Hugo Slabbert ⚠️Jan 31

OPNSense's 26.1 release bumps radvd to include PREF64 support, which I've been anxiously expecting.

It also moves isc-dhcp to a plugin, pointing towards either Kea or dnsmasq.

So, that's the push I needed to finally move to Kea.

But, Kea in OPNSense doesn't have DHCP lease DNS registration tied in. Kea does support that with RFC 2136 registration, but it's not available directly in the OPNSense config.

So, the net effect is that Hugo is now completely revamping the home network DHCP and DNS setup, moving it from the OPNSense gateway to the couple of little mini PCs with Adguard + unbound + Knot for DNS, with HA Kea for DHCPv4.

And then I'll finish the OPNSense upgrade 😂

Oh hey; where did this yak and shears come from?

Show threadHugo Slabbert ⚠️Feb 1

kea is up with active/standby HA, and pools and options moved;

leases imported to keep a few things consistent across the move;

ISC dhcpd disabled and dhcrelay configured on opnsense;

DHCP scopes handing out the new Adguard endpoints for DNS;

kea is registering forward & reverse DNS with knot;

unbound is configured with stubs pointing at knot for the relevant zones;

Once we've got a critical mass of some DNS internal records registered to knot from DHCP renewals, I'll cut over AdGuard to point to unbound, to basically let things flow through the new paths.

Getting there!

Show thread"Musty Bits" McGeeFeb 1
@hugo that's an awful mDNS implementation
Show threadHugo Slabbert ⚠️

@arichtman heh, yea.

Some of the gear that I need/want stable DNS names for doesn't support mDNS unfortunately, specifically the cameras. I definitely have been leaning into more mDNS, but it doesn't quite cover everything for me yet.

DNS for v6 hosts with just using SLAAC is still pants. But, funny enough: those devices that don't support mDNS also don't support v6. For the v6-capable hosts, mDNS seems to have better coverage.

I'm still in this weird space where I don't quite trust mDNS to "always just work" or put it in line for something critical. Maybe that's just something I need to battle test more. Eg I create mDNS names and service entries for just about anything I add in these days, but then still generally just use those for admin and also add in standard CNAMEs for the actual client configurations to point to. Which seems a bit silly and is probably just a "me" thing.

Feb 1 at 1:21pmWeb
Show thread"Musty Bits" McGeeFeb 1
@hugo nah mDNS is too patchily supported, noisy, and slow IME, I was jut yanking your chain
Show threadHugo Slabbert ⚠️Feb 1
@arichtman fair. I've probably leaned on it a bit more as it's fairly ingrained in the Home Asssitant ecosystem.