockets are stored in /run rather than in /tmp.

cat > /etc/kea/kea-ctrl-agent.conf << "EOF"
// Begin /etc/kea/kea-ctrl-agent.conf
{
  // This is a basic configuration for the Kea Control Agent.
  // RESTful interface to be available at http://127.0.0.1:8000/
  "Control-agent": {
    "http-host": "127.0.0.1",
    "http-port": 8000,
    "control-sockets": {
      "dhcp4": {
        "socket-type": "unix",
        "socket-name": "/run/kea4-ctrl-socket"
      },
      "dhcp6": {
        "socket-type": "unix",
        "socket-name": "/run/kea6-ctrl-socket"
      },
      "d2": {
        "socket-type": "unix",
        "socket-name": "/run/kea-ddns-ctrl-socket"
      }
    },

    "loggers": [
      {
        "name": "kea-ctrl-agent",
        "output_options": [
          {
            "output": "/var/log/kea-ctrl-agent.log"
            "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
          }
        ],
        "severity": "INFO",
        "debuglevel": 0
      }
    ]
  }
}
// End /etc/kea/kea-ctrl-agent.conf
EOF

IPv4 DHCP Server Configuration

A sample configuration file is created in /etc/kea/kea-dhcp4.conf. Adjust the file to suit your needs or overwrite it by using the following sample as the root user:

cat > /etc/kea/kea-dhcp4.conf << "EOF"
// Begin /etc/kea/kea-dhcp4.conf
{
  "Dhcp4": {
    // Add names of your network interfaces to listen on.
    "interfaces-config": {
      "interfaces": [ "eth0", "eth2" ]
    },

    "control-socket": {
      "socket-type": "unix",
      "socket-name": "/run/kea4-ctrl-socket"
    },

    "lease-database": {
      "type": "memfile",
      "lfc-interval": 3600
    },

    "expired-leases-processing": {
      "reclaim-timer-wait-time": 10,
      "flush-reclaimed-timer-wait-time": 25,
      "hold-reclaimed-time": 3600,
      "max-reclaim-leases": 100,
      "max-reclaim-time": 250,
      "unwarned-reclaim-cycles": 5
    },

    "renew-timer": 900,
    "rebind-timer": 1800,
    "valid-lifetime": 3600,

    // Enable DDNS - Kea will dynamically update the DNS
    "ddns-send-updates" : true,
    "ddns-qualifying-suffix": "your.domain.tld",
    "dhcp-ddns" : {
      "enable-updates": true
    },

    "subnet4": [
      {
        "subnet": "192.168.56.0/24",
        "pools": [ { "pool": "192.168.56.16 - 192.168.56.254" } ],
        "option-data": [
          {
            "name": "domain-name",
            "data": "your.domain.tld"
          },
          {
            "name": "domain-name-servers",
            "data": "192.168.56.2, 192.168.3.7"
          },
          {
            "name": "domain-search",
            "data": "your.domain.tld"
          },
          {
            "name": "routers",
            "data": "192.168.56.2"
          }
        ]
      }
    ],

    "loggers": [
      {
        "name": "kea-dhcp4",
        "output_options": [
          {
            "output": "/var/log/kea-dhcp4.log",
            "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
          }
        ],
        "severity": "INFO",
        "debuglevel": 0
      }
    ]
  }
}
// End /etc/kea/kea-dhcp4.conf
EOF

The configuration for IPv6 is similar to the configuration of IPv4. The configuration file is /etc/kea/kea-dhcp6.conf.

Dynamic DNS Configuration

If there is a BIND-9.18.18 server running, ISC Kea can update the DNS when it gives an IP address to a client. A sample configuration file is created in /etc/kea/kea-dhcp-ddns.conf. Adjust the file to suit your needs or overwrite it by using the following sample as the root user:

cat > /etc/kea/kea-dhcp-ddns.conf << "EOF"
// Begin /etc/kea/kea-dhcp-ddns.conf
{
  "DhcpDdns": {
    "ip-address": "127.0.0.1",
    "port": 53001,
    "control-socket": {
      "socket-type": "unix",
      "socket-name": "/run/kea-ddns-ctrl-socket"
    },

    "tsig-keys": [
      {
        "name"      : "rndc-key",
        "algorithm" : "hmac-sha256",
        "secret"    : "1FU5hD7faYaajQCjSdA54JkTPQxbbPrRnzOKqHcD9cM="
      }
    ],

    "forward-ddns" : {
      "ddns-domains" : [
        {
          "name" : "your.domain.tld.",
          "key-name": "rndc-key",
          "dns-servers" : [
            {
              "ip-address" : "127.0.0.1",
              "port" : 53
            }
          ]
        }
      ]
    },

    "reverse-ddns" : {
      "ddns-domains" : [
        {
          "name" : "56.168.192.in-addr.arpa.",
          "key-name": "rndc-key",
          "dns-servers" : [
            {
              "ip-address" : "127.0.0.1",
              "port" : 53
            }
          ]
        }
      ]
    },

    "loggers": [
      {
        "name": "kea-dhcp-ddns",
        "output_options": [
          {
            "output": "/var/log/kea-ddns.log",
            "pattern": "%D{%Y-%m-%d %H:%M:%S.%q} %-5p %m\n"
          }
        ],
        "severity": "INFO",
        "debuglevel": 0
      }
    ]
  }
}
// End /etc/kea/kea-dhcp-ddns.conf
EOF
[Note]

Note

The value of secret is just an example. Generate the key for your installation by using the rndc-confgen -a command or the tsig-keygen command which both are provided by BIND-9.18.18.

In this sample config it is assumed that the DNS server runs on the same machine as Kea does (accessable via 127.0.0.1) and that this machine has the IP 192.168.56.2.

Contents

Installed Programs: keactrl, kea-admin, kea-ctrl-agent, kea-dhcp4, kea-dhcp6, kea-dhcp-ddns, kea-lfc, kea-shell
Installed Libraries: libkea-*
Installed Directories: /etc/kea, /usr/include/kea, /var/lib/kea

Short Descriptions

keactrl

Tool to control (start/stop) the server processes.

kea-admin

kea-admin is a shell script which offers database maintenance.

kea-ctrl-agent

Daemon which exposes a RESTful control interface for managing Kea servers.

kea-dhcp4

The server daemon providing IPv4 addresses.

kea-dhcp6

The server daemon providing IPv6 addresses.

kea-dhcp-ddns

The server daemon performing the dynamic DNS updates.

kea-lfc

The kea-lfc service process removes redundant information from the files used to provide persistent storage for the memfile database backend. It is run by the Kea DHCP server.

keashell

RESTful client to the ISC Kea services.